Package org.frankframework.lifecycle.servlets

Class BearerOnlyAuthenticator

java.lang.Object
org.frankframework.lifecycle.servlets.AbstractServletAuthenticator
org.frankframework.lifecycle.servlets.BearerOnlyAuthenticator
All Implemented Interfaces:
IAuthenticator, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware
public class BearerOnlyAuthenticator extends AbstractServletAuthenticator
Authenticator for bearer-only SSO authentication. This means that the application will not handle user login or logout, but expects the user to be authenticated by an external identity provider (IdP) using a JWT token. This has to be provided in the HTTP Authorization header as a Bearer token.

This authenticator should be configured by setting type to 'BEARER_ONLY' and have a issuerUri or jwkSetUri defined, for example: 


 application.security.console.authentication.type=BEARER_ONLY
 application.security.console.authentication.issuerUri=https://example.com/realms/myrealm

Possibly, other optional settings might need to be applied as well. For example, when using Keycloak as IdP, the following settings are common: 


 application.security.console.authentication.userNameAttributeName=preferred_username
 application.security.console.authentication.authoritiesClaimName=realm_access.roles

Author:
evandongen

  • Constructor Details

    • BearerOnlyAuthenticator

      public BearerOnlyAuthenticator()

  • Method Details

    • configure

      public org.springframework.security.web.SecurityFilterChain configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Description copied from class: AbstractServletAuthenticator
      Before building, configure the FilterChain.
      Specified by:
      configure in class AbstractServletAuthenticator
      Throws:
      Exception

    • jwtAuthenticationConverter

      public org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter jwtAuthenticationConverter()