Chapter 17 oauth2loginauthenticationwebfilter source code analysis

SpringBoot OAuth2 Client The authorization core of is implemented by two filters ：

• OAuth2AuthorizationRequestRedirectWebFilter
• OAuth2LoginAuthenticationWebFilter

OAuth2LoginAuthenticationWebFilter The filter is the protagonist of today's main analysis .

overview

OAuth2LoginAuthenticationWebFilter Filters depend on many classes ：

• ReactiveAuthticationManager： obtain Access Token、 Get user information
• ServerOAuth2AuthorizedClientRepository
• ServerWebExchangeMatcher： Used to match the request path and intercept processing
• ServerAuthenticationSuccessHandler： Callback processing after successful authorization
• ServerAuthenticationFailureHandler： Callback processing after authorization failure

The following functions are realized ：

• Authorization code exchange AccessToken
• AccessToken In exchange for user information ( nickname 、 Mailbox and so on )

The following mind map mainly describes OAuth2LoginAuthenticatioinWebFilter Dependent classes , It is convenient for us to have a clear and intuitive understanding of it .

Core source analysis

OAuth2LoginAuthticationWebFilter The filter inherits AuthenticationWebFilter . So its main function is in the parent class AuthenticationWebFilter Finish in .AuthenticationWebFilter It is mainly responsible for matching the request path and intercepting processing 、 Start certification 、 Callback after successful authentication 、 Callback after failure . The source code is shown below .

public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    
			//  from ServerWebExchangeMatcher Match the request path to be intercepted 
      return this.requiresAuthenticationMatcher.matches(exchange).filter((matchResult) -> {
    
          return matchResult.isMatch();
      }).flatMap((matchResult) -> {
    
          return this.authenticationConverter.convert(exchange);
      }).switchIfEmpty(chain.filter(exchange).then(Mono.empty())).flatMap((token) -> {
    
          return this.authenticate(exchange, chain, token);
      }).onErrorResume(AuthenticationException.class, (ex) -> {
    
					//  Throw out AuthenticationException abnormal   Callback processing after authentication failure 
          return this.authenticationFailureHandler.onAuthenticationFailure(new WebFilterExchange(exchange, chain), ex);
      });
  }

private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) {
    
      return this.authenticationManagerResolver.resolve(exchange).flatMap((authenticationManager) -> {
    
					//  from ReactiveAuthticationManager To be responsible for certification 
          return authenticationManager.authenticate(token);
      }).switchIfEmpty(Mono.defer(() -> {
    
          return Mono.error(new IllegalStateException("No provider found for " + token.getClass()));
      })).flatMap((authentication) -> {
    
					//  Callback processing after successful authentication 
          return this.onAuthenticationSuccess(authentication, new WebFilterExchange(exchange, chain));
      }).doOnError(AuthenticationException.class, (ex) -> {
    
          logger.debug(LogMessage.format("Authentication failed: %s", ex.getMessage()));
      });
  }

If you summarize the above functions in one sentence ： Match the request path to be intercepted , And start certification , Authentication successful call successful callback ; Authentication failure call failure callback .

Maybe you'll be curious ： How to match request paths 、 What path should be blocked 、 What is the specific work of certification 、 How to deal with the success or failure of authentication . Next, let's analyze one by one .