/** * Creates a new Keycloak authentication processing filter with given {@link AuthenticationManager} and * {@link RequestMatcher}. * <p> * Note: the given request matcher must support matching the <code>Authorization</code> header if * bearer token authentication is to be accepted. * </p> * * @param authenticationManager the {@link AuthenticationManager} to authenticate requests (cannot be null) * @param requiresAuthenticationRequestMatcher the {@link RequestMatcher} used to determine if authentication * is required (cannot be null) * * @see RequestHeaderRequestMatcher * @see OrRequestMatcher * */ public KeycloakAuthenticationProcessingFilter(AuthenticationManager authenticationManager, RequestMatcher requiresAuthenticationRequestMatcher) { super(requiresAuthenticationRequestMatcher); Assert.notNull(authenticationManager, "authenticationManager cannot be null"); this.authenticationManager = authenticationManager; super.setAuthenticationManager(authenticationManager); super.setAllowSessionCreation(false); super.setContinueChainBeforeSuccessfulAuthentication(false); }