Class X509ClientCertificateAuthenticationProvider
java.lang.Object
org.springframework.security.oauth2.server.authorization.authentication.X509ClientCertificateAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
public final class X509ClientCertificateAuthenticationProvider
extends Object
implements AuthenticationProvider
An
AuthenticationProvider implementation used for OAuth 2.0 Client
Authentication, which authenticates the client X509Certificate received when
the tls_client_auth or self_signed_tls_client_auth authentication
method is used.-
Constructor Summary
ConstructorsConstructorDescriptionX509ClientCertificateAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService) Constructs aX509ClientCertificateAuthenticationProviderusing the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication).voidsetCertificateVerifier(Consumer<OAuth2ClientAuthenticationContext> certificateVerifier) Sets theConsumerproviding access to theOAuth2ClientAuthenticationContextand is responsible for verifying the clientX509Certificateassociated in theOAuth2ClientAuthenticationToken.booleanReturnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.
-
Constructor Details
-
X509ClientCertificateAuthenticationProvider
public X509ClientCertificateAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService) Constructs aX509ClientCertificateAuthenticationProviderusing the provided parameters.- Parameters:
registeredClientRepository- the repository of registered clientsauthorizationService- the authorization service
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProviderPerforms authentication with the same contract asAuthenticationManager.authenticate(Authentication).- Specified by:
authenticatein interfaceAuthenticationProvider- Parameters:
authentication- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
nullif theAuthenticationProvideris unable to support authentication of the passedAuthenticationobject. In such a case, the nextAuthenticationProviderthat supports the presentedAuthenticationclass will be tried. - Throws:
AuthenticationException- if authentication fails.
-
supports
Description copied from interface:AuthenticationProviderReturnstrueif thisAuthenticationProvidersupports the indicatedAuthenticationobject.Returning
truedoes not guarantee anAuthenticationProviderwill be able to authenticate the presentedAuthenticationobject. It simply indicates it can support closer evaluation of it. AnAuthenticationProvidercan still returnnullfrom theAuthenticationProvider.authenticate(Authentication)method to indicate anotherAuthenticationProvidershould be tried.Selection of an
AuthenticationProvidercapable of performing authentication is conducted at runtime by theProviderManager.- Specified by:
supportsin interfaceAuthenticationProvider- Returns:
trueif the implementation can more closely evaluate theAuthenticationclass presented
-
setCertificateVerifier
Sets theConsumerproviding access to theOAuth2ClientAuthenticationContextand is responsible for verifying the clientX509Certificateassociated in theOAuth2ClientAuthenticationToken. The default implementation for thetls_client_authauthentication method verifies theexpected subject distinguished name.NOTE: If verification fails, an
OAuth2AuthenticationExceptionMUST be thrown.- Parameters:
certificateVerifier- theConsumerproviding access to theOAuth2ClientAuthenticationContextand is responsible for verifying the clientX509Certificate
-