Package org.dspace.app.rest.security

Class OidcLoginFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.dspace.app.rest.security.StatelessLoginFilter

org.dspace.app.rest.security.OidcLoginFilter

All Implemented Interfaces:

jakarta.servlet.Filter, Aware, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, EnvironmentAware, MessageSourceAware, EnvironmentCapable, ServletContextAware

public class OidcLoginFilter
extends StatelessLoginFilter

This class will filter OpenID Connect (OIDC) requests and try and authenticate them. In this case, the actual authentication is performed by OIDC. After authentication succeeds, OIDC will send the authentication data to this filter in order for it to be processed by DSpace.

Author:

Pasquale Cavallo (pasquale.cavallo at 4science dot it)

Field Summary

Fields inherited from class org.dspace.app.rest.security.StatelessLoginFilter

authenticationManager, restAuthenticationService

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
OidcLoginFilter(String url, String httpMethod, AuthenticationManager authenticationManager, RestAuthenticationService restAuthenticationService)

Method Summary

Modifier and Type	Method	Description
Authentication	attemptAuthentication(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res)	Attempt to authenticate the user by using Spring Security's AuthenticationManager.
protected void	successfulAuthentication(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, jakarta.servlet.FilterChain chain, Authentication auth)	If the above attemptAuthentication() call was successful (no authentication error was thrown), then this method will take the returned DSpaceAuthentication class (which includes all the data from the authenticated user) and add the authentication data to the response.

Methods inherited from class org.dspace.app.rest.security.StatelessLoginFilter

afterPropertiesSet, unsuccessfulAuthentication

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OidcLoginFilter

public OidcLoginFilter(String url,
 String httpMethod,
 AuthenticationManager authenticationManager,
 RestAuthenticationService restAuthenticationService)

Method Details

attemptAuthentication

public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest req,
 jakarta.servlet.http.HttpServletResponse res)
                                     throws AuthenticationException

Description copied from class: StatelessLoginFilter

Attempt to authenticate the user by using Spring Security's AuthenticationManager. The AuthenticationManager will delegate this task to one or more AuthenticationProvider classes.

For DSpace, our custom AuthenticationProvider is EPersonRestAuthenticationProvider, so that is the authenticate() method which is called below.

Overrides:

attemptAuthentication in class StatelessLoginFilter

Parameters:

req - current request

res - current response

Returns:

a valid Spring Security Authentication object if authentication succeeds

Throws:

AuthenticationException - if authentication fails

See Also:

• EPersonRestAuthenticationProvider

successfulAuthentication

protected void successfulAuthentication(jakarta.servlet.http.HttpServletRequest req,
 jakarta.servlet.http.HttpServletResponse res,
 jakarta.servlet.FilterChain chain,
 Authentication auth)
                                 throws IOException,
jakarta.servlet.ServletException

Description copied from class: StatelessLoginFilter

If the above attemptAuthentication() call was successful (no authentication error was thrown), then this method will take the returned DSpaceAuthentication class (which includes all the data from the authenticated user) and add the authentication data to the response.

For DSpace, this is calling our JWTTokenRestAuthenticationServiceImpl in order to create a JWT based on the authentication data & send that JWT back in the response.

Overrides:

successfulAuthentication in class StatelessLoginFilter

Parameters:

req - current request

res - response

chain - FilterChain

auth - Authentication object containing info about user who had a successful authentication

Throws:

IOException

jakarta.servlet.ServletException

See Also:

• JWTTokenRestAuthenticationServiceImpl