public class OAuth2LoginAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
AuthenticationProvider for OAuth 2.0 Login, which
leverages the OAuth 2.0 Authorization Code Grant Flow.
This AuthenticationProvider is responsible for authenticating an Authorization
Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner) from the
UserInfo Endpoint using an OAuth2UserService, which will create a
Principal in the form of an OAuth2User. The OAuth2User is then
associated to the OAuth2LoginAuthenticationToken to complete the
authentication.
| Constructor and Description |
|---|
OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
OAuth2UserService<OAuth2UserRequest,OAuth2User> userService)
Constructs an
OAuth2LoginAuthenticationProvider using the provided
parameters. |
| Modifier and Type | Method and Description |
|---|---|
Authentication |
authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. |
void |
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
Sets the
GrantedAuthoritiesMapper used for mapping
OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be
associated to the OAuth2LoginAuthenticationToken. |
boolean |
supports(java.lang.Class<?> authentication)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
public OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest,OAuth2User> userService)
OAuth2LoginAuthenticationProvider using the provided
parameters.accessTokenResponseClient - the client used for requesting the access token
credential from the Token EndpointuserService - the service used for obtaining the user attributes of the
End-User from the UserInfo Endpointpublic Authentication authenticate(Authentication authentication) throws AuthenticationException
AuthenticationProviderAuthenticationManager.authenticate(Authentication)
.authenticate in interface AuthenticationProviderauthentication - the authentication request object.null if the AuthenticationProvider is unable to support
authentication of the passed Authentication object. In such a case,
the next AuthenticationProvider that supports the presented
Authentication class will be tried.AuthenticationException - if authentication fails.public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
GrantedAuthoritiesMapper used for mapping
OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be
associated to the OAuth2LoginAuthenticationToken.authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the
user's authoritiespublic boolean supports(java.lang.Class<?> authentication)
AuthenticationProvidertrue if this AuthenticationProvider supports the
indicated Authentication object.
Returning true does not guarantee an
AuthenticationProvider will be able to authenticate the presented
instance of the Authentication class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider can still
return null from the AuthenticationProvider.authenticate(Authentication) method to
indicate another AuthenticationProvider should be tried.
Selection of an AuthenticationProvider capable of performing
authentication is conducted at runtime the ProviderManager.
supports in interface AuthenticationProvidertrue if the implementation can more closely evaluate the
Authentication class presented