org.springframework.security.oauth2.server.authorization.authentication.X509ClientCertificateAuthenticationProvider

All Implemented Interfaces:: org.springframework.security.authentication.AuthenticationProvider

public final class X509ClientCertificateAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider

An AuthenticationProvider implementation used for OAuth 2.0 Client Authentication, which authenticates the client X509Certificate received when the tls_client_auth or self_signed_tls_client_auth authentication method is used.

Since:

1.3

See Also:

Constructor Summary

Constructors

Constructor

Description

X509ClientCertificateAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService)

Constructs a X509ClientCertificateAuthenticationProvider using the provided parameters.
Method Summary

Modifier and Type

Method

Description

org.springframework.security.core.Authentication

authenticate(org.springframework.security.core.Authentication authentication)

void

setCertificateVerifier(Consumer<OAuth2ClientAuthenticationContext> certificateVerifier)

Sets the Consumer providing access to the OAuth2ClientAuthenticationContext and is responsible for verifying the client X509Certificate associated in the OAuth2ClientAuthenticationToken.

boolean

supports(Class<?> authentication)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- X509ClientCertificateAuthenticationProvider
  
  public X509ClientCertificateAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService)
  
  Constructs a X509ClientCertificateAuthenticationProvider using the provided parameters.
  
  Parameters:
  
  registeredClientRepository - the repository of registered clients
  
  authorizationService - the authorization service
Method Details
- authenticate
  
  public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
  
  Specified by:
  
  authenticate in interface org.springframework.security.authentication.AuthenticationProvider
  
  Throws:
  
  org.springframework.security.core.AuthenticationException
- supports
  
  public boolean supports(Class<?> authentication)
  
  Specified by:
  
  supports in interface org.springframework.security.authentication.AuthenticationProvider
- setCertificateVerifier
  
  public void setCertificateVerifier(Consumer<OAuth2ClientAuthenticationContext> certificateVerifier)
  
  Sets the Consumer providing access to the OAuth2ClientAuthenticationContext and is responsible for verifying the client X509Certificate associated in the OAuth2ClientAuthenticationToken. The default implementation for the tls_client_auth authentication method verifies the expected subject distinguished name.
  NOTE: If verification fails, an OAuth2AuthenticationException MUST be thrown.
  
  Parameters:
  
  certificateVerifier - the Consumer providing access to the OAuth2ClientAuthenticationContext and is responsible for verifying the client X509Certificate

Class X509ClientCertificateAuthenticationProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

X509ClientCertificateAuthenticationProvider

Method Details

authenticate

supports

setCertificateVerifier