Class JwtIssuerAuthenticationManagerResolver
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
- All Implemented Interfaces:
AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
public final class JwtIssuerAuthenticationManagerResolver extends java.lang.Object implements AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
An implementation ofAuthenticationManagerResolverthat resolves a JWT-basedAuthenticationManagerbased on the Issuer in a signed JWT (JWS). To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way to achieve this is to supply a whitelist of trusted issuers in the constructor. This class derives the Issuer from the `iss` claim found in theHttpServletRequest's Bearer Token.- Since:
- 5.3
-
-
Constructor Summary
Constructors Constructor Description JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parametersJwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parametersJwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters Note that theAuthenticationManagerResolverprovided in this constructor will need to verify that the issuer is trusted.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationManagerresolve(javax.servlet.http.HttpServletRequest request)Return anAuthenticationManagerbased off of the `iss` claim found in the request's bearer token
-
-
-
Constructor Detail
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters- Parameters:
trustedIssuers- a whitelist of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters- Parameters:
trustedIssuers- a whitelist of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters Note that theAuthenticationManagerResolverprovided in this constructor will need to verify that the issuer is trusted. This should be done via a whitelist. One way to achieve this is with aMapwhere the keys are the known issuers:Map<String, AuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtAuthenticationManagerResolver resolver = new JwtAuthenticationManagerResolver (authenticationManagers::get);The keys in theMapare the whitelist.- Parameters:
issuerAuthenticationManagerResolver- a strategy for resolving theAuthenticationManagerby the issuer
-
-
Method Detail
-
resolve
public AuthenticationManager resolve(javax.servlet.http.HttpServletRequest request)
Return anAuthenticationManagerbased off of the `iss` claim found in the request's bearer token- Specified by:
resolvein interfaceAuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>- Returns:
- the
AuthenticationManagerto use - Throws:
OAuth2AuthenticationException- if the bearer token is malformed or anAuthenticationManagercan't be derived from the issuer
-
-