public class OAuth2LoginAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
AuthenticationProvider
for OAuth 2.0 Login,
which leverages the OAuth 2.0 Authorization Code Grant Flow.
This AuthenticationProvider
is responsible for authenticating
an Authorization Code credential with the Authorization Server's Token Endpoint
and if valid, exchanging it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner)
from the UserInfo Endpoint using an OAuth2UserService
,
which will create a Principal
in the form of an OAuth2User
.
The OAuth2User
is then associated to the OAuth2LoginAuthenticationToken
to complete the authentication.
Constructor and Description |
---|
OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
OAuth2UserService<OAuth2UserRequest,OAuth2User> userService)
Constructs an
OAuth2LoginAuthenticationProvider using the provided parameters. |
Modifier and Type | Method and Description |
---|---|
Authentication |
authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. |
void |
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
Sets the
GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken . |
boolean |
supports(java.lang.Class<?> authentication)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
public OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest,OAuth2User> userService)
OAuth2LoginAuthenticationProvider
using the provided parameters.accessTokenResponseClient
- the client used for requesting the access token credential from the Token EndpointuserService
- the service used for obtaining the user attributes of the End-User from the UserInfo Endpointpublic Authentication authenticate(Authentication authentication) throws AuthenticationException
AuthenticationProvider
AuthenticationManager.authenticate(Authentication)
.authenticate
in interface AuthenticationProvider
authentication
- the authentication request object.null
if the AuthenticationProvider
is unable to support
authentication of the passed Authentication
object. In such a case,
the next AuthenticationProvider
that supports the presented
Authentication
class will be tried.AuthenticationException
- if authentication fails.public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
GrantedAuthoritiesMapper
used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken
.authoritiesMapper
- the GrantedAuthoritiesMapper
used for mapping the user's authoritiespublic boolean supports(java.lang.Class<?> authentication)
AuthenticationProvider
true
if this AuthenticationProvider
supports the
indicated Authentication
object.
Returning true
does not guarantee an
AuthenticationProvider
will be able to authenticate the presented
instance of the Authentication
class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider
can still
return null
from the AuthenticationProvider.authenticate(Authentication)
method to
indicate another AuthenticationProvider
should be tried.
Selection of an AuthenticationProvider
capable of performing
authentication is conducted at runtime the ProviderManager
.
supports
in interface AuthenticationProvider
true
if the implementation can more closely evaluate the
Authentication
class presented