Class OAuth2LoginAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
AuthenticationProvider
for OAuth 2.0 Login, which
leverages the OAuth 2.0 Authorization Code Grant Flow.
This AuthenticationProvider
is responsible for authenticating an Authorization
Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner) from the
UserInfo Endpoint using an OAuth2UserService
, which will create a
Principal
in the form of an OAuth2User
. The OAuth2User
is then
associated to the OAuth2LoginAuthenticationToken
to complete the
authentication.
-
Constructor Summary
ConstructorDescriptionOAuth2LoginAuthenticationProvider
(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) Constructs anOAuth2LoginAuthenticationProvider
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.final void
setAuthoritiesMapper
(GrantedAuthoritiesMapper authoritiesMapper) Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Constructor Details
-
OAuth2LoginAuthenticationProvider
public OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) Constructs anOAuth2LoginAuthenticationProvider
using the provided parameters.- Parameters:
accessTokenResponseClient
- the client used for requesting the access token credential from the Token EndpointuserService
- the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
setAuthoritiesMapper
Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.- Parameters:
authoritiesMapper
- theGrantedAuthoritiesMapper
used for mapping the user's authorities
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presentedAuthentication
object. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-