org.springframework.social.security
Class SocialAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.social.security.SocialAuthenticationFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware
public class SocialAuthenticationFilter
- extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Filter for handling the provider sign-in flow within the Spring Security filter chain.
Should be injected into the chain at or before the PRE_AUTH_FILTER location.
- Author:
- Stefan Fussenegger, Craig Walls, Yuan Ji
| Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
| Fields inherited from class org.springframework.web.filter.GenericFilterBean |
logger |
|
Constructor Summary |
SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
org.springframework.social.UserIdSource userIdSource,
org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository,
SocialAuthenticationServiceLocator authServiceLocator)
|
| Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication |
| Methods inherited from class org.springframework.web.filter.GenericFilterBean |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SocialAuthenticationFilter
public SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
org.springframework.social.UserIdSource userIdSource,
org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository,
SocialAuthenticationServiceLocator authServiceLocator)
setSignupUrl
public void setSignupUrl(java.lang.String signupUrl)
setDefaultFailureUrl
public void setDefaultFailureUrl(java.lang.String defaultFailureUrl)
- The URL to redirect to if authentication fails or if authorization is denied by the user.
- Parameters:
defaultFailureUrl - The failure URL. Defaults to "/signin" (relative to the servlet context).
setConnectionAddedRedirectUrl
public void setConnectionAddedRedirectUrl(java.lang.String connectionAddedRedirectUrl)
setUpdateConnections
public void setUpdateConnections(boolean updateConnections)
setPostLoginUrl
public void setPostLoginUrl(java.lang.String postLoginUrl)
setPostFailureUrl
public void setPostFailureUrl(java.lang.String postFailureUrl)
getUsersConnectionRepository
public org.springframework.social.connect.UsersConnectionRepository getUsersConnectionRepository()
getAuthServiceLocator
public SocialAuthenticationServiceLocator getAuthServiceLocator()
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException
- Specified by:
attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Throws:
org.springframework.security.core.AuthenticationException
detectRejection
protected boolean detectRejection(javax.servlet.http.HttpServletRequest request)
- Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop.
Default implementation detects a rejection as a request that has one or more parameters, but none of the expected parameters (oauth_token, code, scope).
May be overridden to customize rejection detection.
- Parameters:
request - the request to check for rejection.
- Returns:
- true if the request appears to be the result of a rejected authorization; false otherwise.
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
- Indicates whether this filter should attempt to process a social network login request for the current invocation.
Check if request URL matches filterProcessesUrl with valid providerId.
The URL must be like {filterProcessesUrl}/{providerId}.
- Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Returns:
true if the filter should attempt authentication, false otherwise.
addConnection
protected org.springframework.social.connect.Connection<?> addConnection(SocialAuthenticationService<?> authService,
java.lang.String userId,
org.springframework.social.connect.ConnectionData data)