Class AuthorizationServerAuthenticationFilterConfigurationCustomizer
java.lang.Object
com.broadleafcommerce.auth.authorization.security.autoconfigure.AuthorizationServerAuthenticationFilterConfigurationCustomizer
Used in
SpringAuthorizationServerComponentsConfiguration
to add various authentication
filters to the authorization server security filter chain.-
Constructor Summary
ConstructorDescriptionAuthorizationServerAuthenticationFilterConfigurationCustomizer
(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
applyOAuth2SessionAuthenticationFilter
(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, org.springframework.security.config.annotation.web.builders.HttpSecurity http) This filter is responsible for obtaining the end-user (resource owner) authentication information in several OAuth flows.void
customize
(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) Add/customize authentication filters relevant for the authorization server security filter chain.protected OAuth2SessionAuthenticationFilter
-
Constructor Details
-
AuthorizationServerAuthenticationFilterConfigurationCustomizer
public AuthorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter)
-
-
Method Details
-
customize
public void customize(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) Add/customize authentication filters relevant for the authorization server security filter chain.- Parameters:
httpSecurity
- the authorization server security filter chain builder on which to customize authentication filters
-
applyOAuth2SessionAuthenticationFilter
protected void applyOAuth2SessionAuthenticationFilter(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, org.springframework.security.config.annotation.web.builders.HttpSecurity http) This filter is responsible for obtaining the end-user (resource owner) authentication information in several OAuth flows. The Spring authentication filters expect that the end-user authentication is already available by the time they run, and thus this must apply before them.The Spring authentication filters are registered in
OAuth2AuthorizationEndpointConfigurer
and they are ordered beforeAbstractPreAuthenticatedProcessingFilter
.The
LogoutFilter
is engaged before all authentication filters, and thus we use it as the reference point.- Parameters:
oAuth2SessionAuthenticationFilter
- theOAuth2SessionAuthenticationFilter
http
- the security filter chain builder
-
getOAuth2SessionAuthenticationFilter
-