JwkTokenStore (OAuth for Spring Security 2.4.0.BUILD-SNAPSHOT API)

java.lang.Object
- org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore

All Implemented Interfaces:

TokenStore
```
public final class JwkTokenStore
extends Object
implements TokenStore
```
A TokenStore implementation that provides support for verifying the JSON Web Signature (JWS) for a JSON Web Token (JWT) using a JSON Web Key (JWK).

This TokenStore implementation is exclusively meant to be used by a Resource Server as it's sole responsibility is to decode a JWT and verify it's signature (JWS) using the corresponding JWK.

NOTE: There are a few operations defined by TokenStore that are not applicable for a Resource Server. In these cases, the method implementation will explicitly throw a JwkException reporting "This operation is not supported".

The unsupported operations are as follows:
This implementation delegates to an internal instance of a JwtTokenStore which uses a specialized extension of JwtAccessTokenConverter. This specialized JwtAccessTokenConverter is capable of fetching (and caching) the JWK Set (a set of JWKs) from the URL supplied to the constructor of this implementation.

The JwtAccessTokenConverter will verify the JWS in the following step sequence:
1. Extract the "kid" parameter from the JWT header.
2. Find the matching JWK with the corresponding "kid" attribute.
3. Obtain the SignatureVerifier associated with the JWK and verify the signature.
NOTE: The algorithms currently supported by this implementation are: RS256, RS384 and RS512.
Author:

Joe Grandja

See Also:
JwtTokenStore, JSON Web Key (JWK), JSON Web Token (JWT), JSON Web Signature (JWS)

Constructor Summary

Constructors
Constructor and Description
`JwkTokenStore(List<String> jwkSetUrls)` Creates a new instance using the provided URLs as the location for the JWK Sets.
`JwkTokenStore(List<String> jwkSetUrls, AccessTokenConverter accessTokenConverter, JwtClaimsSetVerifier jwtClaimsSetVerifier)` Creates a new instance using the provided URLs as the location for the JWK Sets and a custom `AccessTokenConverter` and `JwtClaimsSetVerifier`.
`JwkTokenStore(String jwkSetUrl)` Creates a new instance using the provided URL as the location for the JWK Set.
`JwkTokenStore(String jwkSetUrl, AccessTokenConverter accessTokenConverter)` Creates a new instance using the provided URL as the location for the JWK Set and a custom `AccessTokenConverter`.
`JwkTokenStore(String jwkSetUrl, AccessTokenConverter accessTokenConverter, JwtClaimsSetVerifier jwtClaimsSetVerifier)` Creates a new instance using the provided URL as the location for the JWK Set and a custom `AccessTokenConverter` and `JwtClaimsSetVerifier`.
`JwkTokenStore(String jwkSetUrl, JwtClaimsSetVerifier jwtClaimsSetVerifier)` Creates a new instance using the provided URL as the location for the JWK Set and a custom `JwtClaimsSetVerifier`.

Method Summary

Methods
Modifier and Type	Method and Description
`Collection<OAuth2AccessToken>`	`findTokensByClientId(String clientId)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`Collection<OAuth2AccessToken>`	`findTokensByClientIdAndUserName(String clientId, String userName)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`OAuth2AccessToken`	`getAccessToken(OAuth2Authentication authentication)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`OAuth2AccessToken`	`readAccessToken(String tokenValue)` Delegates to the internal instance `JwtTokenStore.readAccessToken(String)`.
`OAuth2Authentication`	`readAuthentication(OAuth2AccessToken token)` Delegates to the internal instance `JwtTokenStore.readAuthentication(OAuth2AccessToken)`.
`OAuth2Authentication`	`readAuthentication(String tokenValue)` Delegates to the internal instance `JwtTokenStore.readAuthentication(String)`.
`OAuth2Authentication`	`readAuthenticationForRefreshToken(OAuth2RefreshToken token)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`OAuth2RefreshToken`	`readRefreshToken(String tokenValue)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`void`	`removeAccessToken(OAuth2AccessToken token)` Delegates to the internal instance `JwtTokenStore.removeAccessToken(OAuth2AccessToken)`.
`void`	`removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`void`	`removeRefreshToken(OAuth2RefreshToken token)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`void`	`storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.
`void`	`storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication)` This operation is not applicable for a Resource Server and if called, will throw a `JwkException`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JwkTokenStore
```
public JwkTokenStore(String jwkSetUrl)
```
    Creates a new instance using the provided URL as the location for the JWK Set.
    
    Parameters:
    jwkSetUrl - the JWK Set URL
  - JwkTokenStore
```
public JwkTokenStore(List<String> jwkSetUrls)
```
    Creates a new instance using the provided URLs as the location for the JWK Sets.
    
    Parameters:
    jwkSetUrls - the JWK Set URLs
  - JwkTokenStore
```
public JwkTokenStore(String jwkSetUrl,
             AccessTokenConverter accessTokenConverter)
```
    Creates a new instance using the provided URL as the location for the JWK Set and a custom AccessTokenConverter.
    
    Parameters:
    jwkSetUrl - the JWK Set URL
    accessTokenConverter - a custom AccessTokenConverter
  - JwkTokenStore
```
public JwkTokenStore(String jwkSetUrl,
             JwtClaimsSetVerifier jwtClaimsSetVerifier)
```
    Creates a new instance using the provided URL as the location for the JWK Set and a custom JwtClaimsSetVerifier.
    
