Package net.devh.boot.grpc.server.security.authentication

Class BearerAuthenticationReader

java.lang.Object

net.devh.boot.grpc.server.security.authentication.BearerAuthenticationReader

All Implemented Interfaces:

GrpcAuthenticationReader

public class BearerAuthenticationReader
extends Object
implements GrpcAuthenticationReader

Spring-Security has several token-based AuthenticationProvider implementations (e.g. in spring-security-web/oauth2 or spring-security-oauth2-resource-server), so you need to provide a Function that wraps the extracted token in a Authentication object supported by your AuthenticationProvider.

Constructor Summary

Constructors

Constructor	Description
BearerAuthenticationReader(Function<String,Authentication> tokenWrapper)	Creates a new BearerAuthenticationReader with the given wrapper function.

Method Summary

Modifier and Type	Method	Description
Authentication	readAuthentication(ServerCall<?,?> call, Metadata headers)	Tries to read the Authentication information from the given call and metadata.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BearerAuthenticationReader

public BearerAuthenticationReader(Function<String,Authentication> tokenWrapper)

Creates a new BearerAuthenticationReader with the given wrapper function.

Example-Usage:

For spring-security-web:

 new BearerAuthenticationReader(token -> new PreAuthenticatedAuthenticationToken(token, null))
 

For spring-security-oauth2-resource-server:

 new BearerAuthenticationReader(token -> new BearerTokenAuthenticationToken(token))
 

Parameters:

tokenWrapper - The function used to convert the token (without bearer prefix) into an Authentication object.

Method Details

readAuthentication

public Authentication readAuthentication(ServerCall<?,?> call,
 Metadata headers)

Description copied from interface: GrpcAuthenticationReader

Tries to read the Authentication information from the given call and metadata.

Note: Implementations are free to throw an AuthenticationException if no credentials could be found in the call. If an exception is thrown by an implementation then the authentication attempt should be considered as failed and no subsequent GrpcAuthenticationReaders should be called. Additionally, the call will fail as Status.UNAUTHENTICATED. If the call instead returns null, then the call processing will proceed unauthenticated.

Specified by:

readAuthentication in interface GrpcAuthenticationReader

Parameters:

call - The call to get that send the request.

headers - The metadata/headers as sent by the client.

Returns:

The authentication object or null if no authentication is present.