Class OpaqueTokenAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
-
- All Implemented Interfaces:
AuthenticationProvider
public final class OpaqueTokenAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
AnAuthenticationProvider
implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.This
AuthenticationProvider
is responsible for introspecting and verifying an opaque access token, returning its attributes set as part of theAuthentication
statement.Scopes are translated into
GrantedAuthority
s according to the following algorithm:- If there is a "scope" attribute, then convert to a
Collection
ofString
s. - Take the resulting
Collection
and prepend the "SCOPE_" keyword to each element, adding asGrantedAuthority
s.
- Since:
- 5.2
- See Also:
AuthenticationProvider
-
-
Constructor Summary
Constructors Constructor Description OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector)
Creates aOpaqueTokenAuthenticationProvider
with the provided parameters
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Authentication
authenticate(Authentication authentication)
Introspect and validate the opaque Bearer Token.boolean
supports(java.lang.Class<?> authentication)
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
-
-
Constructor Detail
-
OpaqueTokenAuthenticationProvider
public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector)
Creates aOpaqueTokenAuthenticationProvider
with the provided parameters- Parameters:
introspector
- TheOpaqueTokenIntrospector
to use
-
-
Method Detail
-
authenticate
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Introspect and validate the opaque Bearer Token.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- A successful authentication
- Throws:
AuthenticationException
- if authentication failed for some reason
-
supports
public boolean supports(java.lang.Class<?> authentication)
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
-