Package org.springframework.security.oauth2.server.resource.authentication

Class OpaqueTokenReactiveAuthenticationManager

java.lang.Object

org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager

All Implemented Interfaces:

org.springframework.security.authentication.ReactiveAuthenticationManager

public class OpaqueTokenReactiveAuthenticationManager
extends java.lang.Object
implements org.springframework.security.authentication.ReactiveAuthenticationManager

An ReactiveAuthenticationManager implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

This ReactiveAuthenticationManager is responsible for introspecting and verifying an opaque access token, returning its attributes set as part of the Authentication statement.

A ReactiveOpaqueTokenIntrospector is responsible for retrieving token attributes from an authorization server.

A ReactiveOpaqueTokenAuthenticationConverter is responsible for turning a successful introspection result into an Authentication instance (which may include mapping GrantedAuthoritys from token attributes or retrieving from another source).

Since:

5.2

See Also:

ReactiveAuthenticationManager

Constructor Summary

Constructors

Constructor	Description
OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspector)	Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<org.springframework.security.core.Authentication>	authenticate(org.springframework.security.core.Authentication authentication)	Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.
void	setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter)	Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpaqueTokenReactiveAuthenticationManager

public OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector introspector)

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

Parameters:

introspector - The ReactiveOpaqueTokenIntrospector to use

Method Detail

authenticate

public reactor.core.publisher.Mono<org.springframework.security.core.Authentication> authenticate(org.springframework.security.core.Authentication authentication)

Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.

If created Authentication is instance of AbstractAuthenticationToken and details are null, then introspection result details are used.

Specified by:

authenticate in interface org.springframework.security.authentication.ReactiveAuthenticationManager

Parameters:

authentication - the authentication request object.

Returns:

A successful authentication

setAuthenticationConverter

public void setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter)

Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice. By default, BearerTokenAuthentication will be built.

Parameters:

authenticationConverter - the converter to use

Since:

5.8