Package org.springframework.security.oauth2.server.resource.web.authentication

Class BearerTokenAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class BearerTokenAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter
Authenticates requests that contain an OAuth 2.0 Bearer Token. This filter should be wired with an AuthenticationManager that can authenticate a BearerTokenAuthenticationToken.
Since:
5.1
See Also:

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)
    Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
    Construct this filter using the provided parameters
    BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
    Construct this filter using the provided parameters

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
    Extract any Bearer Token from the request and attempt an authentication.
    void
    setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
    Deprecated.
    Please provide an AuthenticationConverter in the constructor and set the AuthenticationDetailsSource there instead.
    void
    setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
    Set the AuthenticationEntryPoint to use.
    void
    setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
    Set the AuthenticationFailureHandler to use.
    void
    setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
    Deprecated.
    Please provide an AuthenticationConverter in the constructor instead
    void
    setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
    Sets the SecurityContextHolderStrategy to use.
    void
    setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
    Sets the SecurityContextRepository to save the SecurityContext on authentication success.

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver)
      Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
      Parameters:
      authenticationManagerResolver -

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)
      Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
      Parameters:
      authenticationManager -

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
      Construct this filter using the provided parameters
      Parameters:
      authenticationManager - the AuthenticationManager to use
      authenticationConverter - the AuthenticationConverter to use
      Since:
      7.0
      See Also:

    • BearerTokenAuthenticationFilter

      public BearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver, org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
      Construct this filter using the provided parameters
      Parameters:
      authenticationManagerResolver - the AuthenticationManagerResolver to use
      authenticationConverter - the AuthenticationConverter to use
      Since:
      7.0
      See Also:

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Extract any Bearer Token from the request and attempt an authentication.
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Parameters:
      request -
      response -
      filterChain -
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8

    • setSecurityContextRepository

      public void setSecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
      Sets the SecurityContextRepository to save the SecurityContext on authentication success. The default action is not to save the SecurityContext.
      Parameters:
      securityContextRepository - the SecurityContextRepository to use. Cannot be null.

    • setBearerTokenResolver

      @Deprecated public void setBearerTokenResolver(BearerTokenResolver bearerTokenResolver)
      Deprecated.
      Please provide an AuthenticationConverter in the constructor instead
      Set the BearerTokenResolver to use. Defaults to DefaultBearerTokenResolver.
      Parameters:
      bearerTokenResolver - the BearerTokenResolver to use
      See Also:

    • setAuthenticationEntryPoint

      public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
      Set the AuthenticationEntryPoint to use. Defaults to BearerTokenAuthenticationEntryPoint.
      Parameters:
      authenticationEntryPoint - the AuthenticationEntryPoint to use

    • setAuthenticationFailureHandler

      public void setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
      Set the AuthenticationFailureHandler to use. Default implementation invokes AuthenticationEntryPoint.
      Parameters:
      authenticationFailureHandler - the AuthenticationFailureHandler to use
      Since:
      5.2

    • setAuthenticationDetailsSource

      @Deprecated public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Deprecated.
      Please provide an AuthenticationConverter in the constructor and set the AuthenticationDetailsSource there instead. For example, you can use BearerTokenAuthenticationConverter.setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?>)
      Set the AuthenticationDetailsSource to use. Defaults to WebAuthenticationDetailsSource.
      Parameters:
      authenticationDetailsSource - the AuthenticationDetailsSource to use
      Since:
      5.5
      See Also: