Package org.springframework.security.oauth2.jwt

Class NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder

Enclosing class:

NimbusReactiveJwtDecoder

public static final class NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
extends Object

A builder for creating NimbusReactiveJwtDecoder instances based on a public key.

Since:

5.2

Method Summary

Modifier and Type	Method	Description
NimbusReactiveJwtDecoder	build()	Build the configured NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)	Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	signatureAlgorithm(SignatureAlgorithm signatureAlgorithm)	Use the given signing algorithm.
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	validateType(boolean shouldValidateTypHeader)	Whether to use Nimbus's typ header verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

signatureAlgorithm

public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder signatureAlgorithm(SignatureAlgorithm signatureAlgorithm)

Use the given signing algorithm. The value should be one of RS256, RS384, or RS512.

Parameters:

signatureAlgorithm - the algorithm to use

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

validateType

public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)

Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

By turning off this feature, NimbusReactiveJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

This is done for you when you use JwtValidators to construct a validator.

That means that this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

Is equivalent to this: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt()); new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder.withPublicKey(key) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

Parameters:

shouldValidateTypHeader - whether Nimbus should validate the typ header or not

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

Since:

6.5

jwtProcessorCustomizer

public NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

Parameters:

jwtProcessorCustomizer - the callback used to alter the processor

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.4

build

public NimbusReactiveJwtDecoder build()

Build the configured NimbusReactiveJwtDecoder.

Returns:

the configured NimbusReactiveJwtDecoder