Class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
An
AbstractHttpConfigurer
for OAuth 2.0 Resource Server Support.
By default, this wires a BearerTokenAuthenticationFilter
, which can be used to
parse the request for bearer tokens and make an authentication attempt.
The following configuration options are available:
accessDeniedHandler(AccessDeniedHandler)
- customizes how access
denied errors are handled
authenticationEntryPoint(AuthenticationEntryPoint)
- customizes how
authentication failures are handled
bearerTokenResolver(BearerTokenResolver)
- customizes how to resolve a bearer token from the requestjwt(Customizer)
- enables Jwt-encoded bearer token supportopaqueToken(Customizer)
- enables opaque bearer token support
When using jwt(Customizer)
, either
- supply a Jwk Set Uri via
OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String)
, or - supply a
JwtDecoder
instance viaOAuth2ResourceServerConfigurer.JwtConfigurer.decoder
, or - expose a
JwtDecoder
bean
jwt(Customizer)
consider
- customizing the conversion from a
Jwt
to anAuthentication
withOAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)
When using opaqueToken(Customizer)
, supply an introspection endpoint with its
client credentials and an OpaqueTokenAuthenticationConverter
Security Filters
The followingFilter
s are populated when jwt(Customizer)
is
configured:
Shared Objects Created
The following shared objects are populated:SessionCreationPolicy
(optional)
Shared Objects Used
The following shared objects are used:- Since:
- 5.1
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionclass
class
-
Constructor Summary
ConstructorDescriptionOAuth2ResourceServerConfigurer
(org.springframework.context.ApplicationContext context) -
Method Summary
Modifier and TypeMethodDescriptionaccessDeniedHandler
(AccessDeniedHandler accessDeniedHandler) authenticationEntryPoint
(AuthenticationEntryPoint entryPoint) authenticationManagerResolver
(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) bearerTokenResolver
(BearerTokenResolver bearerTokenResolver) void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
Initialize theSecurityBuilder
.jwt()
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.jwt
(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.opaqueToken
(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
OAuth2ResourceServerConfigurer
public OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)
-
-
Method Details
-
accessDeniedHandler
public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) -
authenticationEntryPoint
public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint entryPoint) -
authenticationManagerResolver
public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
bearerTokenResolver
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(BearerTokenResolver bearerTokenResolver) -
jwt
@Deprecated(since="6.1", forRemoval=true) public OAuth2ResourceServerConfigurer<H>.JwtConfigurer jwt()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Usejwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. -
jwt
public OAuth2ResourceServerConfigurer<H> jwt(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.- Parameters:
jwtCustomizer
- theCustomizer
to provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.JwtConfigurer
- Returns:
- the
OAuth2ResourceServerConfigurer
for further customizations
-
opaqueToken
@Deprecated(since="6.1", forRemoval=true) public OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer opaqueToken()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseopaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. -
opaqueToken
public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.- Parameters:
opaqueTokenCustomizer
- theCustomizer
to provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.OpaqueTokenConfigurer
- Returns:
- the
OAuth2ResourceServerConfigurer
for further customizations
-
init
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
init
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-