Class OpaqueTokenReactiveAuthenticationManager
java.lang.Object
org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
- All Implemented Interfaces:
ReactiveAuthenticationManager
public class OpaqueTokenReactiveAuthenticationManager
extends Object
implements ReactiveAuthenticationManager
An
ReactiveAuthenticationManager
implementation for opaque
Bearer
Tokens, using an
OAuth 2.0 Introspection
Endpoint to check the token's validity and reveal its attributes.
This ReactiveAuthenticationManager
is responsible for introspecting and
verifying an opaque access token, returning its attributes set as part of the
Authentication
statement.
A ReactiveOpaqueTokenIntrospector
is responsible for retrieving token
attributes from an authorization server.
A ReactiveOpaqueTokenAuthenticationConverter
is responsible for turning a
successful introspection result into an Authentication
instance (which may
include mapping GrantedAuthority
s from token attributes or retrieving from
another source).
- Since:
- 5.2
- See Also:
-
Constructor Summary
ConstructorDescriptionCreates aOpaqueTokenReactiveAuthenticationManager
with the provided parameters -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Authentication>
authenticate
(Authentication authentication) Introspect and validate the opaque Bearer Token and then delegatesAuthentication
instantiation toReactiveOpaqueTokenAuthenticationConverter
.void
setAuthenticationConverter
(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter) Provide with a custom bean to turn successful introspection result into anAuthentication
instance of your choice.
-
Constructor Details
-
OpaqueTokenReactiveAuthenticationManager
Creates aOpaqueTokenReactiveAuthenticationManager
with the provided parameters- Parameters:
introspector
- TheReactiveOpaqueTokenIntrospector
to use
-
-
Method Details
-
authenticate
Introspect and validate the opaque Bearer Token and then delegatesAuthentication
instantiation toReactiveOpaqueTokenAuthenticationConverter
.If created Authentication is instance of
AbstractAuthenticationToken
and details are null, then introspection result details are used.- Specified by:
authenticate
in interfaceReactiveAuthenticationManager
- Parameters:
authentication
- the authentication request object.- Returns:
- A successful authentication
-
setAuthenticationConverter
public void setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter authenticationConverter) Provide with a custom bean to turn successful introspection result into anAuthentication
instance of your choice. By default,BearerTokenAuthentication
will be built.- Parameters:
authenticationConverter
- the converter to use- Since:
- 5.8
-