Package org.springframework.security.oauth2.jwt

Class NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Enclosing class:

NimbusJwtDecoder

public static final class NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
extends Object

A builder for creating NimbusJwtDecoder instances based on a JWK Set uri.

Method Summary

Modifier and Type	Method	Description
NimbusJwtDecoder	build()	Build the configured NimbusJwtDecoder.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	cache(org.springframework.cache.Cache cache)	Use the given Cache to store JWK Set.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	discoverJwsAlgorithms()	Enables discovery of supported JWS algorithms from the remote JWK Set.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	jwsAlgorithm(SignatureAlgorithm signatureAlgorithm)	Append the given signing algorithm to the set of algorithms to use.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer)	Configure the list of algorithms to use with the given Consumer.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)	Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	restOperations(org.springframework.web.client.RestOperations restOperations)	Use the given RestOperations to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder	validateType(boolean shouldValidateTypHeader)	Whether to use Nimbus's typ header verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

validateType

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)

Whether to use Nimbus's typ header verification. This is true by default, however it may change to false in a future major release.

By turning off this feature, NimbusJwtDecoder expects applications to check the typ header themselves in order to determine what kind of validation is needed

This is done for you when you use JwtValidators to construct a validator.

That means that this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer).build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(issuer);

Is equivalent to this: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators( new JwtIssuerValidator(issuer), JwtTypeValidator.jwt());

The difference is that by setting this to false, it allows you to provide validation by type, like for at+jwt: NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) .validateType(false) .build(); jwtDecoder.setJwtValidator(new MyAtJwtValidator());

Parameters:

shouldValidateTypHeader - whether Nimbus should validate the typ header or not

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

Since:

6.5

jwsAlgorithm

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder jwsAlgorithm(SignatureAlgorithm signatureAlgorithm)

Append the given signing algorithm to the set of algorithms to use.

Parameters:

signatureAlgorithm - the algorithm to use

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

jwsAlgorithms

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>> signatureAlgorithmsConsumer)

Configure the list of algorithms to use with the given Consumer.

Parameters:

signatureAlgorithmsConsumer - a Consumer for further configuring the algorithm list

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

restOperations

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder restOperations(org.springframework.web.client.RestOperations restOperations)

Use the given RestOperations to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.

Parameters:

restOperations - the RestOperations instance to use

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

cache

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder cache(org.springframework.cache.Cache cache)

Use the given Cache to store JWK Set.

Parameters:

cache - the Cache to be used to store JWK Set

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

Since:

5.4

discoverJwsAlgorithms

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder discoverJwsAlgorithms()

Enables discovery of supported JWS algorithms from the remote JWK Set.

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configuration

Since:

7.0.0

jwtProcessorCustomizer

public NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder jwtProcessorCustomizer(Consumer<com.nimbusds.jwt.proc.ConfigurableJWTProcessor<com.nimbusds.jose.proc.SecurityContext>> jwtProcessorCustomizer)

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.

Parameters:

jwtProcessorCustomizer - the callback used to alter the processor

Returns:

a NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder for further configurations

Since:

5.4

build

public NimbusJwtDecoder build()

Build the configured NimbusJwtDecoder.

Returns:

the configured NimbusJwtDecoder