Class AppAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
com.app.security.filter.AppAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.ApplicationEventPublisherAware,org.springframework.context.EnvironmentAware,org.springframework.context.MessageSourceAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class AppAuthenticationFilter
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Custom filter to handle user authentication during login.
This filter processes the login request, extracts user credentials (username and password),
authenticates the user using the provided AuthenticationManager, and generates
authentication tokens upon successful login. It also sets the generated tokens in cookies
and returns them in the response body.
-
Field Summary
Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEYFields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messagesFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionAppAuthenticationFilter(TokenService tokenService, org.springframework.security.authentication.AuthenticationManager authenticationManager) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.AuthenticationattemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Attempts to authenticate the user based on the provided credentials.protected voidsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult) Handles successful authentication by generating and setting authentication tokens.Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameterMethods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, unsuccessfulAuthenticationMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AppAuthenticationFilter
public AppAuthenticationFilter(TokenService tokenService, org.springframework.security.authentication.AuthenticationManager authenticationManager) - Parameters:
tokenService- the service responsible for generating tokensauthenticationManager- the authentication manager used to authenticate the user
-
-
Method Details
-
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws org.springframework.security.core.AuthenticationException Attempts to authenticate the user based on the provided credentials.The method reads the
AuthenticationDtofrom the request body, which contains the username and password. It then creates aUsernamePasswordAuthenticationTokenand delegates the authentication to theAuthenticationManager.- Overrides:
attemptAuthenticationin classorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Parameters:
request- the HTTP request containing the user's credentialsresponse- the HTTP response- Returns:
- the authenticated
Authenticationobject - Throws:
org.springframework.security.core.AuthenticationException- if authentication fails
-
successfulAuthentication
protected void successfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult) throws IOException, jakarta.servlet.ServletException Handles successful authentication by generating and setting authentication tokens.Upon successful authentication, this method generates the access and refresh tokens using the
TokenService. The tokens are then added as HTTP-only cookies and returned in the response body in JSON format.- Overrides:
successfulAuthenticationin classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter- Parameters:
request- the HTTP requestresponse- the HTTP responsechain- the filter chainauthResult- the authentication result- Throws:
IOException- if an I/O error occursjakarta.servlet.ServletException- if a servlet exception occurs
-