@Configuration(proxyBeanMethods=false) @ConditionalOnProperty(value="spring.cloud.gcp.security.iap.enabled", matchIfMissing=true) @ConditionalOnClass(value=AudienceValidator.class) @AutoConfigureBefore(value=org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration.class) @AutoConfigureAfter(value=GcpContextAutoConfiguration.class) @EnableConfigurationProperties(value=IapAuthenticationProperties.class) public class IapAuthenticationAutoConfiguration extends Object
Provides:
BearerTokenResolver
extracting identity from x-goog-iap-jwt-assertion
header
spring.cloud.gcp.security.iap.audience
property)
If a custom WebSecurityConfigurerAdapter
is present, it must add .oauth2ResourceServer().jwt()
customization to HttpSecurity
object. If no
custom WebSecurityConfigurerAdapter
is found,
Spring Boot's default OAuth2ResourceServerWebSecurityConfiguration
will add this customization.
Constructor and Description |
---|
IapAuthenticationAutoConfiguration() |
Modifier and Type | Method and Description |
---|---|
AudienceProvider |
appEngineBasedAudienceProvider(GcpProjectIdProvider projectIdProvider) |
AudienceValidator |
audienceValidator(AudienceProvider audienceProvider) |
org.springframework.security.oauth2.jwt.JwtDecoder |
iapJwtDecoder(IapAuthenticationProperties properties,
org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> validator) |
org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> |
iapJwtDelegatingValidator(IapAuthenticationProperties properties,
AudienceValidator audienceValidator) |
org.springframework.security.oauth2.server.resource.web.BearerTokenResolver |
iatTokenResolver(IapAuthenticationProperties properties) |
AudienceProvider |
propertyBasedAudienceProvider(IapAuthenticationProperties properties) |
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.server.resource.web.BearerTokenResolver iatTokenResolver(IapAuthenticationProperties properties)
@Bean @ConditionalOnMissingBean @ConditionalOnProperty(value="spring.cloud.gcp.security.iap.audience") public AudienceProvider propertyBasedAudienceProvider(IapAuthenticationProperties properties)
@Bean @ConditionalOnMissingBean @ConditionalOnGcpEnvironment(value={APP_ENGINE_FLEXIBLE,APP_ENGINE_STANDARD}) public AudienceProvider appEngineBasedAudienceProvider(GcpProjectIdProvider projectIdProvider)
@Bean @ConditionalOnMissingBean public AudienceValidator audienceValidator(AudienceProvider audienceProvider)
@Bean @ConditionalOnMissingBean(name="iapJwtDelegatingValidator") public org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> iapJwtDelegatingValidator(IapAuthenticationProperties properties, AudienceValidator audienceValidator)
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.jwt.JwtDecoder iapJwtDecoder(IapAuthenticationProperties properties, @Qualifier(value="iapJwtDelegatingValidator") org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> validator)
Copyright © 2020 Pivotal Software, Inc.. All rights reserved.