Class AuthorizeTokenFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.camunda.bpm.spring.boot.starter.security.oauth2.impl.AuthorizeTokenFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class AuthorizeTokenFilter
extends org.springframework.web.filter.OncePerRequestFilter
Authorize or re-authorize (if required) oauth2 client using
OAuth2AuthorizedClientManager.
- If the access token is valid, then does nothing.
- If the access token is expired, then refreshes it.
- If authorize failed, then clears the
SecurityContextandHttpSession.
References:
-
OAuth2AuthorizedClientManager.authorize(OAuth2AuthorizeRequest) -
OAuth2AuthorizedClientProvider.authorize(OAuth2AuthorizationContext) -
DelegatingOAuth2AuthorizedClientProvider.authorize(OAuth2AuthorizationContext) -
RefreshTokenOAuth2AuthorizedClientProvider.authorize(OAuth2AuthorizationContext)
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX -
Constructor Summary
ConstructorsConstructorDescriptionAuthorizeTokenFilter(org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager clientManager) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidauthorizeToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected voidclearContext(jakarta.servlet.http.HttpServletRequest request) protected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) protected booleanhasTokenExpired(org.springframework.security.oauth2.core.OAuth2Token token) Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AuthorizeTokenFilter
public AuthorizeTokenFilter(org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager clientManager)
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(@Nonnull jakarta.servlet.http.HttpServletRequest request, @Nonnull jakarta.servlet.http.HttpServletResponse response, @Nonnull jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Throws:
jakarta.servlet.ServletExceptionIOException
-
hasTokenExpired
protected boolean hasTokenExpired(org.springframework.security.oauth2.core.OAuth2Token token) -
clearContext
protected void clearContext(jakarta.servlet.http.HttpServletRequest request) -
authorizeToken
protected void authorizeToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken token, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
-