Class JwtAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
-
- All Implemented Interfaces:
AuthenticationProvider
public final class JwtAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
AnAuthenticationProvider
implementation of theJwt
-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.This
AuthenticationProvider
is responsible for decoding and verifying aJwt
-encoded access token, returning its claims set as part of theAuthentication
statement.Scopes are translated into
GrantedAuthority
s according to the following algorithm: 1. If there is a "scope" or "scp" attribute, then if aString
, then split by spaces and return, or if aCollection
, then simply return 2. Take the resultingCollection
ofString
s and prepend the "SCOPE_" keyword, adding asGrantedAuthority
s.- Since:
- 5.1
- See Also:
AuthenticationProvider
,JwtDecoder
-
-
Constructor Summary
Constructors Constructor Description JwtAuthenticationProvider(JwtDecoder jwtDecoder)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Authentication
authenticate(Authentication authentication)
Decode and validate the Bearer Token.void
setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)
boolean
supports(java.lang.Class<?> authentication)
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
-
-
Constructor Detail
-
JwtAuthenticationProvider
public JwtAuthenticationProvider(JwtDecoder jwtDecoder)
-
-
Method Detail
-
authenticate
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Decode and validate the Bearer Token.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- A successful authentication
- Throws:
AuthenticationException
- if authentication failed for some reason
-
supports
public boolean supports(java.lang.Class<?> authentication)
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
setJwtAuthenticationConverter
public void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)
-
-