Class ServerBearerTokenAuthenticationConverter

java.lang.Object
org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
All Implemented Interfaces:
ServerAuthenticationConverter

public class ServerBearerTokenAuthenticationConverter extends Object implements ServerAuthenticationConverter
A strategy for resolving Bearer Tokens from the ServerWebExchange.
Since:
5.1
See Also:
  • Constructor Details

    • ServerBearerTokenAuthenticationConverter

      public ServerBearerTokenAuthenticationConverter()
  • Method Details

    • convert

      public reactor.core.publisher.Mono<Authentication> convert(org.springframework.web.server.ServerWebExchange exchange)
      Description copied from interface: ServerAuthenticationConverter
      Converts a ServerWebExchange to an Authentication
      Specified by:
      convert in interface ServerAuthenticationConverter
      Parameters:
      exchange - The ServerWebExchange
      Returns:
      A Mono representing an Authentication
    • setAllowUriQueryParameter

      public void setAllowUriQueryParameter(boolean allowUriQueryParameter)
      Set if transport of access token using URI query parameter is supported. Defaults to false. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.
      Parameters:
      allowUriQueryParameter - if the URI query parameter is supported
    • setBearerTokenHeaderName

      public void setBearerTokenHeaderName(String bearerTokenHeaderName)
      Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted to HttpHeaders.AUTHORIZATION. This allows other headers to be used as the Bearer Token source such as HttpHeaders.PROXY_AUTHORIZATION
      Parameters:
      bearerTokenHeaderName - the header to check when retrieving the Bearer Token.
      Since:
      5.4