Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x'

Browse Source
This commit is contained in:
Steve Riesenberg
2022-09-13 17:38:10 -05:00
parent b65b59d46c 355ef21117
commit 2431dd1103
19 changed files with 552 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
+4
View File
@@ -1324,6 +1324,10 @@ The Client Id to use for client authentication against the provided `introspecti
* **client-secret**
The Client Secret to use for client authentication against the provided `introspection-uri`.
[[nsa-opaque-token-authentication-converter-ref]]
* **authentication-converter-ref**
Reference to an `OpaqueTokenAuthenticationConverter`. Responsible for converting successful introspection result into an `Authentication` instance.
[[nsa-relying-party-registrations]]
== <relying-party-registrations>
docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc
+18 -3
View File
@@ -297,11 +297,13 @@ fun introspector(): OpaqueTokenIntrospector {
----
====
If the application doesn't expose a <<oauth2resourceserver-opaque-architecture-introspector,`OpaqueTokenIntrospector`>> bean, then Spring Boot will expose the above default one.
If the application doesn't expose an <<oauth2resourceserver-opaque-architecture-introspector,`OpaqueTokenIntrospector`>> bean, then Spring Boot will expose the above default one.
And its configuration can be overridden using `introspectionUri()` and `introspectionClientCredentials()` or replaced using `introspector()`.
Or, if you're not using Spring Boot at all, then both of these components - the filter chain and a <<oauth2resourceserver-opaque-architecture-introspector,`OpaqueTokenIntrospector`>> can be specified in XML.
If the application doesn't expose an `OpaqueTokenAuthenticationConverter` bean, then spring-security will build `BearerTokenAuthentication`.
Or, if you're not using Spring Boot at all, then all of these components - the filter chain, an <<oauth2resourceserver-opaque-architecture-introspector,`OpaqueTokenIntrospector`>> and an `OpaqueTokenAuthenticationConverter` can be specified in XML.
The filter chain is specified like so:
@@ -313,7 +315,8 @@ The filter chain is specified like so:
<http>
<intercept-uri pattern="/**" access="authenticated"/>
<oauth2-resource-server>
<opaque-token introspector-ref="opaqueTokenIntrospector"/>
<opaque-token introspector-ref="opaqueTokenIntrospector"
authentication-converter-ref="opaqueTokenAuthenticationConverter"/>
</oauth2-resource-server>
</http>
----
@@ -335,6 +338,18 @@ And the <<oauth2resourceserver-opaque-architecture-introspector,`OpaqueTokenIntr
----
====
And the `OpaqueTokenAuthenticationConverter` like so:
.Opaque Token Authentication Converter
====
.Xml
[source,xml,role="primary"]
----
<bean id="opaqueTokenAuthenticationConverter"
class="com.example.CustomOpaqueTokenAuthenticationConverter"/>
----
====
[[oauth2resourceserver-opaque-introspectionuri-dsl]]
=== Using `introspectionUri()`