Class DefaultBearerTokenResolver

java.lang.Object
org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
All Implemented Interfaces:
BearerTokenResolver

public final class DefaultBearerTokenResolver extends Object implements BearerTokenResolver
The default BearerTokenResolver implementation based on RFC 6750.
Since:
5.1
See Also:
  • Constructor Details

    • DefaultBearerTokenResolver

      public DefaultBearerTokenResolver()
  • Method Details

    • resolve

      public String resolve(jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: BearerTokenResolver
      Resolve any Bearer Token value from the request.
      Specified by:
      resolve in interface BearerTokenResolver
      Parameters:
      request - the request
      Returns:
      the Bearer Token value or null if none found
    • setAllowFormEncodedBodyParameter

      public void setAllowFormEncodedBodyParameter(boolean allowFormEncodedBodyParameter)
      Set if transport of access token using form-encoded body parameter is supported. Defaults to false.
      Parameters:
      allowFormEncodedBodyParameter - if the form-encoded body parameter is supported
    • setAllowUriQueryParameter

      public void setAllowUriQueryParameter(boolean allowUriQueryParameter)
      Set if transport of access token using URI query parameter is supported. Defaults to false. The spec recommends against using this mechanism for sending bearer tokens, and even goes as far as stating that it was only included for completeness.
      Parameters:
      allowUriQueryParameter - if the URI query parameter is supported
    • setBearerTokenHeaderName

      public void setBearerTokenHeaderName(String bearerTokenHeaderName)
      Set this value to configure what header is checked when resolving a Bearer Token. This value is defaulted to HttpHeaders.AUTHORIZATION. This allows other headers to be used as the Bearer Token source such as HttpHeaders.PROXY_AUTHORIZATION
      Parameters:
      bearerTokenHeaderName - the header to check when retrieving the Bearer Token.
      Since:
      5.4