Package org.springframework.security.oauth2.server.resource.authentication

Class OpaqueTokenAuthenticationProvider

java.lang.Object

org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public final class OpaqueTokenAuthenticationProvider
extends Object
implements AuthenticationProvider

An AuthenticationProvider implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

This AuthenticationProvider is responsible for introspecting and verifying an opaque access token, returning its attributes set as part of the Authentication statement.

Scopes are translated into GrantedAuthoritys according to the following algorithm:

1. If there is a "scope" attribute, then convert to a Collection of Strings.
2. Take the resulting Collection and prepend the "SCOPE_" keyword to each element, adding as GrantedAuthoritys.

Since:

5.2

See Also:

• AuthenticationProvider

Constructor Summary

Constructors

Constructor	Description
OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector)	Creates a OpaqueTokenAuthenticationProvider with the provided parameters

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication authentication)	Introspect and validate the opaque Bearer Token.
boolean	supports(Class<?> authentication)	Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OpaqueTokenAuthenticationProvider

public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector)

Creates a OpaqueTokenAuthenticationProvider with the provided parameters

Parameters:

introspector - The OpaqueTokenIntrospector to use

Method Details

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Introspect and validate the opaque Bearer Token.

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authentication - the authentication request object.

Returns:

A successful authentication

Throws:

AuthenticationException - if authentication failed for some reason

supports

public boolean supports(Class<?> authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Returns:

true if the implementation can more closely evaluate the Authentication class presented