    Parameters:
    jwkSetUrl - the JWK Set URL
    jwtClaimsSetVerifier - a custom JwtClaimsSetVerifier
  - JwkTokenStore
```
public JwkTokenStore(String jwkSetUrl,
             AccessTokenConverter accessTokenConverter,
             JwtClaimsSetVerifier jwtClaimsSetVerifier)
```
    Creates a new instance using the provided URL as the location for the JWK Set and a custom AccessTokenConverter and JwtClaimsSetVerifier.
    
    Parameters:
    jwkSetUrl - the JWK Set URL
    accessTokenConverter - a custom AccessTokenConverter
    jwtClaimsSetVerifier - a custom JwtClaimsSetVerifier
  - JwkTokenStore
```
public JwkTokenStore(List<String> jwkSetUrls,
             AccessTokenConverter accessTokenConverter,
             JwtClaimsSetVerifier jwtClaimsSetVerifier)
```
    Creates a new instance using the provided URLs as the location for the JWK Sets and a custom AccessTokenConverter and JwtClaimsSetVerifier.
    
    Parameters:
    jwkSetUrls - the JWK Set URLs
    accessTokenConverter - a custom AccessTokenConverter
    jwtClaimsSetVerifier - a custom JwtClaimsSetVerifier
- Method Detail
  - readAuthentication
```
public OAuth2Authentication readAuthentication(OAuth2AccessToken token)
```
    Delegates to the internal instance JwtTokenStore.readAuthentication(OAuth2AccessToken).
    
    Specified by:
    
    readAuthentication in interface TokenStore
    
    Parameters:
    token - the access token
    
    Returns:
    the OAuth2Authentication representation of the access token
  - readAuthentication
```
public OAuth2Authentication readAuthentication(String tokenValue)
```
    Delegates to the internal instance JwtTokenStore.readAuthentication(String).
    
    Specified by:
    
    readAuthentication in interface TokenStore
    
    Parameters:
    tokenValue - the access token value
    
    Returns:
    the OAuth2Authentication representation of the access token
  - storeAccessToken
```
public void storeAccessToken(OAuth2AccessToken token,
                    OAuth2Authentication authentication)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    storeAccessToken in interface TokenStore
    
    Parameters:
    token - The token to store.
    authentication - The authentication associated with the token.
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - readAccessToken
```
public OAuth2AccessToken readAccessToken(String tokenValue)
```
    Delegates to the internal instance JwtTokenStore.readAccessToken(String).
    
    Specified by:
    
    readAccessToken in interface TokenStore
    
    Parameters:
    tokenValue - the access token value
    
    Returns:
    the OAuth2AccessToken representation of the access token value
  - removeAccessToken
```
public void removeAccessToken(OAuth2AccessToken token)
```
    Delegates to the internal instance JwtTokenStore.removeAccessToken(OAuth2AccessToken).
    
    Specified by:
    
    removeAccessToken in interface TokenStore
    
    Parameters:
    token - the access token
  - storeRefreshToken
```
public void storeRefreshToken(OAuth2RefreshToken refreshToken,
                     OAuth2Authentication authentication)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    storeRefreshToken in interface TokenStore
    
    Parameters:
    refreshToken - The refresh token to store.
    authentication - The authentication associated with the refresh token.
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - readRefreshToken
```
public OAuth2RefreshToken readRefreshToken(String tokenValue)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    readRefreshToken in interface TokenStore
    
    Parameters:
    tokenValue - The value of the token to read.
    
    Returns:
    The token.
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - readAuthenticationForRefreshToken
```
public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    readAuthenticationForRefreshToken in interface TokenStore
    
    Parameters:
    token - a refresh token
    
    Returns:
    the authentication originally used to grant the refresh token
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - removeRefreshToken
```
public void removeRefreshToken(OAuth2RefreshToken token)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    removeRefreshToken in interface TokenStore
    
    Parameters:
    token - The token to remove from the store.
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - removeAccessTokenUsingRefreshToken
```
public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken refreshToken)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    removeAccessTokenUsingRefreshToken in interface TokenStore
    
    Parameters:
    refreshToken - The refresh token.
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - getAccessToken
```
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    getAccessToken in interface TokenStore
    
    Parameters:
    authentication - the authentication key for the access token
    
    Returns:
    the access token or null if there was none
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - findTokensByClientIdAndUserName
```
public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String clientId,
                                                            String userName)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    findTokensByClientIdAndUserName in interface TokenStore
    
    Parameters:
    clientId - the client id to search
    userName - the user name to search
    
    Returns:
    a collection of access tokens
    
    Throws:
    
    JwkException - reporting this operation is not supported
  - findTokensByClientId
```
public Collection<OAuth2AccessToken> findTokensByClientId(String clientId)
```
    This operation is not applicable for a Resource Server and if called, will throw a JwkException.
    
    Specified by:
    
    findTokensByClientId in interface TokenStore
    
    Parameters:
    clientId - the client id to search
    
    Returns:
    a collection of access tokens
    
    Throws:
    
    JwkException - reporting this operation is not supported

Class JwkTokenStore

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JwkTokenStore

JwkTokenStore

JwkTokenStore

JwkTokenStore

JwkTokenStore

JwkTokenStore

Method Detail

readAuthentication

readAuthentication

storeAccessToken

readAccessToken

removeAccessToken

storeRefreshToken

readRefreshToken

readAuthenticationForRefreshToken

removeRefreshToken

removeAccessTokenUsingRefreshToken

getAccessToken

findTokensByClientIdAndUserName

findTokensByClientId