org.springframework.social.security

Class SocialAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.social.security.SocialAuthenticationFilter

All Implemented Interfaces:

Filter, Aware, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, EnvironmentAware, MessageSourceAware, ServletContextAware

public class SocialAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Filter for handling the provider sign-in flow within the Spring Security filter chain. Should be injected into the chain at or before the PRE_AUTH_FILTER location.

Author:

Stefan Fussenegger, Craig Walls, Yuan Ji

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager, org.springframework.social.UserIdSource userIdSource, org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository, SocialAuthenticationServiceLocator authServiceLocator)

Method Summary

Modifier and Type	Method and Description
protected org.springframework.social.connect.Connection<?>	addConnection(SocialAuthenticationService<?> authService, String userId, org.springframework.social.connect.ConnectionData data)
org.springframework.security.core.Authentication	attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
protected boolean	detectRejection(HttpServletRequest request) Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop.
SocialAuthenticationServiceLocator	getAuthServiceLocator()
org.springframework.social.connect.UsersConnectionRepository	getUsersConnectionRepository()
protected boolean	requiresAuthentication(HttpServletRequest request, HttpServletResponse response) Deprecated.
void	setAlwaysUsePostLoginUrl(boolean alwaysUsePostLoginUrl)
void	setConnectionAddedRedirectUrl(String connectionAddedRedirectUrl) an authenticated user can add additional connections.
void	setConnectionAddingFailureRedirectUrl(String connectionAddingFailureRedirectUrl) redirect the user after an attempt to add an additional authentication failed.
void	setDefaultFailureUrl(String defaultFailureUrl) Deprecated. use setPostFailureUrl(String) instead
void	setFilterProcessesUrl(String filterProcessesUrl)
void	setPostFailureUrl(String postFailureUrl) The URL to redirect to if authentication fails or if authorization is denied by the user.
void	setPostLoginUrl(String postLoginUrl)
void	setSessionStrategy(org.springframework.social.connect.web.SessionStrategy sessionStrategy) Sets a strategy to use when persisting information that is to survive past the boundaries of a request.
void	setSignupUrl(String signupUrl) Sets the signup URL; the URL to redirect to if authentication fails so that the user can register with the application.
void	setUpdateConnections(boolean updateConnections)

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SocialAuthenticationFilter

public SocialAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authManager,
                                  org.springframework.social.UserIdSource userIdSource,
                                  org.springframework.social.connect.UsersConnectionRepository usersConnectionRepository,
                                  SocialAuthenticationServiceLocator authServiceLocator)

Method Detail

setSignupUrl

public void setSignupUrl(String signupUrl)

Sets the signup URL; the URL to redirect to if authentication fails so that the user can register with the application. May be fully-qualified URL (e.g., "http://somehost/somepath/signup") or a path relative to application's servlet context path (e.g., "/signup").

Parameters:

signupUrl - The signup URL

setDefaultFailureUrl

@Deprecated
public void setDefaultFailureUrl(String defaultFailureUrl)

Deprecated. use setPostFailureUrl(String) instead

setConnectionAddedRedirectUrl

public void setConnectionAddedRedirectUrl(String connectionAddedRedirectUrl)

an authenticated user can add additional connections. after successfully authorizing, the user will be redirected to this URL

setConnectionAddingFailureRedirectUrl

public void setConnectionAddingFailureRedirectUrl(String connectionAddingFailureRedirectUrl)

redirect the user after an attempt to add an additional authentication failed. After the failure the user is still authenticated, so redirecting to something like might not make sense

setUpdateConnections

public void setUpdateConnections(boolean updateConnections)

setPostLoginUrl

public void setPostLoginUrl(String postLoginUrl)

setAlwaysUsePostLoginUrl

public void setAlwaysUsePostLoginUrl(boolean alwaysUsePostLoginUrl)

setPostFailureUrl

public void setPostFailureUrl(String postFailureUrl)

The URL to redirect to if authentication fails or if authorization is denied by the user.

Parameters:

postFailureUrl - The failure URL. Defaults to "/signin" (relative to the servlet context).

setSessionStrategy

public void setSessionStrategy(org.springframework.social.connect.web.SessionStrategy sessionStrategy)

Sets a strategy to use when persisting information that is to survive past the boundaries of a request. The default strategy is to set the data as attributes in the HTTP Session.

Parameters:

sessionStrategy - the session strategy.

getUsersConnectionRepository

public org.springframework.social.connect.UsersConnectionRepository getUsersConnectionRepository()

getAuthServiceLocator

public SocialAuthenticationServiceLocator getAuthServiceLocator()

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(HttpServletRequest request,
                                                                              HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

detectRejection

protected boolean detectRejection(HttpServletRequest request)

Detects a callback request after a user rejects authorization to prevent a never-ending redirect loop. Default implementation detects a rejection as a request that has one or more parameters (except 'state' parameter which can be used by application), but none of the expected parameters (oauth_token, code, scope). May be overridden to customize rejection detection.

Parameters:

request - the request to check for rejection.

Returns:

true if the request appears to be the result of a rejected authorization; false otherwise.

requiresAuthentication

@Deprecated
protected boolean requiresAuthentication(HttpServletRequest request,
                                                     HttpServletResponse response)

Deprecated.

Indicates whether this filter should attempt to process a social network login request for the current invocation.

Check if request URL matches filterProcessesUrl with valid providerId. The URL must be like {filterProcessesUrl}/{providerId}.

Overrides:

requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Returns:

true if the filter should attempt authentication, false otherwise.

addConnection

protected org.springframework.social.connect.Connection<?> addConnection(SocialAuthenticationService<?> authService,
                                                                         String userId,
                                                                         org.springframework.social.connect.ConnectionData data)

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

Overrides:

setFilterProcessesUrl in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter