public final class JwtIssuerReactiveAuthenticationManagerResolver extends java.lang.Object implements ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
ReactiveAuthenticationManagerResolver
that resolves a JWT-based
ReactiveAuthenticationManager
based on the
Issuer in a
signed JWT (JWS).
To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that
anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way
to achieve this is to supply a list of trusted issuers in the constructor.
This class derives the Issuer from the `iss` claim found in the ServerWebExchange
's
Bearer Token.Constructor and Description |
---|
JwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters |
JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters
Note that the ReactiveAuthenticationManagerResolver provided in this constructor will need to
verify that the issuer is trusted. |
JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct a
JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters |
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<ReactiveAuthenticationManager> |
resolve(org.springframework.web.server.ServerWebExchange exchange)
Return an
AuthenticationManager based off of the `iss` claim found in the request's bearer token |
public JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a list of trusted issuerspublic JwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameterstrustedIssuers
- a collection of trusted issuerspublic JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters
Note that the ReactiveAuthenticationManagerResolver
provided in this constructor will need to
verify that the issuer is trusted. This should be done via an allowed list of issuers.
One way to achieve this is with a Map
where the keys are the known issuers:
Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtIssuerReactiveAuthenticationManagerResolver resolver = new JwtIssuerReactiveAuthenticationManagerResolver (issuer -> Mono.justOrEmpty(authenticationManagers.get(issuer));The keys in the
Map
are the trusted issuers.issuerAuthenticationManagerResolver
- a strategy for resolving the ReactiveAuthenticationManager
by the issuerpublic reactor.core.publisher.Mono<ReactiveAuthenticationManager> resolve(org.springframework.web.server.ServerWebExchange exchange)
AuthenticationManager
based off of the `iss` claim found in the request's bearer tokenresolve
in interface ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
OAuth2AuthenticationException
- if the bearer token is malformed or an ReactiveAuthenticationManager
can't be derived from the issuer