org.keycloak.adapters.springsecurity.filter

Class KeycloakAuthenticationProcessingFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class KeycloakAuthenticationProcessingFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
implements org.springframework.context.ApplicationContextAware

Provides a Keycloak authentication processing filter.

Version:

$Revision: 1 $

Author:

Scott Rossillo

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHORIZATION_HEADER
static String	DEFAULT_LOGIN_URL
static org.springframework.security.web.util.matcher.RequestMatcher	DEFAULT_REQUEST_MATCHER Request matcher that matches requests to the default login URI and any request with a Authorization header.
static String	SCHEME_BASIC
static String	SCHEME_BEARER

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager) Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.
KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher) Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected boolean	isBasicAuthRequest(javax.servlet.http.HttpServletRequest request) Returns true if the request was made with a Basic authentication authorization header.
protected boolean	isBearerTokenRequest(javax.servlet.http.HttpServletRequest request) Returns true if the request was made with a bearer token authorization header.
void	setAdapterTokenStoreFactory(AdapterTokenStoreFactory adapterTokenStoreFactory) Sets the adapter token store factory to use when creating per-request adapter token stores.
void	setAllowSessionCreation(boolean allowSessionCreation) This filter does not support explicitly enabling session creation.
void	setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
void	setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) This filter does not support explicitly setting a continue chain before success policy
protected void	successfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)
protected void	unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getFilterProcessesUrl, getRememberMeServices, getSuccessHandler, requiresAuthentication, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_LOGIN_URL

public static final String DEFAULT_LOGIN_URL

See Also:

Constant Field Values

AUTHORIZATION_HEADER

public static final String AUTHORIZATION_HEADER

See Also:

Constant Field Values

SCHEME_BEARER

public static final String SCHEME_BEARER

See Also:

Constant Field Values

SCHEME_BASIC

public static final String SCHEME_BASIC

See Also:

Constant Field Values

DEFAULT_REQUEST_MATCHER

public static final org.springframework.security.web.util.matcher.RequestMatcher DEFAULT_REQUEST_MATCHER

Request matcher that matches requests to the default login URI and any request with a Authorization header.

Constructor Detail

KeycloakAuthenticationProcessingFilter

public KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager)

Creates a new Keycloak authentication processing filter with given AuthenticationManager and the default request matcher.

Parameters:

authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)

See Also:

DEFAULT_REQUEST_MATCHER

KeycloakAuthenticationProcessingFilter

public KeycloakAuthenticationProcessingFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                              org.springframework.security.web.util.matcher.RequestMatcher requiresAuthenticationRequestMatcher)

Creates a new Keycloak authentication processing filter with given AuthenticationManager and RequestMatcher.

Note: the given request matcher must support matching the Authorization header if bearer token authentication is to be accepted.

Parameters:

authenticationManager - the AuthenticationManager to authenticate requests (cannot be null)

requiresAuthenticationRequestMatcher - the RequestMatcher used to determine if authentication is required (cannot be null)

See Also:

RequestHeaderRequestMatcher, OrRequestMatcher

Method Detail

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

IOException

javax.servlet.ServletException

isBearerTokenRequest

protected boolean isBearerTokenRequest(javax.servlet.http.HttpServletRequest request)

Returns true if the request was made with a bearer token authorization header.

Parameters:

request - the current HttpServletRequest

Returns:

true if the request was made with a bearer token authorization header; false otherwise.

isBasicAuthRequest

protected boolean isBasicAuthRequest(javax.servlet.http.HttpServletRequest request)

Returns true if the request was made with a Basic authentication authorization header.

Parameters:

request - the current HttpServletRequest

Returns:

true if the request was made with a Basic authentication authorization header; false otherwise.

successfulAuthentication

protected void successfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        javax.servlet.FilterChain chain,
                                        org.springframework.security.core.Authentication authResult)
                                 throws IOException,
                                        javax.servlet.ServletException

Overrides:

successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

javax.servlet.ServletException

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
                                          javax.servlet.ServletException

Overrides:

unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

javax.servlet.ServletException

setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
                           throws org.springframework.beans.BeansException

Specified by:

setApplicationContext in interface org.springframework.context.ApplicationContextAware

Throws:

org.springframework.beans.BeansException

setAdapterTokenStoreFactory

public void setAdapterTokenStoreFactory(AdapterTokenStoreFactory adapterTokenStoreFactory)

Sets the adapter token store factory to use when creating per-request adapter token stores.

Parameters:

adapterTokenStoreFactory - the AdapterTokenStoreFactory to use

setAllowSessionCreation

public final void setAllowSessionCreation(boolean allowSessionCreation)

This filter does not support explicitly enabling session creation.

Overrides:

setAllowSessionCreation in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

UnsupportedOperationException - this filter does not support explicitly enabling session creation.

setContinueChainBeforeSuccessfulAuthentication

public final void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication)

This filter does not support explicitly setting a continue chain before success policy

Overrides:

setContinueChainBeforeSuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

UnsupportedOperationException - this filter does not support explicitly setting a continue chain before success policy