Package org.springframework.security.oauth2.server.resource.web

Class DefaultBearerTokenResolver

java.lang.Object

org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

All Implemented Interfaces:

BearerTokenResolver

public final class DefaultBearerTokenResolver
extends Object
implements BearerTokenResolver

The default BearerTokenResolver implementation based on RFC 6750.

Since:

5.1

See Also:

• RFC 6750 Section 2: Authenticated Requests

Constructor Summary

Constructors

Constructor	Description
DefaultBearerTokenResolver()

Method Summary

Modifier and Type	Method	Description
String	resolve(jakarta.servlet.http.HttpServletRequest request)	Resolve any Bearer Token value from the request.
void	setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter)	Set if transport of access token using form-encoded body parameter is supported.
void	setAllowUriQueryParameter(boolean allowUriQueryParameter)	Set if transport of access token using URI query parameter is supported.
void	setBearerTokenHeaderName(String bearerTokenHeaderName)	Set this value to configure what header is checked when resolving a Bearer Token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultBearerTokenResolver

public DefaultBearerTokenResolver()

Method Details

resolve

public String resolve(jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: BearerTokenResolver

Resolve any Bearer Token value from the request.

Specified by:

resolve in interface BearerTokenResolver

Parameters:

request - the request

Returns:

the Bearer Token value or null if none found

setAllowFormEncodedBodyParameter

public void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter)

Set if transport of access token using form-encoded body parameter is supported. Defaults to false.

Parameters:

allowFormEncodedBodyParameter - if the form-encoded body parameter is supported

setAllowUriQueryParameter

public void setAllowUriQueryParameter(boolean allowUriQueryParameter)

Set if transport of access token using URI query parameter is supported. Defaults to false. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.

Parameters:

allowUriQueryParameter - if the URI query parameter is supported

setBearerTokenHeaderName

public void setBearerTokenHeaderName(String bearerTokenHeaderName)

Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted to HttpHeaders.AUTHORIZATION. This allows other headers to be used as the Bearer Token source such as HttpHeaders.PROXY_AUTHORIZATION

Parameters:

bearerTokenHeaderName - the header to check when retrieving the Bearer Token.

Since:

5.4