kostya05983
Josh Cummings
parent
2e2554a8c3
commit
69a4848850
|
|
@ -33,3 +33,46 @@ SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
|
|||
----
|
||||
|
||||
You can now leverage Spring Security's <<webclient>> or <<webflux-roac,@RegisteredOAuth2AuthorizedClient>> support to obtain and use the access token.
|
||||
|
||||
== BearerTokenResolver
|
||||
|
||||
With interface BearerTokenResolver you can provide a strategy to resolve a bearer token.
|
||||
|
||||
The interface provides the next method:
|
||||
|
||||
[source,java]
|
||||
----
|
||||
/**
|
||||
* Resolve any <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
|
||||
* value from the request.
|
||||
*
|
||||
* @param request the request
|
||||
* @return the Bearer Token value or {@code null} if none found
|
||||
* @throws OAuth2AuthenticationException if the found token is invalid
|
||||
*/
|
||||
String resolve(HttpServletRequest request);
|
||||
----
|
||||
|
||||
In code base, you can find two implementation of this interface:
|
||||
HeaderBearerTokenResolver and DefaultBearerTokenResolver (based on RFC 6750).
|
||||
|
||||
Below you can see HeaderBearerTokenResolver, it takes a bearer token from request by header
|
||||
which was passed in constructor
|
||||
|
||||
[source,java]
|
||||
----
|
||||
public class HeaderBearerTokenResolver implements BearerTokenResolver {
|
||||
|
||||
private String header;
|
||||
|
||||
public HeaderBearerTokenResolver(String header) {
|
||||
Assert.hasText(header, "header cannot be empty");
|
||||
this.header = header;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String resolve(HttpServletRequest request) {
|
||||
return request.getHeader(this.header);
|
||||
}
|
||||
}
|
||||
----
|
||||
|
|
|
|||
Loading…
Reference in New Issue