public final class DefaultBearerTokenResolver extends java.lang.Object implements BearerTokenResolver
BearerTokenResolver
implementation based on RFC 6750.Constructor and Description |
---|
DefaultBearerTokenResolver() |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
resolve(javax.servlet.http.HttpServletRequest request)
Resolve any
Bearer
Token value from the request.
|
void |
setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter)
Set if transport of access token using form-encoded body parameter is supported.
|
void |
setAllowUriQueryParameter(boolean allowUriQueryParameter)
Set if transport of access token using URI query parameter is supported.
|
void |
setBearerTokenHeaderName(java.lang.String bearerTokenHeaderName)
Set this value to configure what header is checked when resolving a Bearer Token.
|
public java.lang.String resolve(javax.servlet.http.HttpServletRequest request)
BearerTokenResolver
resolve
in interface BearerTokenResolver
request
- the requestnull
if none foundpublic void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter)
false
.allowFormEncodedBodyParameter
- if the form-encoded body parameter is
supportedpublic void setAllowUriQueryParameter(boolean allowUriQueryParameter)
false
.
The spec recommends against using this mechanism for sending bearer tokens, and
even goes as far as stating that it was only included for completeness.allowUriQueryParameter
- if the URI query parameter is supportedpublic void setBearerTokenHeaderName(java.lang.String bearerTokenHeaderName)
HttpHeaders.AUTHORIZATION
.
This allows other headers to be used as the Bearer Token source such as
HttpHeaders.PROXY_AUTHORIZATION
bearerTokenHeaderName
- the header to check when retrieving the Bearer Token.