Class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
-
- org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer<H>
-
- All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
AnAbstractHttpConfigurer
for OAuth 2.0 Resource Server Support. By default, this wires aBearerTokenAuthenticationFilter
, which can be used to parse the request for bearer tokens and make an authentication attempt.The following configuration options are available:
accessDeniedHandler(AccessDeniedHandler)
- customizes how access
denied errors are handled
authenticationEntryPoint(AuthenticationEntryPoint)
- customizes how
authentication failures are handled
bearerTokenResolver(BearerTokenResolver)
- customizes how to resolve a bearer token from the requestjwt(Customizer)
- enables Jwt-encoded bearer token supportopaqueToken(Customizer)
- enables opaque bearer token support
When using
jwt(Customizer)
, either- supply a Jwk Set Uri via
OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String)
, or - supply a
JwtDecoder
instance viaOAuth2ResourceServerConfigurer.JwtConfigurer.decoder
, or - expose a
JwtDecoder
bean
jwt(Customizer)
consider- customizing the conversion from a
Jwt
to anAuthentication
withOAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)
When using
opaqueToken(Customizer)
, supply an introspection endpoint and its authentication configurationSecurity Filters
The followingFilter
s are populated whenjwt(Customizer)
is configured:BearerTokenAuthenticationFilter
Shared Objects Created
The following shared objects are populated:SessionCreationPolicy
(optional)
Shared Objects Used
The following shared objects are used:AuthenticationManager
- Since:
- 5.1
- See Also:
BearerTokenAuthenticationFilter
,JwtAuthenticationProvider
,NimbusJwtDecoder
,AbstractHttpConfigurer
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
OAuth2ResourceServerConfigurer.JwtConfigurer
class
OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
-
Constructor Summary
Constructors Constructor Description OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description OAuth2ResourceServerConfigurer<H>
accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)
OAuth2ResourceServerConfigurer<H>
authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint)
OAuth2ResourceServerConfigurer<H>
authenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
OAuth2ResourceServerConfigurer<H>
bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver)
void
configure(H http)
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
init(H http)
Initialize theSecurityBuilder
.OAuth2ResourceServerConfigurer.JwtConfigurer
jwt()
OAuth2ResourceServerConfigurer<H>
jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer> jwtCustomizer)
Enables Jwt-encoded bearer token support.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
opaqueToken()
OAuth2ResourceServerConfigurer<H>
opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer> opaqueTokenCustomizer)
Enables opaque bearer token support.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Method Detail
-
accessDeniedHandler
public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)
-
authenticationEntryPoint
public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint entryPoint)
-
authenticationManagerResolver
public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(org.springframework.security.authentication.AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest> authenticationManagerResolver)
-
bearerTokenResolver
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver)
-
jwt
public OAuth2ResourceServerConfigurer.JwtConfigurer jwt()
-
jwt
public OAuth2ResourceServerConfigurer<H> jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer> jwtCustomizer)
Enables Jwt-encoded bearer token support.- Parameters:
jwtCustomizer
- theCustomizer
to provide more options for theOAuth2ResourceServerConfigurer.JwtConfigurer
- Returns:
- the
OAuth2ResourceServerConfigurer
for further customizations
-
opaqueToken
public OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken()
-
opaqueToken
public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer> opaqueTokenCustomizer)
Enables opaque bearer token support.- Parameters:
opaqueTokenCustomizer
- theCustomizer
to provide more options for theOAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- Returns:
- the
OAuth2ResourceServerConfigurer
for further customizations
-
init
public void init(H http)
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
init
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
configure
public void configure(H http)
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
configure
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
-