Class JwtIssuerAuthenticationManagerResolver
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
- All Implemented Interfaces:
AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
public final class JwtIssuerAuthenticationManagerResolver extends java.lang.Object implements AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
An implementation ofAuthenticationManagerResolver
that resolves a JWT-basedAuthenticationManager
based on the Issuer in a signed JWT (JWS). To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way to achieve this is to supply a whitelist of trusted issuers in the constructor. This class derives the Issuer from the `iss` claim found in theHttpServletRequest
's Bearer Token.- Since:
- 5.3
-
-
Constructor Summary
Constructors Constructor Description JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parametersJwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parametersJwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parameters Note that theAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationManager
resolve(javax.servlet.http.HttpServletRequest request)
Return anAuthenticationManager
based off of the `iss` claim found in the request's bearer token
-
-
-
Constructor Detail
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parameters- Parameters:
trustedIssuers
- a whitelist of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parameters- Parameters:
trustedIssuers
- a whitelist of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerAuthenticationManagerResolver
using the provided parameters Note that theAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted. This should be done via a whitelist. One way to achieve this is with aMap
where the keys are the known issuers:Map<String, AuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtAuthenticationManagerResolver resolver = new JwtAuthenticationManagerResolver (authenticationManagers::get);
The keys in theMap
are the whitelist.- Parameters:
issuerAuthenticationManagerResolver
- a strategy for resolving theAuthenticationManager
by the issuer
-
-
Method Detail
-
resolve
public AuthenticationManager resolve(javax.servlet.http.HttpServletRequest request)
Return anAuthenticationManager
based off of the `iss` claim found in the request's bearer token- Specified by:
resolve
in interfaceAuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
- Returns:
- the
AuthenticationManager
to use - Throws:
OAuth2AuthenticationException
- if the bearer token is malformed or anAuthenticationManager
can't be derived from the issuer
-
-