org.springframework.security.oauth2.provider.token.store

Class JwtAccessTokenConverter

java.lang.Object

org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter

All Implemented Interfaces:

InitializingBean, AccessTokenConverter, TokenEnhancer

public class JwtAccessTokenConverter
extends Object
implements TokenEnhancer, AccessTokenConverter, InitializingBean

Helper that translates between JWT encoded token values and OAuth authentication information (in both directions). Also acts as a TokenEnhancer when tokens are granted.

Author:

Dave Syer, Luke Taylor

See Also:

TokenEnhancer, AccessTokenConverter

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACCESS_TOKEN_ID Field name for access token id.
static String	TOKEN_ID Field name for token id.

Fields inherited from interface org.springframework.security.oauth2.provider.token.AccessTokenConverter

ATI, AUD, AUTHORITIES, CLIENT_ID, EXP, GRANT_TYPE, JTI, SCOPE

Constructor Summary

Constructors

Constructor and Description
JwtAccessTokenConverter()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet()
Map<String,?>	convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication)
protected Map<String,Object>	decode(String token)
protected String	encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication)
OAuth2AccessToken	enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) Provides an opportunity for customization of an access token (e.g. through its additional information map) during the process of creating a new token for use by a client.
OAuth2AccessToken	extractAccessToken(String value, Map<String,?> map) Recover an access token from the converted value.
OAuth2Authentication	extractAuthentication(Map<String,?> map) Recover an OAuth2Authentication from the converted access token.
AccessTokenConverter	getAccessTokenConverter()
JwtClaimsSetVerifier	getJwtClaimsSetVerifier()
Map<String,String>	getKey() Get the verification key for the token signatures.
boolean	isPublic()
boolean	isRefreshToken(OAuth2AccessToken token)
void	setAccessTokenConverter(AccessTokenConverter tokenConverter)
void	setJwtClaimsSetVerifier(JwtClaimsSetVerifier jwtClaimsSetVerifier)
void	setKeyPair(KeyPair keyPair)
void	setSigner(org.springframework.security.jwt.crypto.sign.Signer signer) Unconditionally set the signer to use (if needed).
void	setSigningKey(String key) Sets the JWT signing key.
void	setVerifier(org.springframework.security.jwt.crypto.sign.SignatureVerifier verifier) Unconditionally set the verifier (the verifer key is then ignored).
void	setVerifierKey(String key) The key used for verifying signatures produced by this class.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_ID

public static final String TOKEN_ID

Field name for token id.

See Also:

Constant Field Values

ACCESS_TOKEN_ID

public static final String ACCESS_TOKEN_ID

Field name for access token id.

See Also:

Constant Field Values

Constructor Detail

JwtAccessTokenConverter

public JwtAccessTokenConverter()

Method Detail

setAccessTokenConverter

public void setAccessTokenConverter(AccessTokenConverter tokenConverter)

Parameters:

tokenConverter - the tokenConverter to set

getAccessTokenConverter

public AccessTokenConverter getAccessTokenConverter()

Returns:

the tokenConverter in use

getJwtClaimsSetVerifier

public JwtClaimsSetVerifier getJwtClaimsSetVerifier()

Returns:

the JwtClaimsSetVerifier used to verify the claim(s) in the JWT Claims Set

setJwtClaimsSetVerifier

public void setJwtClaimsSetVerifier(JwtClaimsSetVerifier jwtClaimsSetVerifier)

Parameters:

jwtClaimsSetVerifier - the JwtClaimsSetVerifier used to verify the claim(s) in the JWT Claims Set

convertAccessToken

public Map<String,?> convertAccessToken(OAuth2AccessToken token,
                               OAuth2Authentication authentication)

Specified by:

convertAccessToken in interface AccessTokenConverter

Parameters:

token - an access token

authentication - the current OAuth authentication

Returns:

a map representation of the token suitable for a JSON response

extractAccessToken

public OAuth2AccessToken extractAccessToken(String value,
                                   Map<String,?> map)

Description copied from interface: AccessTokenConverter

Recover an access token from the converted value. Half the inverse of AccessTokenConverter.convertAccessToken(OAuth2AccessToken, OAuth2Authentication).

Specified by:

extractAccessToken in interface AccessTokenConverter

Parameters:

value - the token value

map - information decoded from an access token

Returns:

an access token

extractAuthentication

public OAuth2Authentication extractAuthentication(Map<String,?> map)

Description copied from interface: AccessTokenConverter

Recover an OAuth2Authentication from the converted access token. Half the inverse of AccessTokenConverter.convertAccessToken(OAuth2AccessToken, OAuth2Authentication).

Specified by:

extractAuthentication in interface AccessTokenConverter

Parameters:

map - information decoded from an access token

Returns:

an authentication representing the client and user (if there is one)

setVerifier

public void setVerifier(org.springframework.security.jwt.crypto.sign.SignatureVerifier verifier)

Unconditionally set the verifier (the verifer key is then ignored).

Parameters:

verifier - the value to use

setSigner

public void setSigner(org.springframework.security.jwt.crypto.sign.Signer signer)

Unconditionally set the signer to use (if needed). The signer key is then ignored.

Parameters:

signer - the value to use

getKey

public Map<String,String> getKey()

Get the verification key for the token signatures.

Returns:

the key used to verify tokens

setKeyPair

public void setKeyPair(KeyPair keyPair)

setSigningKey

public void setSigningKey(String key)

Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys should be in OpenSSH format, as produced by ssh-keygen.

Parameters:

key - the key to be used for signing JWTs.

isPublic

public boolean isPublic()

Returns:

true if the signing key is a public key

setVerifierKey

public void setVerifierKey(String key)

The key used for verifying signatures produced by this class. This is not used but is returned from the endpoint to allow resource servers to obtain the key. For an HMAC key it will be the same value as the signing key and does not need to be set. For and RSA key, it should be set to the String representation of the public key, in a standard format (e.g. OpenSSH keys)

Parameters:

key - the signature verification key (typically an RSA public key)

enhance

public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
                        OAuth2Authentication authentication)

Description copied from interface: TokenEnhancer

Provides an opportunity for customization of an access token (e.g. through its additional information map) during the process of creating a new token for use by a client.

Specified by:

enhance in interface TokenEnhancer

Parameters:

accessToken - the current access token with its expiration and refresh token

authentication - the current authentication including client and user details

Returns:

a new token enhanced with additional information

isRefreshToken

public boolean isRefreshToken(OAuth2AccessToken token)

encode

protected String encode(OAuth2AccessToken accessToken,
            OAuth2Authentication authentication)

decode

protected Map<String,Object> decode(String token)

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception