Class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
An
AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.
By default, this wires a BearerTokenAuthenticationFilter, which can be used to
parse the request for bearer tokens and make an authentication attempt.
The following configuration options are available:
accessDeniedHandler(AccessDeniedHandler) - customizes how access
denied errors are handled
authenticationEntryPoint(AuthenticationEntryPoint) - customizes how
authentication failures are handled
bearerTokenResolver(BearerTokenResolver)- customizes how to resolve a bearer token from the requestjwt(Customizer)- enables Jwt-encoded bearer token supportopaqueToken(Customizer)- enables opaque bearer token support
When using jwt(Customizer), either
- supply a Jwk Set Uri via
OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String), or - supply a
JwtDecoderinstance viaOAuth2ResourceServerConfigurer.JwtConfigurer.decoder, or - expose a
JwtDecoderbean
jwt(Customizer) consider
- customizing the conversion from a
Jwtto anAuthenticationwithOAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)
When using opaqueToken(Customizer), supply an introspection endpoint with its
client credentials and an OpaqueTokenAuthenticationConverter
Security Filters
The followingFilters are populated when jwt(Customizer) is
configured:
BearerTokenAuthenticationFilter
Shared Objects Created
The following shared objects are populated:SessionCreationPolicy(optional)
Shared Objects Used
The following shared objects are used:AuthenticationManager
- Since:
- 5.1
- See Also:
-
BearerTokenAuthenticationFilterJwtAuthenticationProviderNimbusJwtDecoderAbstractHttpConfigurer
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionclassclass -
Constructor Summary
ConstructorsConstructorDescriptionOAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context) -
Method Summary
Modifier and TypeMethodDescriptionaccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler) authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint) authenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver) voidConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.voidInitialize theSecurityBuilder.jwt()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.jwt(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.opaqueToken(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
OAuth2ResourceServerConfigurer
public OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)
-
-
Method Details
-
accessDeniedHandler
public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler) -
authenticationEntryPoint
public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint) -
authenticationManagerResolver
public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
bearerTokenResolver
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver) -
jwt
@Deprecated(since="6.1", forRemoval=true) public OAuth2ResourceServerConfigurer<H>.JwtConfigurer jwt()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Usejwt(Customizer)orjwt(Customizer.withDefaults())to stick with defaults. See the documentation for more details. -
jwt
public OAuth2ResourceServerConfigurer<H> jwt(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.- Parameters:
jwtCustomizer- theCustomizerto provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.JwtConfigurer- Returns:
- the
OAuth2ResourceServerConfigurerfor further customizations
-
opaqueToken
@Deprecated(since="6.1", forRemoval=true) public OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer opaqueToken()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseopaqueToken(Customizer)oropaqueToken(Customizer.withDefaults())to stick with defaults. See the documentation for more details. -
opaqueToken
public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.- Parameters:
opaqueTokenCustomizer- theCustomizerto provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.OpaqueTokenConfigurer- Returns:
- the
OAuth2ResourceServerConfigurerfor further customizations
-
init
Description copied from interface:SecurityConfigurerInitialize theSecurityBuilder. Here only shared state should be created and modified, but not properties on theSecurityBuilderused for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
initin interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
initin classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
configure
Description copied from interface:SecurityConfigurerConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.- Specified by:
configurein interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
configurein classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-