org.springframework.security.oauth2.provider.endpoint
类 TokenEndpointAuthenticationFilter

java.lang.Object
  org.springframework.security.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter

所有已实现的接口：

javax.servlet.Filter

public class TokenEndpointAuthenticationFilter
extends Object
implements javax.servlet.Filter

An optional authentication filter for the TokenEndpoint. It sits downstream of another filter (usually BasicAuthenticationFilter) for the client, and creates an OAuth2Authentication for the Spring SecurityContext if the request also contains user credentials, e.g. as typically would be the case in a password grant. This filter is only required if the TokenEndpoint (or one of it's dependencies) needs to know about the authenticated user. In a vanilla password grant this isn't normally necessary because the token granter will also authenticate the user.

If this filter is used the Spring Security context will contain an OAuth2Authentication encapsulating (as the authorization request) the form parameters coming into the filter and the client id from the already authenticated client authentication, and the authenticated user token extracted from the request and validated using the authentication manager.

作者：

Dave Syer

构造方法摘要

TokenEndpointAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory)

方法摘要

void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
protected org.springframework.security.core.Authentication	extractCredentials(javax.servlet.http.HttpServletRequest request) If the incoming request contains user credentials in headers or parameters then extract them here into an Authentication token that can be validated later.
void	init(javax.servlet.FilterConfig filterConfig)
protected void	onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authResult)
protected void	onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)
void	setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource) A source of authentication details for requests that result in authentication.
void	setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint) An authentication entry point that can handle unsuccessful authentication.

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造方法详细信息

TokenEndpointAuthenticationFilter

public TokenEndpointAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                         OAuth2RequestFactory oAuth2RequestFactory)

参数：

authenticationManager - an AuthenticationManager for the incoming request

方法详细信息

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

An authentication entry point that can handle unsuccessful authentication. Defaults to an OAuth2AuthenticationEntryPoint.

参数：

authenticationEntryPoint - the authenticationEntryPoint to set

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

A source of authentication details for requests that result in authentication.

参数：

authenticationDetailsSource - the authenticationDetailsSource to set

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

指定者：

接口 javax.servlet.Filter 中的 doFilter

抛出：

IOException

javax.servlet.ServletException

onSuccessfulAuthentication

protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.Authentication authResult)
                                   throws IOException

抛出：

IOException

onUnsuccessfulAuthentication

protected void onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response,
                                            org.springframework.security.core.AuthenticationException failed)
                                     throws IOException

抛出：

IOException

extractCredentials

protected org.springframework.security.core.Authentication extractCredentials(javax.servlet.http.HttpServletRequest request)

If the incoming request contains user credentials in headers or parameters then extract them here into an Authentication token that can be validated later. This implementation only recognises password grant requests and extracts the username and password.

参数：

request - the incoming request, possibly with user credentials

返回：

an authentication for validation (or null if there is no further authentication)

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

指定者：

接口 javax.servlet.Filter 中的 init

抛出：

javax.servlet.ServletException

destroy

public void destroy()

指定者：

接口 javax.servlet.Filter 中的 destroy