Class ServerBearerTokenAuthenticationConverter
java.lang.Object
org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
- All Implemented Interfaces:
ServerAuthenticationConverter
public class ServerBearerTokenAuthenticationConverter
extends Object
implements ServerAuthenticationConverter
A strategy for resolving
Bearer
Tokens from the
ServerWebExchange
.- Since:
- 5.1
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Authentication>
convert
(org.springframework.web.server.ServerWebExchange exchange) Converts aServerWebExchange
to anAuthentication
void
setAllowUriQueryParameter
(boolean allowUriQueryParameter) Set if transport of access token using URI query parameter is supported.void
setBearerTokenHeaderName
(String bearerTokenHeaderName) Set this value to configure what header is checked when resolving a Bearer Token.
-
Constructor Details
-
ServerBearerTokenAuthenticationConverter
public ServerBearerTokenAuthenticationConverter()
-
-
Method Details
-
convert
public reactor.core.publisher.Mono<Authentication> convert(org.springframework.web.server.ServerWebExchange exchange) Description copied from interface:ServerAuthenticationConverter
Converts aServerWebExchange
to anAuthentication
- Specified by:
convert
in interfaceServerAuthenticationConverter
- Parameters:
exchange
- TheServerWebExchange
- Returns:
- A
Mono
representing anAuthentication
-
setAllowUriQueryParameter
public void setAllowUriQueryParameter(boolean allowUriQueryParameter) Set if transport of access token using URI query parameter is supported. Defaults tofalse
. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.- Parameters:
allowUriQueryParameter
- if the URI query parameter is supported
-
setBearerTokenHeaderName
Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted toHttpHeaders.AUTHORIZATION
. This allows other headers to be used as the Bearer Token source such asHttpHeaders.PROXY_AUTHORIZATION
- Parameters:
bearerTokenHeaderName
- the header to check when retrieving the Bearer Token.- Since:
- 5.4
-