Class BearerOnlyAuthenticator
java.lang.Object
org.frankframework.lifecycle.servlets.AbstractServletAuthenticator
org.frankframework.lifecycle.servlets.BearerOnlyAuthenticator
- All Implemented Interfaces:
IAuthenticator,org.springframework.beans.factory.Aware,org.springframework.context.ApplicationContextAware
Authenticator for bearer-only SSO authentication. This means that the application will not handle user login or logout, but expects the user to be
authenticated by an external identity provider (IdP) using a JWT token. This has to be provided in the HTTP Authorization header as a Bearer token.
This authenticator should be configured by setting type to 'BEARER_ONLY' and have a issuerUri or jwkSetUri defined, for example:
application.security.console.authentication.type=BEARER_ONLY
application.security.console.authentication.issuerUri=https://example.com/realms/myrealm
- Author:
- evandongen
-
Field Summary
Fields inherited from class org.frankframework.lifecycle.servlets.AbstractServletAuthenticator
ALLOW_OPTIONS_REQUESTS_KEY, DEFAULT_IBIS_ROLES, log -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.web.SecurityFilterChainconfigure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Before building, configure the FilterChain.Methods inherited from class org.frankframework.lifecycle.servlets.AbstractServletAuthenticator
build, configureHttpSecurity, getAuthorizationManager, getEnvironmentProperties, getPrivateEndpoints, registerServlet, setApplicationContext
-
Constructor Details
-
BearerOnlyAuthenticator
public BearerOnlyAuthenticator()
-
-
Method Details
-
configure
public org.springframework.security.web.SecurityFilterChain configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Description copied from class:AbstractServletAuthenticatorBefore building, configure the FilterChain.- Specified by:
configurein classAbstractServletAuthenticator- Throws:
Exception
-