Reputation: 1226
How to add a custom AuthenticationDetailsSource to BearerTokenAuthenticationFilter?
The BearerTokenAuthenticationFilter uses an AuthenticationDetailsSource to build the details of an authentication request:
authenticationRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
I am implicitly using the OAuth2ResourceServerConfigurer, provided by spring-security-config-5.7.2, which sadly doesn't consider a developer-defined AuthenticationDetailsSource:
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver);
filter.setBearerTokenResolver(bearerTokenResolver);
filter.setAuthenticationEntryPoint(this.authenticationEntryPoint);
filter = postProcess(filter);
http.addFilter(filter);
I confirm that the BearerTokenAuthenticationFilter has the setter I need:
setAuthenticationDetailsSource()
But I am unable to find a proper and simple way of using the setter (or any other way) to use a custom AuthenticationDetailsSource for that specific filter. I am trying to avoid creating a new filter or a new configuration.
What I have tried:
- Went to github to see if there are any new versions - there are none unfortunately.
- Tried to autowire the spring security filter chain and directly set the AuthenticationDetailsSource for the filter, but with no success so far.
Is there someone who managed to easily set the AuthenticationDetailsSource for a BearerTokenAuthenticationFilter?
Later edit
I have posted this question as a github issue for the Spring Security team: https://github.com/spring-projects/spring-security/issues/11655
According to jzheaux@GitHub and as pointed in the accepted answer, I successfully used an ObjectPostProcessor:
http
.oauth2ResourceServer((oauth2) -> oauth2
.jwt(withDefaults())
.withObjectPostProcessor(new ObjectPostProcessor<BearerTokenAuthenticationFilter>() {
@Override
public BearerTokenAuthenticationFilter postProcess(BearerTokenAuthenticationFilter object) {
object.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
return object;
}
});
Upvotes: 2
Views: 2052
Answers (1)
Reputation: 26
To set your own AuthenticationDetailsSource, create ObjectPostProcessor class, where you can use setAuthenticationDetailsSource:
public class MyObjectPostProcessor implements ObjectPostProcessor<BearerTokenAuthenticationFilter> {
@Override
public <O extends BearerTokenAuthenticationFilter> O postProcess(O filter) {
filter.setAuthenticationDetailsSource(new MyAuthenticationDetailsSource());
return filter;
}
}
Then you can set MyObjectPostProcessor when creating SecurityFilterChain configuration:
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.oauth2ResourceServer()
.withObjectPostProcessor(new MyObjectPostProcessor());
return http.build();
}
}
Upvotes: 1
Related Questions
- How to make a custom UsernamePasswordAuthenticationFilter register at an endpoint other than /login?
- How to set authentication failure handler on BearerTokenAuthenticationFilter?
- Spring security oauth2 - add filter after oauth/token call
- Set custom login url in Spring Security UsernamePasswordAuthenticationFilter JWT authentication
- Spring Boot OAuth2 with custom security filter
- How to register a custom BasicAuthenticationFilter AuthenticationProvider in Spring Boot using Spring Security OAuth2
- how to use a setter instead of New JWTAuthenticationFilter in SecurityConfig.java
- Spring OAuth2 Auth Server: a specific /oauth/token filter?
- Setting a custom AuthenticationDetailsSource on the Spring Oauth2 Token Endpoint
- How to delegate an authentication-manager to a specific CustomUserDetailsService, based on the RequestHeaderAuthenticationFilter?