public final class JwtIssuerAuthenticationManagerResolver extends java.lang.Object implements AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
AuthenticationManagerResolver
that resolves a JWT-based AuthenticationManager
based on the Issuer in a
signed JWT (JWS).
To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that
anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way
to achieve this is to supply a whitelist of trusted issuers in the constructor.
This class derives the Issuer from the `iss` claim found in the HttpServletRequest
's
Bearer Token.Constructor and Description |
---|
JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct a
JwtIssuerAuthenticationManagerResolver using the provided parameters
Note that the AuthenticationManagerResolver provided in this constructor will need to
verify that the issuer is trusted. |
JwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct a
JwtIssuerAuthenticationManagerResolver using the provided parameters |
JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct a
JwtIssuerAuthenticationManagerResolver using the provided parameters |
Modifier and Type | Method and Description |
---|---|
AuthenticationManager |
resolve(javax.servlet.http.HttpServletRequest request)
Return an
AuthenticationManager based off of the `iss` claim found in the request's bearer token |
public JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
JwtIssuerAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a whitelist of trusted issuerspublic JwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
JwtIssuerAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a whitelist of trusted issuerspublic JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
JwtIssuerAuthenticationManagerResolver
using the provided parameters
Note that the AuthenticationManagerResolver
provided in this constructor will need to
verify that the issuer is trusted. This should be done via a whitelist.
One way to achieve this is with a Map
where the keys are the known issuers:
Map<String, AuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtAuthenticationManagerResolver resolver = new JwtAuthenticationManagerResolver (authenticationManagers::get);The keys in the
Map
are the whitelist.issuerAuthenticationManagerResolver
- a strategy for resolving the AuthenticationManager
by the issuerpublic AuthenticationManager resolve(javax.servlet.http.HttpServletRequest request)
AuthenticationManager
based off of the `iss` claim found in the request's bearer tokenresolve
in interface AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
AuthenticationManager
to useOAuth2AuthenticationException
- if the bearer token is malformed or an AuthenticationManager
can't be derived from the issuer