org.broadleafcommerce.authapi.filter

Class RefreshTokenAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.broadleafcommerce.authapi.filter.RefreshTokenAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class RefreshTokenAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

This filter is responsible for retrieving a new access token using the refresh token from an HTTP-Only cookie.

Author:

Nick Crum ncrum

Field Summary

Fields

Modifier and Type	Field and Description
protected AuthenticationTokenService	authenticationTokenService
protected org.springframework.core.env.Environment	environment

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
RefreshTokenAuthenticationFilter(String url, org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.core.env.Environment environment, AuthenticationTokenService authenticationTokenService)

Method Summary

Modifier and Type	Method and Description
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
protected String	getRefreshToken(javax.servlet.http.HttpServletRequest request)
protected javax.servlet.http.Cookie	getRefreshTokenCookie(javax.servlet.http.HttpServletRequest request)
protected String	getRefreshTokenCookieName()
protected void	successfulAuthentication(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth)

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

environment

protected final org.springframework.core.env.Environment environment

authenticationTokenService

protected final AuthenticationTokenService authenticationTokenService

Constructor Detail

RefreshTokenAuthenticationFilter

public RefreshTokenAuthenticationFilter(String url,
                                        org.springframework.security.authentication.AuthenticationManager authenticationManager,
                                        org.springframework.core.env.Environment environment,
                                        AuthenticationTokenService authenticationTokenService)

Method Detail

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest req,
                                                                              javax.servlet.http.HttpServletResponse res)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

IOException

javax.servlet.ServletException

getRefreshToken

protected String getRefreshToken(javax.servlet.http.HttpServletRequest request)

getRefreshTokenCookie

protected javax.servlet.http.Cookie getRefreshTokenCookie(javax.servlet.http.HttpServletRequest request)

successfulAuthentication

protected void successfulAuthentication(javax.servlet.http.HttpServletRequest req,
                                        javax.servlet.http.HttpServletResponse res,
                                        javax.servlet.FilterChain chain,
                                        org.springframework.security.core.Authentication auth)
                                 throws IOException,
                                        javax.servlet.ServletException

Overrides:

successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

javax.servlet.ServletException

getRefreshTokenCookieName

protected String getRefreshTokenCookieName()