org.springframework.social.security
Class SocialAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.social.security.SocialAuthenticationFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware
public class SocialAuthenticationFilter
- extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Filter for handling the provider sign-in flow within the Spring Security filter chain.
Should be injected into the chain at or before the PRE_AUTH_FILTER location.
- Author:
- Stefan Fussenegger, Craig Walls, Yuan Ji
| Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
| Fields inherited from class org.springframework.web.filter.GenericFilterBean |
logger |
| Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication |
| Methods inherited from class org.springframework.web.filter.GenericFilterBean |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SocialAuthenticationFilter
public SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
UserIdSource userIdSource,
UsersConnectionRepository usersConnectionRepository,
SocialAuthenticationServiceLocator authServiceLocator)
setSignupUrl
public void setSignupUrl(java.lang.String signupUrl)
setDefaultFailureUrl
public void setDefaultFailureUrl(java.lang.String defaultFailureUrl)
- The URL to redirect to if authentication fails or if authorization is denied by the user.
- Parameters:
defaultFailureUrl - The failure URL. Defaults to "/signin" (relative to the servlet context).
setConnectionAddedRedirectUrl
public void setConnectionAddedRedirectUrl(java.lang.String connectionAddedRedirectUrl)
setUpdateConnections
public void setUpdateConnections(boolean updateConnections)
setPostLoginUrl
public void setPostLoginUrl(java.lang.String postLoginUrl)
setPostFailureUrl
public void setPostFailureUrl(java.lang.String postFailureUrl)
getUsersConnectionRepository
public UsersConnectionRepository getUsersConnectionRepository()
getAuthServiceLocator
public SocialAuthenticationServiceLocator getAuthServiceLocator()
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException
- Specified by:
attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Throws:
org.springframework.security.core.AuthenticationException
detectRejection
protected boolean detectRejection(javax.servlet.http.HttpServletRequest request)
- Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop.
Default implementation detects a rejection as a request that has one or more parameters, but none of the expected parameters (oauth_token, code, scope).
May be overridden to customize rejection detection.
- Parameters:
request - the request to check for rejection.
- Returns:
- true if the request appears to be the result of a rejected authorization; false otherwise.
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
- Indicates whether this filter should attempt to process a social network login request for the current invocation.
Check if request URL matches filterProcessesUrl with valid providerId.
The URL must be like {filterProcessesUrl}/{providerId}.
- Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Returns:
true if the filter should attempt authentication, false otherwise.
addConnection
protected Connection<?> addConnection(SocialAuthenticationService<?> authService,
java.lang.String userId,
ConnectionData data)