Spring Security OAuth2ResourceServerConfigurer should resolve custom AuthenticationDetailsSource for BearerTokenAuthenticationFilter

Expected Behavior

The OAuth2ResourceServerConfigurer class should be able to resolve a custom, developer-defined AuthenticationDetailsSource bean for when instantiating the BearerTokenAuthenticationFilter:

BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(resolver); filter.setBearerTokenResolver(bearerTokenResolver); filter.setAuthenticationEntryPoint(this.authenticationEntryPoint); filter = postProcess(filter); http.addFilter(filter);

Current Behavior

Right now, only a custom bearer token resolver can be resolved.

Context How has this issue affected you? I have a special requirement (http request header) that would fit in the token details.

Are you aware of any workarounds? Yes. You can create a separate config with lowest precedence, autowire the spring-security filter chain, programmatically find the BearerTokenAuthenticationFilter and then set the custom AuthenticationDetailsSource.

Comment From: jzheaux

Hi, @raduromaniuc. Thanks for reaching out.

The AuthenticationDetailsSource can be configured like so:

http
    .oauth2ResourceServer((oauth2) -> oauth2
        .jwt(withDefaults())
        .withObjectPostProcessor(new ObjectPostProcessor<BearerTokenAuthenticationFilter>() {
            @Override
            public BearerTokenAuthenticationFilter postProcess(BearerTokenAuthenticationFilter object) {
                object.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
                return object;
            }
        });

Customizing AuthenticationDetailsSource seems uncommon enough to leave the configuration as-is. As such, I'm going to close the issue. However, let me know if I've missed something and we can always reopen.