public final class JwtAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
AuthenticationProvider
implementation of the Jwt
-encoded
Bearer Tokens
for protecting OAuth 2.0 Resource Servers.
This AuthenticationProvider
is responsible for decoding and verifying a Jwt
-encoded access token,
returning its claims set as part of the Authentication
statement.
Scopes are translated into GrantedAuthority
s according to the following algorithm:
1. If there is a "scope" or "scp" attribute, then
if a String
, then split by spaces and return, or
if a Collection
, then simply return
2. Take the resulting Collection
of String
s and prepend the "SCOPE_" keyword, adding
as GrantedAuthority
s.
AuthenticationProvider
,
JwtDecoder
Constructor and Description |
---|
JwtAuthenticationProvider(JwtDecoder jwtDecoder) |
Modifier and Type | Method and Description |
---|---|
Authentication |
authenticate(Authentication authentication)
Decode and validate the
Bearer Token.
|
void |
setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter) |
boolean |
supports(java.lang.Class<?> authentication)
Returns
true if this AuthenticationProvider supports the
indicated Authentication object. |
public JwtAuthenticationProvider(JwtDecoder jwtDecoder)
public Authentication authenticate(Authentication authentication) throws AuthenticationException
authenticate
in interface AuthenticationProvider
authentication
- the authentication request object.AuthenticationException
- if authentication failed for some reasonpublic boolean supports(java.lang.Class<?> authentication)
true
if this AuthenticationProvider
supports the
indicated Authentication
object.
Returning true
does not guarantee an
AuthenticationProvider
will be able to authenticate the presented
instance of the Authentication
class. It simply indicates it can
support closer evaluation of it. An AuthenticationProvider
can still
return null
from the AuthenticationProvider.authenticate(Authentication)
method to
indicate another AuthenticationProvider
should be tried.
Selection of an AuthenticationProvider
capable of performing
authentication is conducted at runtime the ProviderManager
.
supports
in interface AuthenticationProvider
true
if the implementation can more closely evaluate the
Authentication
class presentedpublic void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)