Class OpaqueTokenAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
AuthenticationProvider
implementation for opaque
Bearer
Tokens, using an
OAuth 2.0 Introspection
Endpoint to check the token's validity and reveal its attributes.
This AuthenticationProvider
is responsible for introspecting and verifying an
opaque access token, returning its attributes set as part of the Authentication
statement.
Scopes are translated into GrantedAuthority
s according to the following
algorithm:
- If there is a "scope" attribute, then convert to a
Collection
ofString
s. - Take the resulting
Collection
and prepend the "SCOPE_" keyword to each element, adding asGrantedAuthority
s.
- Since:
- 5.2
- See Also:
-
Constructor Summary
ConstructorDescriptionOpaqueTokenAuthenticationProvider
(OpaqueTokenIntrospector introspector) Creates aOpaqueTokenAuthenticationProvider
with the provided parameters -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(Authentication authentication) Introspect and validate the opaque Bearer Token.boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Constructor Details
-
OpaqueTokenAuthenticationProvider
Creates aOpaqueTokenAuthenticationProvider
with the provided parameters- Parameters:
introspector
- TheOpaqueTokenIntrospector
to use
-
-
Method Details
-
authenticate
Introspect and validate the opaque Bearer Token.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- A successful authentication
- Throws:
AuthenticationException
- if authentication failed for some reason
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-