java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationFilter

All Implemented Interfaces:: jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public final class OneTimeTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter

Filter that processes a one-time token for log in.

By default, it uses OneTimeTokenAuthenticationConverter to extract the token from the request.

Since:: 6.5

Field Summary

Fields

Modifier and Type

Field

Description

static final String

DEFAULT_LOGIN_PROCESSING_URL

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
Constructor Summary

Constructors

Constructor

Description

OneTimeTokenAuthenticationFilter()
Method Summary

Modifier and Type

Method

Description

Authentication

attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)

Performs actual authentication.

void

setAuthenticationConverter(AuthenticationConverter authenticationConverter)

Use this AuthenticationConverter when converting incoming requests to an Authentication.

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- DEFAULT_LOGIN_PROCESSING_URL
  
  public static final String DEFAULT_LOGIN_PROCESSING_URL
  See Also:
  
  Constant Field Values
Constructor Details
- OneTimeTokenAuthenticationFilter
  
  public OneTimeTokenAuthenticationFilter()
Method Details
- attemptAuthentication
  
  public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException, jakarta.servlet.ServletException
  
  Description copied from class: AbstractAuthenticationProcessingFilter
  Performs actual authentication.
  The implementation should do one of the following:
  
  Return a populated authentication token for the authenticated user, indicating successful authentication
  
  Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
  
  Throw an AuthenticationException if the authentication process fails
  Specified by:
  
  attemptAuthentication in class AbstractAuthenticationProcessingFilter
  
  Parameters:
  
  request - from which to extract parameters and perform the authentication
  
  response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).
  
  Returns:
  
  the authenticated user token, or null if authentication is incomplete.
  
  Throws:
  
  AuthenticationException - if authentication fails.
  
  IOException
  
  jakarta.servlet.ServletException
- setAuthenticationConverter
  
  public void setAuthenticationConverter(AuthenticationConverter authenticationConverter)
  
  Use this AuthenticationConverter when converting incoming requests to an Authentication. By default, the OneTimeTokenAuthenticationConverter is used.
  
  Parameters:
  
  authenticationConverter - the AuthenticationConverter to use

Class OneTimeTokenAuthenticationFilter

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Fields inherited from class org.springframework.web.filter.GenericFilterBean

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

Methods inherited from class java.lang.Object

Field Details

DEFAULT_LOGIN_PROCESSING_URL

Constructor Details

OneTimeTokenAuthenticationFilter

Method Details

attemptAuthentication

setAuthenticationConverter