Package org.springframework.security.oauth2.server.resource.web

Class DefaultBearerTokenResolver

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String resolve​(javax.servlet.http.HttpServletRequest request)
      Resolve any Bearer Token value from the request.
      void setAllowFormEncodedBodyParameter​(boolean allowFormEncodedBodyParameter)
      Set if transport of access token using form-encoded body parameter is supported.
      void setAllowUriQueryParameter​(boolean allowUriQueryParameter)
      Set if transport of access token using URI query parameter is supported.
      void setBearerTokenHeaderName​(java.lang.String bearerTokenHeaderName)
      Set this value to configure what header is checked when resolving a Bearer Token.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • DefaultBearerTokenResolver

        public DefaultBearerTokenResolver()

    • Method Detail

      • resolve

        public java.lang.String resolve​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: BearerTokenResolver
        Resolve any Bearer Token value from the request.
        Specified by:
        resolve in interface BearerTokenResolver
        Parameters:
        request - the request
        Returns:
        the Bearer Token value or null if none found

      • setAllowFormEncodedBodyParameter

        public void setAllowFormEncodedBodyParameter​(boolean allowFormEncodedBodyParameter)
        Set if transport of access token using form-encoded body parameter is supported. Defaults to false.
        Parameters:
        allowFormEncodedBodyParameter - if the form-encoded body parameter is supported

      • setAllowUriQueryParameter

        public void setAllowUriQueryParameter​(boolean allowUriQueryParameter)
        Set if transport of access token using URI query parameter is supported. Defaults to false. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.
        Parameters:
        allowUriQueryParameter - if the URI query parameter is supported

      • setBearerTokenHeaderName

        public void setBearerTokenHeaderName​(java.lang.String bearerTokenHeaderName)
        Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted to HttpHeaders.AUTHORIZATION. This allows other headers to be used as the Bearer Token source such as HttpHeaders.PROXY_AUTHORIZATION
        Parameters:
        bearerTokenHeaderName - the header to check when retrieving the Bearer Token.
        Since:
        5.4