Package org.springframework.security.oauth2.server.authorization.web

Class OAuth2TokenEndpointFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class OAuth2TokenEndpointFilter
extends org.springframework.web.filter.OncePerRequestFilter

A Filter for the OAuth 2.0 Token endpoint, which handles the processing of an OAuth 2.0 Authorization Grant.

It converts the OAuth 2.0 Authorization Grant request to an Authentication, which is then authenticated by the AuthenticationManager. If the authentication succeeds, the AuthenticationManager returns an OAuth2AccessTokenAuthenticationToken, which is returned in the OAuth 2.0 Access Token response. In case of any error, an OAuth2Error is returned in the OAuth 2.0 Error response.

By default, this Filter responds to authorization grant requests at the URI /oauth2/token and HttpMethod POST.

The default endpoint URI /oauth2/token may be overridden via the constructor OAuth2TokenEndpointFilter(AuthenticationManager, String).

Since:

7.0

See Also:

• AuthenticationManager
• OAuth2AuthorizationCodeAuthenticationProvider
• OAuth2RefreshTokenAuthenticationProvider
• OAuth2ClientCredentialsAuthenticationProvider
• OAuth2DeviceCodeAuthenticationProvider
• Section 3.2 Token Endpoint

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager)	Constructs an OAuth2TokenEndpointFilter using the provided parameters.
OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager, String tokenEndpointUri)	Constructs an OAuth2TokenEndpointFilter using the provided parameters.

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
void	setAuthenticationConverter(AuthenticationConverter authenticationConverter)	Sets the AuthenticationConverter used when attempting to extract an Access Token Request from HttpServletRequest to an instance of OAuth2AuthorizationGrantAuthenticationToken used for authenticating the authorization grant.
void	setAuthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)	Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.
void	setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)	Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
void	setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)	Sets the AuthenticationSuccessHandler used for handling an OAuth2AccessTokenAuthenticationToken and returning the Access Token Response.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2TokenEndpointFilter

public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager)

Constructs an OAuth2TokenEndpointFilter using the provided parameters.

Parameters:

authenticationManager - the authentication manager

OAuth2TokenEndpointFilter

public OAuth2TokenEndpointFilter(AuthenticationManager authenticationManager,
 String tokenEndpointUri)

Constructs an OAuth2TokenEndpointFilter using the provided parameters.

Parameters:

authenticationManager - the authentication manager

tokenEndpointUri - the endpoint URI for access token requests

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

IOException

setAuthenticationDetailsSource

public void setAuthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

Sets the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest.

Parameters:

authenticationDetailsSource - the AuthenticationDetailsSource used for building an authentication details instance from HttpServletRequest

setAuthenticationConverter

public void setAuthenticationConverter(AuthenticationConverter authenticationConverter)

Sets the AuthenticationConverter used when attempting to extract an Access Token Request from HttpServletRequest to an instance of OAuth2AuthorizationGrantAuthenticationToken used for authenticating the authorization grant.

Parameters:

authenticationConverter - the AuthenticationConverter used when attempting to extract an Access Token Request from HttpServletRequest

setAuthenticationSuccessHandler

public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)

Sets the AuthenticationSuccessHandler used for handling an OAuth2AccessTokenAuthenticationToken and returning the Access Token Response.

Parameters:

authenticationSuccessHandler - the AuthenticationSuccessHandler used for handling an OAuth2AccessTokenAuthenticationToken

setAuthenticationFailureHandler

public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)

Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException