OpaqueTokenReactiveAuthenticationManager (spring-security-docs 6.5.6 API)

java.lang.Object

org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager

All Implemented Interfaces:: ReactiveAuthenticationManager

public class OpaqueTokenReactiveAuthenticationManager extends Object implements ReactiveAuthenticationManager

An ReactiveAuthenticationManager implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

This ReactiveAuthenticationManager is responsible for introspecting and verifying an opaque access token, returning its attributes set as part of the Authentication statement.

A ReactiveOpaqueTokenIntrospector is responsible for retrieving token attributes from an authorization server.

A ReactiveOpaqueTokenAuthenticationConverter is responsible for turning a successful introspection result into an Authentication instance (which may include mapping GrantedAuthoritys from token attributes or retrieving from another source).

Since:

5.2

See Also:

ReactiveAuthenticationManager

Constructor Summary

Constructors

Constructor

Description

OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspector)

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
Method Summary

Modifier and Type

Method

Description

reactor.core.publisher.Mono<Authentication>

authenticate(Authentication authentication)

Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.

void

setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter)

Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- OpaqueTokenReactiveAuthenticationManager
  
  public OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspector)
  
  Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
  
  Parameters:
  
  introspector - The ReactiveOpaqueTokenIntrospector to use
Method Details
- authenticate
  
  public reactor.core.publisher.Mono<Authentication> authenticate(Authentication authentication)
  
  Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.
  If created Authentication is instance of AbstractAuthenticationToken and details are null, then introspection result details are used.
  
  Specified by:
  
  authenticate in interface ReactiveAuthenticationManager
  
  Parameters:
  
  authentication - the authentication request object.
  
  Returns:
  
  A successful authentication
- setAuthenticationConverter
  
  public void setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter)
  
  Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice. By default, BearerTokenAuthentication will be built.
  
  Parameters:
  
  authenticationConverter - the converter to use
  
  Since:
  
  5.8