Class OAuth2LoginAuthenticationProvider
java.lang.Object
org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
An implementation of an
AuthenticationProvider for OAuth 2.0 Login, which
leverages the OAuth 2.0 Authorization Code Grant Flow.
This AuthenticationProvider is responsible for authenticating an Authorization
Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner) from the
UserInfo Endpoint using an OAuth2UserService, which will create a
Principal in the form of an OAuth2User. The OAuth2User is then
associated to the OAuth2LoginAuthenticationToken to complete the
authentication.
-
Constructor Summary
ConstructorsConstructorDescriptionOAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) Constructs anOAuth2LoginAuthenticationProviderusing the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication).final voidsetAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) Sets theGrantedAuthoritiesMapperused for mappingOAuth2AuthenticatedPrincipal.getAuthorities()to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken.booleanReturnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.
-
Constructor Details
-
OAuth2LoginAuthenticationProvider
public OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) Constructs anOAuth2LoginAuthenticationProviderusing the provided parameters.- Parameters:
accessTokenResponseClient- the client used for requesting the access token credential from the Token EndpointuserService- the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProviderPerforms authentication with the same contract asAuthenticationManager.authenticate(Authentication).- Specified by:
authenticatein interfaceAuthenticationProvider- Parameters:
authentication- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
nullif theAuthenticationProvideris unable to support authentication of the passedAuthenticationobject. In such a case, the nextAuthenticationProviderthat supports the presentedAuthenticationclass will be tried. - Throws:
AuthenticationException- if authentication fails.
-
setAuthoritiesMapper
Sets theGrantedAuthoritiesMapperused for mappingOAuth2AuthenticatedPrincipal.getAuthorities()to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken.- Parameters:
authoritiesMapper- theGrantedAuthoritiesMapperused for mapping the user's authorities
-
supports
Description copied from interface:AuthenticationProviderReturnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.Returning
truedoes not guarantee anAuthenticationProviderwill be able to authenticate the presentedAuthenticationobject. It simply indicates it can support closer evaluation of it. AnAuthenticationProvidercan still returnnullfrom theAuthenticationProvider.authenticate(Authentication)method to indicate anotherAuthenticationProvidershould be tried.Selection of an
AuthenticationProvidercapable of performing authentication is conducted at runtime theProviderManager.- Specified by:
supportsin interfaceAuthenticationProvider- Returns:
trueif the implementation can more closely evaluate theAuthenticationclass presented
-