Polish OAuth2ClientAuthenticationFilter

Author: jgrandja

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java

@@ -59,8 +59,8 @@
  * @since 0.0.1
  * @see AuthenticationManager
  * @see OAuth2ClientAuthenticationProvider
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2.3">Section 2.3 Client Authentication</a>
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-3.2.1">Section 3.2.1 Token Endpoint Client Authentication</a>
+ * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-2.3">Section 2.3 Client Authentication</a>
+ * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-3.2.1">Section 3.2.1 Token Endpoint Client Authentication</a>
  */
 public final class OAuth2ClientAuthenticationFilter extends OncePerRequestFilter {
 	private final AuthenticationManager authenticationManager;
@@ -69,8 +69,8 @@ public final class OAuth2ClientAuthenticationFilter extends OncePerRequestFilter
 	private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
 			new WebAuthenticationDetailsSource();
 	private AuthenticationConverter authenticationConverter;
-	private AuthenticationSuccessHandler authenticationSuccessHandler;
-	private AuthenticationFailureHandler authenticationFailureHandler;
+	private AuthenticationSuccessHandler authenticationSuccessHandler = this::onAuthenticationSuccess;
+	private AuthenticationFailureHandler authenticationFailureHandler = this::onAuthenticationFailure;
 
 	/**
 	 * Constructs an {@code OAuth2ClientAuthenticationFilter} using the provided parameters.
@@ -89,57 +89,61 @@ public OAuth2ClientAuthenticationFilter(AuthenticationManager authenticationMana
 						new ClientSecretBasicAuthenticationConverter(),
 						new ClientSecretPostAuthenticationConverter(),
 						new PublicClientAuthenticationConverter()));
-		this.authenticationSuccessHandler = this::onAuthenticationSuccess;
-		this.authenticationFailureHandler = this::onAuthenticationFailure;
 	}
 
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 
-		if (this.requestMatcher.matches(request)) {
-			try {
-				Authentication authenticationRequest = this.authenticationConverter.convert(request);
-				if (authenticationRequest instanceof AbstractAuthenticationToken) {
-					((AbstractAuthenticationToken) authenticationRequest).setDetails(
-							this.authenticationDetailsSource.buildDetails(request));
-				}
-				if (authenticationRequest != null) {
-					Authentication authenticationResult = this.authenticationManager.authenticate(authenticationRequest);
-					this.authenticationSuccessHandler.onAuthenticationSuccess(request, response, authenticationResult);
-				}
-			} catch (OAuth2AuthenticationException failed) {
-				this.authenticationFailureHandler.onAuthenticationFailure(request, response, failed);
-				return;
+		if (!this.requestMatcher.matches(request)) {
+			filterChain.doFilter(request, response);
+			return;
+		}
+
+		try {
+			Authentication authenticationRequest = this.authenticationConverter.convert(request);
+			if (authenticationRequest instanceof AbstractAuthenticationToken) {
+				((AbstractAuthenticationToken) authenticationRequest).setDetails(
+						this.authenticationDetailsSource.buildDetails(request));
+			}
+			if (authenticationRequest != null) {
+				Authentication authenticationResult = this.authenticationManager.authenticate(authenticationRequest);
+				this.authenticationSuccessHandler.onAuthenticationSuccess(request, response, authenticationResult);
 			}
+			filterChain.doFilter(request, response);
+
+		} catch (OAuth2AuthenticationException ex) {
+			this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
 		}
-		filterChain.doFilter(request, response);
 	}
 
 	/**
-	 * Sets the {@link AuthenticationConverter} used for converting a {@link HttpServletRequest} to an {@link OAuth2ClientAuthenticationToken}.
+	 * Sets the {@link AuthenticationConverter} used when attempting to extract client credentials from {@link HttpServletRequest}
+	 * to an instance of {@link OAuth2ClientAuthenticationToken} used for authenticating the client.
 	 *
-	 * @param authenticationConverter used for converting a {@link HttpServletRequest} to an {@link OAuth2ClientAuthenticationToken}
+	 * @param authenticationConverter the {@link AuthenticationConverter} used when attempting to extract client credentials from {@link HttpServletRequest}
 	 */
 	public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
 		Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
 		this.authenticationConverter = authenticationConverter;
 	}
 
 	/**
-	 * Sets the {@link AuthenticationSuccessHandler} used for handling successful authentications.
+	 * Sets the {@link AuthenticationSuccessHandler} used for handling a successful client authentication
+	 * and associating the {@link OAuth2ClientAuthenticationToken} to the {@link SecurityContext}.
 	 *
-	 * @param authenticationSuccessHandler the {@link AuthenticationSuccessHandler} used for handling successful authentications
+	 * @param authenticationSuccessHandler the {@link AuthenticationSuccessHandler} used for handling a successful client authentication
 	 */
 	public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
 		Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
 		this.authenticationSuccessHandler = authenticationSuccessHandler;
 	}
 
 	/**
-	 * Sets the {@link AuthenticationFailureHandler} used for handling failed authentications.
+	 * Sets the {@link AuthenticationFailureHandler} used for handling a failed client authentication
+	 * and returning the {@link OAuth2Error Error Response}.
 	 *
-	 * @param authenticationFailureHandler the {@link AuthenticationFailureHandler} used for handling failed authentications
+	 * @param authenticationFailureHandler the {@link AuthenticationFailureHandler} used for handling a failed client authentication
 	 */
 	public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
 		Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
@@ -149,13 +153,13 @@ public void setAuthenticationFailureHandler(AuthenticationFailureHandler authent
 	private void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) {
 
-		SecurityContext context = SecurityContextHolder.createEmptyContext();
-		context.setAuthentication(authentication);
-		SecurityContextHolder.setContext(context);
+		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
+		securityContext.setAuthentication(authentication);
+		SecurityContextHolder.setContext(securityContext);
 	}
 
 	private void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
-			AuthenticationException failed) throws IOException {
+			AuthenticationException exception) throws IOException {
 
 		SecurityContextHolder.clearContext();
 
@@ -167,7 +171,7 @@ private void onAuthenticationFailure(HttpServletRequest request, HttpServletResp
 		// include the "WWW-Authenticate" response header field
 		// matching the authentication scheme used by the client.
 
-		OAuth2Error error = ((OAuth2AuthenticationException) failed).getError();
+		OAuth2Error error = ((OAuth2AuthenticationException) exception).getError();
 		ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
 		if (OAuth2ErrorCodes.INVALID_CLIENT.equals(error.getErrorCode())) {
 			httpResponse.setStatusCode(HttpStatus.UNAUTHORIZED);
@@ -176,4 +180,5 @@ private void onAuthenticationFailure(HttpServletRequest request, HttpServletResp
 		}
 		this.errorHttpResponseConverter.write(error, null, httpResponse);
 	}
+
 }