Package org.springframework.social.security

Class SocialAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.social.security.SocialAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class SocialAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Filter for handling the provider sign-in flow within the Spring Security filter chain. Should be injected into the chain at or before the PRE_AUTH_FILTER location.

Author:

Stefan Fussenegger, Craig Walls, Yuan Ji

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager, UserIdSource userIdSource, UsersConnectionRepository usersConnectionRepository, SocialAuthenticationServiceLocator authServiceLocator)

Method Summary

Modifier and Type	Method	Description
protected Connection<?>	addConnection(SocialAuthenticationService<?> authService, String userId, ConnectionData data)
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected boolean	detectRejection(javax.servlet.http.HttpServletRequest request)	Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop.
SocialAuthenticationServiceLocator	getAuthServiceLocator()
UsersConnectionRepository	getUsersConnectionRepository()
protected boolean	requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Indicates whether this filter should attempt to process a social network login request for the current invocation.
void	setConnectionAddedRedirectUrl(String connectionAddedRedirectUrl)
void	setDefaultFailureUrl(String defaultFailureUrl)	The URL to redirect to if authentication fails or if authorization is denied by the user.
void	setPostFailureUrl(String postFailureUrl)
void	setPostLoginUrl(String postLoginUrl)
void	setSignupUrl(String signupUrl)
void	setUpdateConnections(boolean updateConnections)

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SocialAuthenticationFilter

public SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
                                  UserIdSource userIdSource,
                                  UsersConnectionRepository usersConnectionRepository,
                                  SocialAuthenticationServiceLocator authServiceLocator)

Method Detail

setSignupUrl

public void setSignupUrl(String signupUrl)

setDefaultFailureUrl

public void setDefaultFailureUrl(String defaultFailureUrl)

The URL to redirect to if authentication fails or if authorization is denied by the user.

Parameters:

defaultFailureUrl - The failure URL. Defaults to "/signin" (relative to the servlet context).

setConnectionAddedRedirectUrl

public void setConnectionAddedRedirectUrl(String connectionAddedRedirectUrl)

setUpdateConnections

public void setUpdateConnections(boolean updateConnections)

setPostLoginUrl

public void setPostLoginUrl(String postLoginUrl)

setPostFailureUrl

public void setPostFailureUrl(String postFailureUrl)

getUsersConnectionRepository

public UsersConnectionRepository getUsersConnectionRepository()

getAuthServiceLocator

public SocialAuthenticationServiceLocator getAuthServiceLocator()

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

detectRejection

protected boolean detectRejection(javax.servlet.http.HttpServletRequest request)

Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop. Default implementation detects a rejection as a request that has one or more parameters, but none of the expected parameters (oauth_token, code, scope). May be overridden to customize rejection detection.

Parameters:

request - the request to check for rejection.

Returns:

true if the request appears to be the result of a rejected authorization; false otherwise.

requiresAuthentication

protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

Indicates whether this filter should attempt to process a social network login request for the current invocation.

Check if request URL matches filterProcessesUrl with valid providerId. The URL must be like {filterProcessesUrl}/{providerId}.

Overrides:

requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Returns:

true if the filter should attempt authentication, false otherwise.

addConnection

protected Connection<?> addConnection(SocialAuthenticationService<?> authService,
                                      String userId,
                                      ConnectionData data)