Package org.springframework.security.oauth2.jwt

Class NimbusJwtDecoder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusJwtDecoder

All Implemented Interfaces:

JwtDecoder

public final class NimbusJwtDecoder
extends Object
implements JwtDecoder

A low-level Nimbus implementation of JwtDecoder which takes a raw Nimbus configuration.

Since:

5.2

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	A builder for creating NimbusJwtDecoder instances based on a JWK Set uri.
static final class	NimbusJwtDecoder.PublicKeyJwtDecoderBuilder	A builder for creating NimbusJwtDecoder instances based on a public key.
static final class	NimbusJwtDecoder.SecretKeyJwtDecoderBuilder	A builder for creating NimbusJwtDecoder instances based on a SecretKey.

Constructor Summary

Constructors

Constructor	Description
NimbusJwtDecoder(com.nimbusds.jwt.proc.JWTProcessor<com.nimbusds.jose.proc.SecurityContext> jwtProcessor)	Configures a NimbusJwtDecoder with the given parameters

Method Summary

Modifier and Type	Method	Description
Jwt	decode(String token)	Decode and validate the JWT from its compact claims representation format
void	setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)	Use the following Converter for manipulating the JWT's claim set
void	setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator)	Use this Jwt Validator
static NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	withIssuerLocation(String issuer)	Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
static NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	withJwkSetUri(String jwkSetUri)	Use the given JWK Set uri.
static NimbusJwtDecoder.PublicKeyJwtDecoderBuilder	withPublicKey(RSAPublicKey key)	Use the given public key to validate JWTs
static NimbusJwtDecoder.SecretKeyJwtDecoderBuilder	withSecretKey(SecretKey secretKey)	Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

NimbusJwtDecoder

public NimbusJwtDecoder(com.nimbusds.jwt.proc.JWTProcessor<com.nimbusds.jose.proc.SecurityContext> jwtProcessor)

Configures a NimbusJwtDecoder with the given parameters

Parameters:

jwtProcessor - - the JWTProcessor to use

Method Details

setJwtValidator

public void setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator)

Use this Jwt Validator

Parameters:

jwtValidator - - the Jwt Validator to use

setClaimSetConverter

public void setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)

Use the following Converter for manipulating the JWT's claim set

Parameters:

claimSetConverter - the Converter to use

decode

public Jwt decode(String token)
           throws JwtException

Decode and validate the JWT from its compact claims representation format

Specified by:

decode in interface JwtDecoder

Parameters:

token - the JWT value

Returns:

a validated Jwt

Throws:

JwtException - when the token is malformed or otherwise invalid

withIssuerLocation

public static NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder withIssuerLocation(String issuer)

Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.

Parameters:

issuer - the Issuer

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder that will derive the JWK Set uri when NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder.build() is called

Since:

6.1

See Also:

• JwtDecoders

withJwkSetUri

public static NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder withJwkSetUri(String jwkSetUri)

Use the given JWK Set uri.

Parameters:

jwkSetUri - the JWK Set uri to use

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

withPublicKey

public static NimbusJwtDecoder.PublicKeyJwtDecoderBuilder withPublicKey(RSAPublicKey key)

Use the given public key to validate JWTs

Parameters:

key - the public key to use

Returns:

a NimbusJwtDecoder.PublicKeyJwtDecoderBuilder for further configurations

withSecretKey

public static NimbusJwtDecoder.SecretKeyJwtDecoderBuilder withSecretKey(SecretKey secretKey)

Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Parameters:

secretKey - the SecretKey used to validate the MAC

Returns:

a NimbusJwtDecoder.SecretKeyJwtDecoderBuilder for further configurations