org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

Class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>

org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer<H>

All Implemented Interfaces:

SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>

An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support. By default, this wires a BearerTokenAuthenticationFilter, which can be used to parse the request for bearer tokens and make an authentication attempt.

The following configuration options are available:

• accessDeniedHandler(AccessDeniedHandler)
- customizes how access denied errors are handled
• authenticationEntryPoint(AuthenticationEntryPoint)
- customizes how authentication failures are handled
• bearerTokenResolver(BearerTokenResolver) - customizes how to resolve a bearer token from the request
• jwt() - enables Jwt-encoded bearer token support

When using jwt(), either

• supply a Jwk Set Uri via OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String), or
• supply a JwtDecoder instance via OAuth2ResourceServerConfigurer.JwtConfigurer.decoder, or
• expose a JwtDecoder bean

Also with jwt() consider

• customizing the conversion from a Jwt to an Authentication with OAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)

Security Filters

The following Filters are populated when jwt() is configured:

• BearerTokenAuthenticationFilter

Shared Objects Created

The following shared objects are populated:

• SessionCreationPolicy (optional)

Shared Objects Used

The following shared objects are used:

• AuthenticationManager

Since:

5.1

See Also:

BearerTokenAuthenticationFilter, JwtAuthenticationProvider, NimbusJwtDecoderJwkSupport, AbstractHttpConfigurer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	OAuth2ResourceServerConfigurer.JwtConfigurer

Constructor Summary

Constructors

Constructor and Description
OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)

Method Summary

Modifier and Type	Method and Description
OAuth2ResourceServerConfigurer<H>	accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)
OAuth2ResourceServerConfigurer<H>	authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint)
OAuth2ResourceServerConfigurer<H>	bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver)
void	configure(H http) Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
void	init(H http) Initialize the SecurityBuilder.
OAuth2ResourceServerConfigurer.JwtConfigurer	jwt()

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuth2ResourceServerConfigurer

public OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)

Method Detail

accessDeniedHandler

public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)

authenticationEntryPoint

public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint)

bearerTokenResolver

public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver)

jwt

public OAuth2ResourceServerConfigurer.JwtConfigurer jwt()

init

public void init(H http)
          throws java.lang.Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:

init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

java.lang.Exception

configure

public void configure(H http)
               throws java.lang.Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

java.lang.Exception