Class JwtAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
AuthenticationProvider
implementation of the Jwt
-encoded
Bearer
Tokens for protecting OAuth 2.0 Resource Servers.
This AuthenticationProvider
is responsible for decoding and verifying a
Jwt
-encoded access token, returning its claims set as part of the
Authentication
statement.
Scopes are translated into GrantedAuthority
s according to the following
algorithm:
1. If there is a "scope" or "scp" attribute, then if a String
, then split by
spaces and return, or if a Collection
, then simply return 2. Take the resulting
Collection
of String
s and prepend the "SCOPE_" keyword, adding as
GrantedAuthority
s.
- Since:
- 5.1
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(Authentication authentication) Decode and validate the Bearer Token.void
setJwtAuthenticationConverter
(org.springframework.core.convert.converter.Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter) boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Constructor Details
-
JwtAuthenticationProvider
-
-
Method Details
-
authenticate
Decode and validate the Bearer Token.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- A successful authentication
- Throws:
AuthenticationException
- if authentication failed for some reason
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presentedAuthentication
object. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setJwtAuthenticationConverter
public void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter)
-