Spring-security: Allow specify header in ServerBearerTokenAuthenticationConverter

Created on 6 Apr 2020 · 2Comments · Source: spring-projects/spring-security

Summary

I'd like to be able to use the current ServerBearerTokenAuthenticationConverter but want to use a different header (HttpHeaders.PROXY_AUTHORIZATION) for my Spring Cloud Gateway Instance.

Actual Behavior

Authentication must be taken from the HttpHeaders.AUTHORIZATION.

Expected Behavior

I should be able to supply what Header I would like to extract my token from. If not specified default to HttpHeaders.AUTHORIZATION.

Version

All versions, enhancement request.

Notes

These changes are straight forward and I can open a PR for these changes if deemed necessary.

oauth2 enhancement

Source

TJReinert

Most helpful comment

Sure thing. Please coach me if there are improvements desired -- first submission to an opensource project.

TJReinert on 7 Apr 2020

❤2

All 2 comments

That makes sense, @TJReinert, would you be interested in submitting a PR to add that feature?

jzheaux on 7 Apr 2020

👍1

Sure thing. Please coach me if there are improvements desired -- first submission to an opensource project.

TJReinert on 7 Apr 2020

❤2

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Embedded Netty Not Usable with Spring Security

mstoecklmayr · 3Comments

Idiomatic Kotlin DSL for configuring HTTP security

joshlong · 3Comments

Form-based login doesn't work in WebFlux + OAuth example

mraible · 3Comments

Getting "HTTP 400 Bad Request" instead of "HTTP 401 Unauthorized" for incorrect user credentials

silentsnooc · 3Comments

any difference between @Autowired AuthenticationManager and @Override configure(AuthenticationManagerBuilder auth)

lexburner · 3Comments