Class JwtIssuerReactiveAuthenticationManagerResolver
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
- All Implemented Interfaces:
ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
public final class JwtIssuerReactiveAuthenticationManagerResolver extends java.lang.Object implements ReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
An implementation ofReactiveAuthenticationManagerResolver
that resolves a JWT-basedReactiveAuthenticationManager
based on the Issuer in a signed JWT (JWS). To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way to achieve this is to supply a list of trusted issuers in the constructor. This class derives the Issuer from the `iss` claim found in theServerWebExchange
's Bearer Token.- Since:
- 5.3
-
-
Constructor Summary
Constructors Constructor Description JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parametersJwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parametersJwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters Note that theReactiveAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description reactor.core.publisher.Mono<ReactiveAuthenticationManager>
resolve(org.springframework.web.server.ServerWebExchange exchange)
Return anAuthenticationManager
based off of the `iss` claim found in the request's bearer token
-
-
-
Constructor Detail
-
JwtIssuerReactiveAuthenticationManagerResolver
public JwtIssuerReactiveAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters- Parameters:
trustedIssuers
- a list of trusted issuers
-
JwtIssuerReactiveAuthenticationManagerResolver
public JwtIssuerReactiveAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters- Parameters:
trustedIssuers
- a collection of trusted issuers
-
JwtIssuerReactiveAuthenticationManagerResolver
public JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters Note that theReactiveAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted. This should be done via an allowed list of issuers. One way to achieve this is with aMap
where the keys are the known issuers:Map<String, ReactiveAuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtIssuerReactiveAuthenticationManagerResolver resolver = new JwtIssuerReactiveAuthenticationManagerResolver ((issuer) -> Mono.justOrEmpty(authenticationManagers.get(issuer));
The keys in theMap
are the trusted issuers.- Parameters:
issuerAuthenticationManagerResolver
- a strategy for resolving theReactiveAuthenticationManager
by the issuer
-
-
Method Detail
-
resolve
public reactor.core.publisher.Mono<ReactiveAuthenticationManager> resolve(org.springframework.web.server.ServerWebExchange exchange)
Return anAuthenticationManager
based off of the `iss` claim found in the request's bearer token- Specified by:
resolve
in interfaceReactiveAuthenticationManagerResolver<org.springframework.web.server.ServerWebExchange>
- Throws:
OAuth2AuthenticationException
- if the bearer token is malformed or anReactiveAuthenticationManager
can't be derived from the issuer
-
-