Class DefaultBearerTokenResolver
java.lang.Object
org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
- All Implemented Interfaces:
BearerTokenResolver
The default
BearerTokenResolver
implementation based on RFC 6750.- Since:
- 5.1
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionresolve
(jakarta.servlet.http.HttpServletRequest request) Resolve any Bearer Token value from the request.void
setAllowFormEncodedBodyParameter
(boolean allowFormEncodedBodyParameter) Set if transport of access token using form-encoded body parameter is supported.void
setAllowUriQueryParameter
(boolean allowUriQueryParameter) Set if transport of access token using URI query parameter is supported.void
setBearerTokenHeaderName
(String bearerTokenHeaderName) Set this value to configure what header is checked when resolving a Bearer Token.
-
Constructor Details
-
DefaultBearerTokenResolver
public DefaultBearerTokenResolver()
-
-
Method Details
-
resolve
Description copied from interface:BearerTokenResolver
Resolve any Bearer Token value from the request.- Specified by:
resolve
in interfaceBearerTokenResolver
- Parameters:
request
- the request- Returns:
- the Bearer Token value or
null
if none found
-
setAllowFormEncodedBodyParameter
public void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter) Set if transport of access token using form-encoded body parameter is supported. Defaults tofalse
.- Parameters:
allowFormEncodedBodyParameter
- if the form-encoded body parameter is supported
-
setAllowUriQueryParameter
public void setAllowUriQueryParameter(boolean allowUriQueryParameter) Set if transport of access token using URI query parameter is supported. Defaults tofalse
. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.- Parameters:
allowUriQueryParameter
- if the URI query parameter is supported
-
setBearerTokenHeaderName
Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted toHttpHeaders.AUTHORIZATION
. This allows other headers to be used as the Bearer Token source such asHttpHeaders.PROXY_AUTHORIZATION
- Parameters:
bearerTokenHeaderName
- the header to check when retrieving the Bearer Token.- Since:
- 5.4
-