public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
AbstractHttpConfigurer
for OAuth 2.0 Resource Server Support.
By default, this wires a BearerTokenAuthenticationFilter
, which can be used to parse the request
for bearer tokens and make an authentication attempt.
The following configuration options are available:
accessDeniedHandler(AccessDeniedHandler)
authenticationEntryPoint(AuthenticationEntryPoint)
bearerTokenResolver(BearerTokenResolver)
- customizes how to resolve a bearer token from the requestjwt(Customizer)
- enables Jwt-encoded bearer token supportopaqueToken(Customizer)
- enables opaque bearer token support
When using jwt(Customizer)
, either
OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String)
, or
JwtDecoder
instance via OAuth2ResourceServerConfigurer.JwtConfigurer.decoder
, or
JwtDecoder
bean
jwt(Customizer)
consider
Jwt
to an Authentication
with
OAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)
When using opaqueToken(Customizer)
, supply an introspection endpoint and its authentication configuration
Filter
s are populated when jwt(Customizer)
is configured:
SessionCreationPolicy
(optional)BearerTokenAuthenticationFilter
,
JwtAuthenticationProvider
,
NimbusJwtDecoder
,
AbstractHttpConfigurer
Modifier and Type | Class and Description |
---|---|
class |
OAuth2ResourceServerConfigurer.JwtConfigurer |
class |
OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer |
Constructor and Description |
---|
OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context) |
disable, withObjectPostProcessor
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
public OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)
public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint entryPoint)
public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(BearerTokenResolver bearerTokenResolver)
public OAuth2ResourceServerConfigurer.JwtConfigurer jwt()
public OAuth2ResourceServerConfigurer<H> jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer> jwtCustomizer)
jwtCustomizer
- the Customizer
to provide more options for
the OAuth2ResourceServerConfigurer.JwtConfigurer
OAuth2ResourceServerConfigurer
for further customizationspublic OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken()
public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer> opaqueTokenCustomizer)
opaqueTokenCustomizer
- the Customizer
to provide more options for
the OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
OAuth2ResourceServerConfigurer
for further customizationspublic void init(H http)
SecurityConfigurer
SecurityBuilder
. Here only shared state should be created
and modified, but not properties on the SecurityBuilder
used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder)
method uses
the correct shared objects when building. Configurers should be applied here.init
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
public void configure(H http)
SecurityConfigurer
SecurityBuilder
by setting the necessary properties on the
SecurityBuilder
.configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>