Package org.apache.fineract.infrastructure.security.filter

Class TwoFactorAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.apache.fineract.infrastructure.security.filter.TwoFactorAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
Direct Known Subclasses:
InsecureTwoFactorAuthenticationFilter
public class TwoFactorAuthenticationFilter extends org.springframework.web.filter.GenericFilterBean
This filter is responsible for handling two-factor authentication. The filter is enabled when 'twofactor' environment profile is active, otherwise InsecureTwoFactorAuthenticationFilter is used. This filter validates an access-token provided as a header 'Fineract-Platform-TFA-Token'. If a valid token is provided, a 'TWOFACTOR_AUTHENTICATED' authority is added to the current authentication. If an invalid(non-existent or invalid) token is provided, 403 response is returned. An authenticated platform user with permission 'BYPASS_TWOFACTOR' will always be granted 'TWOFACTOR_AUTHENTICATED' authority regardless of the value of the 'Fineract-Platform-TFA-Token' header.

  • Field Summary

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    TwoFactorAuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain)
     

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • TwoFactorAuthenticationFilter

      public TwoFactorAuthenticationFilter()

  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException