Spring-security-oauth: Customizing token extractor for OAuth2AuthenticationProcessingFilter

Created on 15 Sep 2015  路  1Comment  路  Source: spring-projects/spring-security-oauth

We're using OAuth authentication and authorization with Spring Boot application, yet for some history reasons legacy application (not Spring Boot) cannot send the token within Authorization header of HttpRequest. So we decided to use Cookie header to send the token for authentication within each request.

All I want to do is to make OAuth2AuthenticationProcessingFilter to use my customized CookieBearerTokenExtractor instead of spring's BearerTokenExtractor.
Is that possible and how can I achieve this?

Thank you in advance

stackoverflow

Most helpful comment

after much fiddling with cookies, i managed to make something similar work by creating a custom TokenExtractor (just copy/pasted source from TokenExtractor) and storing tokens in session storage. then you just need a sessionId in your cookie, which you should already have if you are using spring-session.

here is the gist of it, it should be relatively straightforward to hack to your liking

>All comments

after much fiddling with cookies, i managed to make something similar work by creating a custom TokenExtractor (just copy/pasted source from TokenExtractor) and storing tokens in session storage. then you just need a sessionId in your cookie, which you should already have if you are using spring-session.

here is the gist of it, it should be relatively straightforward to hack to your liking

Was this page helpful?
0 / 5 - 0 ratings