Class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<OAuth2ResourceServerConfigurer<H>,H>
An
AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.
By default, this wires a BearerTokenAuthenticationFilter, which can be used to
parse the request for bearer tokens and make an authentication attempt.
The following configuration options are available:
accessDeniedHandler(AccessDeniedHandler) - customizes how access
denied errors are handled
authenticationEntryPoint(AuthenticationEntryPoint) - customizes how
authentication failures are handled
bearerTokenResolver(BearerTokenResolver)- customizes how to resolve a bearer token from the requestjwt(Customizer)- enables Jwt-encoded bearer token supportopaqueToken(Customizer)- enables opaque bearer token support
When using jwt(Customizer), either
- supply a Jwk Set Uri via
OAuth2ResourceServerConfigurer.JwtConfigurer.jwkSetUri(java.lang.String), or - supply a
JwtDecoderinstance viaOAuth2ResourceServerConfigurer.JwtConfigurer.decoder, or - expose a
JwtDecoderbean
jwt(Customizer) consider
- customizing the conversion from a
Jwtto anAuthenticationwithOAuth2ResourceServerConfigurer.JwtConfigurer.jwtAuthenticationConverter(Converter)
When using opaqueToken(Customizer), supply an introspection endpoint and its
authentication configuration
Security Filters
The followingFilters are populated when jwt(Customizer) is
configured:
Shared Objects Created
The following shared objects are populated:SessionCreationPolicy(optional)
Shared Objects Used
The following shared objects are used:- Since:
- 5.1
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionclassclass -
Constructor Summary
ConstructorsConstructorDescriptionOAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context) -
Method Summary
Modifier and TypeMethodDescriptionaccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) authenticationEntryPoint(AuthenticationEntryPoint entryPoint) authenticationManagerResolver(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) bearerTokenResolver(BearerTokenResolver bearerTokenResolver) voidConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.voidInitialize theSecurityBuilder.jwt()jwt(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.opaqueToken(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
OAuth2ResourceServerConfigurer
public OAuth2ResourceServerConfigurer(org.springframework.context.ApplicationContext context)
-
-
Method Details
-
accessDeniedHandler
public OAuth2ResourceServerConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) -
authenticationEntryPoint
public OAuth2ResourceServerConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint entryPoint) -
authenticationManagerResolver
public OAuth2ResourceServerConfigurer<H> authenticationManagerResolver(AuthenticationManagerResolver<jakarta.servlet.http.HttpServletRequest> authenticationManagerResolver) -
bearerTokenResolver
public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(BearerTokenResolver bearerTokenResolver) -
jwt
-
jwt
public OAuth2ResourceServerConfigurer<H> jwt(Customizer<OAuth2ResourceServerConfigurer<H>.JwtConfigurer> jwtCustomizer) Enables Jwt-encoded bearer token support.- Parameters:
jwtCustomizer- theCustomizerto provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.JwtConfigurer- Returns:
- the
OAuth2ResourceServerConfigurerfor further customizations
-
opaqueToken
-
opaqueToken
public OAuth2ResourceServerConfigurer<H> opaqueToken(Customizer<OAuth2ResourceServerConfigurer<H>.OpaqueTokenConfigurer> opaqueTokenCustomizer) Enables opaque bearer token support.- Parameters:
opaqueTokenCustomizer- theCustomizerto provide more options for theOAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>>.OpaqueTokenConfigurer- Returns:
- the
OAuth2ResourceServerConfigurerfor further customizations
-
init
Description copied from interface:SecurityConfigurerInitialize theSecurityBuilder. Here only shared state should be created and modified, but not properties on theSecurityBuilderused for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
initin interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
initin classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
configure
Description copied from interface:SecurityConfigurerConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.- Specified by:
configurein interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
configurein classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-