Class JwtIssuerAuthenticationManagerResolver
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
- All Implemented Interfaces:
AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
public final class JwtIssuerAuthenticationManagerResolver extends java.lang.Object implements AuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>
An implementation ofAuthenticationManagerResolverthat resolves a JWT-basedAuthenticationManagerbased on the Issuer in a signed JWT (JWS). To use, this class must be able to determine whether or not the `iss` claim is trusted. Recall that anyone can stand up an authorization server and issue valid tokens to a resource server. The simplest way to achieve this is to supply a list of trusted issuers in the constructor. This class derives the Issuer from the `iss` claim found in theHttpServletRequest's Bearer Token.- Since:
- 5.3
-
-
Constructor Summary
Constructors Constructor Description JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parametersJwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parametersJwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters Note that theAuthenticationManagerResolverprovided in this constructor will need to verify that the issuer is trusted.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationManagerresolve(javax.servlet.http.HttpServletRequest request)Return anAuthenticationManagerbased off of the `iss` claim found in the request's bearer token
-
-
-
Constructor Detail
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.lang.String... trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters- Parameters:
trustedIssuers- a list of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(java.util.Collection<java.lang.String> trustedIssuers)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters- Parameters:
trustedIssuers- a list of trusted issuers
-
JwtIssuerAuthenticationManagerResolver
public JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<java.lang.String> issuerAuthenticationManagerResolver)
Construct aJwtIssuerAuthenticationManagerResolverusing the provided parameters Note that theAuthenticationManagerResolverprovided in this constructor will need to verify that the issuer is trusted. This should be done via an allowlist. One way to achieve this is with aMapwhere the keys are the known issuers:Map<String, AuthenticationManager> authenticationManagers = new HashMap<>(); authenticationManagers.put("https://issuerOne.example.org", managerOne); authenticationManagers.put("https://issuerTwo.example.org", managerTwo); JwtAuthenticationManagerResolver resolver = new JwtAuthenticationManagerResolver (authenticationManagers::get);The keys in theMapare the allowed issuers.- Parameters:
issuerAuthenticationManagerResolver- a strategy for resolving theAuthenticationManagerby the issuer
-
-
Method Detail
-
resolve
public AuthenticationManager resolve(javax.servlet.http.HttpServletRequest request)
Return anAuthenticationManagerbased off of the `iss` claim found in the request's bearer token- Specified by:
resolvein interfaceAuthenticationManagerResolver<javax.servlet.http.HttpServletRequest>- Returns:
- the
AuthenticationManagerto use - Throws:
OAuth2AuthenticationException- if the bearer token is malformed or anAuthenticationManagercan't be derived from the issuer
-
-