TokenValueResolver (Jmix-all 2.7 API)

java.lang.Object

io.jmix.authserver.authentication.TokenValueResolver

public class TokenValueResolver extends Object

Provides an ability to extract token value from HttpServletRequest. Based on DefaultBearerTokenResolver with additional customizations.

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static class

TokenValueResolver.Builder
Field Summary

Fields

Modifier and Type

Field

Description

protected final String

bodyFormParameterName

protected final boolean

bodyFormParameterSupportEnabled

protected final String

headerName

protected final String

urlParameterName

protected final boolean

urlParameterSupportEnabled
Method Summary

Modifier and Type

Method

Description

static TokenValueResolver.Builder

builder()

String

resolve(jakarta.servlet.http.HttpServletRequest request)

Extracts token value from HttpServletRequest.

protected String

resolveTokenFromBodyParameter(jakarta.servlet.http.HttpServletRequest request)

protected String

resolveTokenFromHeader(jakarta.servlet.http.HttpServletRequest request)

protected String

resolveTokenFromUrlParameter(jakarta.servlet.http.HttpServletRequest request)

protected String

resolveTokenInternal(String... accessTokens)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- headerName
  
  protected final String headerName
- urlParameterName
  
  protected final String urlParameterName
- bodyFormParameterName
  
  protected final String bodyFormParameterName
- urlParameterSupportEnabled
  
  protected final boolean urlParameterSupportEnabled
- bodyFormParameterSupportEnabled
  
  protected final boolean bodyFormParameterSupportEnabled
Method Details
- builder
  
  public static TokenValueResolver.Builder builder()
- resolve
  
  @Nullable public String resolve(jakarta.servlet.http.HttpServletRequest request)
  Extracts token value from HttpServletRequest. It will check the following places:
  
  Header. 'Authorization' by default
  
  URL parameter. 'token' by default
  
  Body form parameter. 'token' by default
  
  Only header check is enabled by default. The rest should be enabled explicitly via builder.
  Parameters:
  
  request - HttpServletRequest
  
  Returns:
  
  token value or null if no token was resolved
- resolveTokenFromHeader
  
  @Nullable protected String resolveTokenFromHeader(jakarta.servlet.http.HttpServletRequest request)
- resolveTokenFromUrlParameter
  
  @Nullable protected String resolveTokenFromUrlParameter(jakarta.servlet.http.HttpServletRequest request)
- resolveTokenFromBodyParameter
  
  @Nullable protected String resolveTokenFromBodyParameter(jakarta.servlet.http.HttpServletRequest request)
- resolveTokenInternal
  
  @Nullable protected String resolveTokenInternal(String... accessTokens)