Class IapAuthenticationAutoConfiguration
java.lang.Object
com.google.cloud.spring.autoconfigure.security.IapAuthenticationAutoConfiguration
@AutoConfiguration
@ConditionalOnProperty(value="spring.cloud.gcp.security.iap.enabled",
matchIfMissing=true)
@ConditionalOnClass(AudienceValidator.class)
@AutoConfigureBefore(org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration.class)
@AutoConfigureAfter(GcpContextAutoConfiguration.class)
@EnableConfigurationProperties(IapAuthenticationProperties.class)
public class IapAuthenticationAutoConfiguration
extends Object
Autoconfiguration for extracting pre-authenticated user identity from Google Cloud IAP header.
Provides:
- a custom
BearerTokenResolverextracting identity fromx-goog-iap-jwt-assertionheader - an ES256 web registry-based JWT token decoder bean with the following standard validations:
- Issue time
- Expiration time
- Issuer
- Audience (this validation is only enabled if running on AppEngine, or if a custom
audience is provided through
spring.cloud.gcp.security.iap.audienceproperty)
- Since:
- 1.1
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionappEngineBasedAudienceProvider(GcpProjectIdProvider projectIdProvider) audienceValidator(AudienceProvider audienceProvider) org.springframework.security.oauth2.jwt.JwtDecoderiapJwtDecoder(IapAuthenticationProperties properties, org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> validator) org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt>iapJwtDelegatingValidator(IapAuthenticationProperties properties, AudienceValidator audienceValidator) org.springframework.security.oauth2.server.resource.web.BearerTokenResolveriatTokenResolver(IapAuthenticationProperties properties)
-
Constructor Details
-
IapAuthenticationAutoConfiguration
public IapAuthenticationAutoConfiguration()
-
-
Method Details
-
iatTokenResolver
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.server.resource.web.BearerTokenResolver iatTokenResolver(IapAuthenticationProperties properties) -
propertyBasedAudienceProvider
@Bean @ConditionalOnMissingBean @ConditionalOnProperty("spring.cloud.gcp.security.iap.audience") public AudienceProvider propertyBasedAudienceProvider(IapAuthenticationProperties properties) -
appEngineBasedAudienceProvider
@Bean @ConditionalOnMissingBean @ConditionalOnGcpEnvironment({APP_ENGINE_FLEXIBLE,APP_ENGINE_STANDARD}) public AudienceProvider appEngineBasedAudienceProvider(GcpProjectIdProvider projectIdProvider) -
audienceValidator
@Bean @ConditionalOnMissingBean public AudienceValidator audienceValidator(AudienceProvider audienceProvider) -
iapJwtDelegatingValidator
@Bean @ConditionalOnMissingBean(name="iapJwtDelegatingValidator") public org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> iapJwtDelegatingValidator(IapAuthenticationProperties properties, AudienceValidator audienceValidator) -
iapJwtDecoder
@Bean @ConditionalOnMissingBean public org.springframework.security.oauth2.jwt.JwtDecoder iapJwtDecoder(IapAuthenticationProperties properties, @Qualifier("iapJwtDelegatingValidator") org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> validator)
-