From 69a4848850a2b9c93e5bd2d05681e4e9ffed748b Mon Sep 17 00:00:00 2001 From: kostya05983 Date: Sun, 11 Aug 2019 23:46:23 +0700 Subject: [PATCH] BearerTokenResolver Docs Fixes gh-6254 --- .../reactive/oauth2/access-token.adoc | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc index cdefccc337..c2396a9fd6 100644 --- a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc @@ -33,3 +33,46 @@ SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception { ---- You can now leverage Spring Security's <> or <> support to obtain and use the access token. + +== BearerTokenResolver + +With interface BearerTokenResolver you can provide a strategy to resolve a bearer token. + +The interface provides the next method: + +[source,java] +---- +/** +* Resolve any Bearer Token +* value from the request. +* +* @param request the request +* @return the Bearer Token value or {@code null} if none found +* @throws OAuth2AuthenticationException if the found token is invalid +*/ +String resolve(HttpServletRequest request); +---- + +In code base, you can find two implementation of this interface: +HeaderBearerTokenResolver and DefaultBearerTokenResolver (based on RFC 6750). + +Below you can see HeaderBearerTokenResolver, it takes a bearer token from request by header +which was passed in constructor + +[source,java] +---- +public class HeaderBearerTokenResolver implements BearerTokenResolver { + + private String header; + + public HeaderBearerTokenResolver(String header) { + Assert.hasText(header, "header cannot be empty"); + this.header = header; + } + + @Override + public String resolve(HttpServletRequest request) { + return request.getHeader(this.header); + } +} +----