public final class JwtIssuerReactiveAuthenticationManagerResolver extends java.lang.Object implements ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
ReactiveAuthenticationManagerResolver
that resolves a JWT-based
ReactiveAuthenticationManager
based on the
Issuer in a
signed JWT (JWS).
To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that
anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way
to achieve this is to supply a whitelist of trusted issuers in the constructor.
This class derives the Issuer from the `iss` claim found in the ServerWebExchange
's
Bearer Token.Constructor and Description |
---|
JwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters |
JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters
Note that the ReactiveAuthenticationManagerResolver provided in this constructor will need to
verify that the issuer is trusted. |
JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters |
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<ReactiveAuthenticationManager> |
resolve(org.springframework.web.server.ServerWebExchange exchange)
Return an
AuthenticationManager based off of the `iss` claim found in the request's bearer token |
public JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a whitelist of trusted issuerspublic JwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a whitelist of trusted issuerspublic JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters
Note that the ReactiveAuthenticationManagerResolver
provided in this constructor will need to
verify that the issuer is trusted. This should be done via a whitelist.
One way to achieve this is with a Map
where the keys are the known issuers:
Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtIssuerReactiveAuthenticationManagerResolver resolver = new JwtIssuerReactiveAuthenticationManagerResolver (issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer));The keys in the
Map
are the whitelist.issuerAuthenticationManagerResolver
- a strategy for resolving the ReactiveAuthenticationManager
by the issuerpublic reactor.core.publisher.Mono<ReactiveAuthenticationManager> resolve(org.springframework.web.server.ServerWebExchange exchange)
AuthenticationManager
based off of the `iss` claim found in the request's bearer tokenresolve
in interface ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
OAuth2AuthenticationException
- if the bearer token is malformed or an ReactiveAuthenticationManager
can't be derived from the issuer