|
|
@@ -33,3 +33,46 @@ SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
|
|
|
----
|
|
|
|
|
|
You can now leverage Spring Security's <<webclient>> or <<webflux-roac,@RegisteredOAuth2AuthorizedClient>> support to obtain and use the access token.
|
|
|
+
|
|
|
+== BearerTokenResolver
|
|
|
+
|
|
|
+With interface BearerTokenResolver you can provide a strategy to resolve a bearer token.
|
|
|
+
|
|
|
+The interface provides the next method:
|
|
|
+
|
|
|
+[source,java]
|
|
|
+----
|
|
|
+/**
|
|
|
+* Resolve any <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>
|
|
|
+* value from the request.
|
|
|
+*
|
|
|
+* @param request the request
|
|
|
+* @return the Bearer Token value or {@code null} if none found
|
|
|
+* @throws OAuth2AuthenticationException if the found token is invalid
|
|
|
+*/
|
|
|
+String resolve(HttpServletRequest request);
|
|
|
+----
|
|
|
+
|
|
|
+In code base, you can find two implementation of this interface:
|
|
|
+HeaderBearerTokenResolver and DefaultBearerTokenResolver (based on RFC 6750).
|
|
|
+
|
|
|
+Below you can see HeaderBearerTokenResolver, it takes a bearer token from request by header
|
|
|
+which was passed in constructor
|
|
|
+
|
|
|
+[source,java]
|
|
|
+----
|
|
|
+public class HeaderBearerTokenResolver implements BearerTokenResolver {
|
|
|
+
|
|
|
+ private String header;
|
|
|
+
|
|
|
+ public HeaderBearerTokenResolver(String header) {
|
|
|
+ Assert.hasText(header, "header cannot be empty");
|
|
|
+ this.header = header;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public String resolve(HttpServletRequest request) {
|
|
|
+ return request.getHeader(this.header);
|
|
|
+ }
|
|
|
+}
|
|
|
+----
|
kostya05983