We're using OAuth authentication and authorization with Spring Boot application, yet for some history reasons legacy application (not Spring Boot) cannot send the token within Authorization header of HttpRequest. So we decided to use Cookie header to send the token for authentication within each request.
All I want to do is to make OAuth2AuthenticationProcessingFilter to use my customized CookieBearerTokenExtractor instead of spring's BearerTokenExtractor.
Is that possible and how can I achieve this?
Thank you in advance
after much fiddling with cookies, i managed to make something similar work by creating a custom TokenExtractor (just copy/pasted source from TokenExtractor) and storing tokens in session storage. then you just need a sessionId in your cookie, which you should already have if you are using spring-session.
here is the gist of it, it should be relatively straightforward to hack to your liking
Most helpful comment
after much fiddling with cookies, i managed to make something similar work by creating a custom TokenExtractor (just copy/pasted source from TokenExtractor) and storing tokens in session storage. then you just need a sessionId in your cookie, which you should already have if you are using spring-session.
here is the gist of it, it should be relatively straightforward to hack to your liking