Skip to content

Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824

Closed
@qavid

Description

@qavid

Expected Behavior

Rename bearerTokenConverter (and setter) to more generic name, eg. serverAuthenticationConverter
Rename BearerTokenServerWebExchangeMatcher to more generic name eg. AuthenticationServerWebExchangeMatcher and make it public.

Then, AuthenticationServerWebExchangeMatcher can be used as a securityMatcher when configuring SecurityFilterChain and also as matcher for authentication entry point, access denied handler and CSRF protection in OAuth2ResourceServerSpec.

Current Behavior

BearerTokenServerWebExchangeMatcher is private class in OAuth2ResourceServerSpec and is used as a matcher only for authentication entry point, access denied handler and CSRF protection.

It's necessary to create custom ServerWebExchangeMatcher which is almost identical with BearerTokenServerWebExchangeMatcher.

Context

We have defined multiple SecurityFilterChains, each has security matcher based on currently used authentication method.

private SecurityWebFilterChain httpBasicSecurityFilterChain(ServerHttpSecurity http) {
    http.securityMatcher(new AuthenticationServerWebExchangeMatcher(new ServerHttpBasicAuthenticationConverter()));
    // some configuration
    return http.build();
}

private SecurityWebFilterChain oauth2SecurityFilterChain(ServerHttpSecurity http) {
    http.securityMatcher(new AuthenticationServerWebExchangeMatcher(new ServerBearerTokenAuthenticationConverter()));
    // some configuration
    return http.build();
}

private SecurityWebFilterChain x509SecurityFilterChain(ServerHttpSecurity http) {
    http.securityMatcher(new AuthenticationServerWebExchangeMatcher(new ServerX509AuthenticationConverter(extractor)));
    // some configuration
    return http.build();
}

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions