org.springframework.security.oauth2.server.resource.web.server

Class ServerBearerTokenAuthenticationConverter

java.lang.Object

org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter

All Implemented Interfaces:

org.springframework.security.web.server.authentication.ServerAuthenticationConverter

public class ServerBearerTokenAuthenticationConverter
extends java.lang.Object
implements org.springframework.security.web.server.authentication.ServerAuthenticationConverter

A strategy for resolving Bearer Tokens from the ServerWebExchange.

Since:

5.1

See Also:

RFC 6750 Section 2: Authenticated Requests

Constructor Summary

Constructors

Constructor and Description
ServerBearerTokenAuthenticationConverter()

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<org.springframework.security.core.Authentication>	convert(org.springframework.web.server.ServerWebExchange exchange)
void	setAllowUriQueryParameter(boolean allowUriQueryParameter) Set if transport of access token using URI query parameter is supported.
void	setBearerTokenHeaderName(java.lang.String bearerTokenHeaderName) Set this value to configure what header is checked when resolving a Bearer Token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServerBearerTokenAuthenticationConverter

public ServerBearerTokenAuthenticationConverter()

Method Detail

convert

public reactor.core.publisher.Mono<org.springframework.security.core.Authentication> convert(org.springframework.web.server.ServerWebExchange exchange)

Specified by:

convert in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter

setAllowUriQueryParameter

public void setAllowUriQueryParameter(boolean allowUriQueryParameter)

Set if transport of access token using URI query parameter is supported. Defaults to false. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.

Parameters:

allowUriQueryParameter - if the URI query parameter is supported

setBearerTokenHeaderName

public void setBearerTokenHeaderName(java.lang.String bearerTokenHeaderName)

Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted to HttpHeaders.AUTHORIZATION. This allows other headers to be used as the Bearer Token source such as HttpHeaders.PROXY_AUTHORIZATION

Parameters:

bearerTokenHeaderName - the header to check when retrieving the Bearer Token.

Since:

5.4