spring-social-security

org.springframework.social.security
Class SocialAuthenticationFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
          extended by org.springframework.social.security.SocialAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class SocialAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Filter for handling the provider sign-in flow within the Spring Security filter chain. Should be injected into the chain at or before the PRE_AUTH_FILTER location.

Author:
Stefan Fussenegger, Craig Walls, Yuan Ji

Field Summary
 
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager, org.springframework.social.UserIdSource userIdSource, org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository, SocialAuthenticationServiceLocator authServiceLocator)
           
 
Method Summary
protected  org.springframework.social.connect.Connection<?> addConnection(SocialAuthenticationService<?> authService, java.lang.String userId, org.springframework.social.connect.ConnectionData data)
           
 org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
           
protected  boolean detectRejection(javax.servlet.http.HttpServletRequest request)
          Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop.
 SocialAuthenticationServiceLocator getAuthServiceLocator()
           
 org.springframework.social.connect.UsersConnectionRepository getUsersConnectionRepository()
           
protected  boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Indicates whether this filter should attempt to process a social network login request for the current invocation.
 void setConnectionAddedRedirectUrl(java.lang.String connectionAddedRedirectUrl)
           
 void setDefaultFailureUrl(java.lang.String defaultFailureUrl)
          The URL to redirect to if authentication fails or if authorization is denied by the user.
 void setPostFailureUrl(java.lang.String postFailureUrl)
           
 void setPostLoginUrl(java.lang.String postLoginUrl)
           
 void setSignupUrl(java.lang.String signupUrl)
           
 void setUpdateConnections(boolean updateConnections)
           
 
Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SocialAuthenticationFilter

public SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
                                  org.springframework.social.UserIdSource userIdSource,
                                  org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository,
                                  SocialAuthenticationServiceLocator authServiceLocator)
Method Detail

setSignupUrl

public void setSignupUrl(java.lang.String signupUrl)

setDefaultFailureUrl

public void setDefaultFailureUrl(java.lang.String defaultFailureUrl)
The URL to redirect to if authentication fails or if authorization is denied by the user.

Parameters:
defaultFailureUrl - The failure URL. Defaults to "/signin" (relative to the servlet context).

setConnectionAddedRedirectUrl

public void setConnectionAddedRedirectUrl(java.lang.String connectionAddedRedirectUrl)

setUpdateConnections

public void setUpdateConnections(boolean updateConnections)

setPostLoginUrl

public void setPostLoginUrl(java.lang.String postLoginUrl)

setPostFailureUrl

public void setPostFailureUrl(java.lang.String postFailureUrl)

getUsersConnectionRepository

public org.springframework.social.connect.UsersConnectionRepository getUsersConnectionRepository()

getAuthServiceLocator

public SocialAuthenticationServiceLocator getAuthServiceLocator()

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException
Specified by:
attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Throws:
org.springframework.security.core.AuthenticationException

detectRejection

protected boolean detectRejection(javax.servlet.http.HttpServletRequest request)
Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop. Default implementation detects a rejection as a request that has one or more parameters, but none of the expected parameters (oauth_token, code, scope). May be overridden to customize rejection detection.

Parameters:
request - the request to check for rejection.
Returns:
true if the request appears to be the result of a rejected authorization; false otherwise.

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
Indicates whether this filter should attempt to process a social network login request for the current invocation.

Check if request URL matches filterProcessesUrl with valid providerId. The URL must be like {filterProcessesUrl}/{providerId}.

Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Returns:
true if the filter should attempt authentication, false otherwise.

addConnection

protected org.springframework.social.connect.Connection<?> addConnection(SocialAuthenticationService<?> authService,
                                                                         java.lang.String userId,
                                                                         org.springframework.social.connect.ConnectionData data)

spring-social-security