Package org.springframework.security.oauth2.server.resource.authentication

Class JwtAuthenticationProvider

java.lang.Object

org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public final class JwtAuthenticationProvider
extends Object
implements AuthenticationProvider

An AuthenticationProvider implementation of the Jwt-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.

This AuthenticationProvider is responsible for decoding and verifying a Jwt-encoded access token, returning its claims set as part of the Authentication statement.

Scopes are translated into GrantedAuthoritys according to the following algorithm: 1. If there is a "scope" or "scp" attribute, then if a String, then split by spaces and return, or if a Collection, then simply return 2. Take the resulting Collection of Strings and prepend the "SCOPE_" keyword, adding as GrantedAuthoritys.

Since:

5.1

See Also:

• AuthenticationProvider
• JwtDecoder

Constructor Summary

Constructors

Constructor	Description
JwtAuthenticationProvider(JwtDecoder jwtDecoder)

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication authentication)	Decode and validate the Bearer Token.
void	setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)
boolean	supports(Class<?> authentication)	Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JwtAuthenticationProvider

public JwtAuthenticationProvider(JwtDecoder jwtDecoder)

Method Details

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Decode and validate the Bearer Token.

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authentication - the authentication request object.

Returns:

A successful authentication

Throws:

AuthenticationException - if authentication failed for some reason

supports

public boolean supports(Class<?> authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Returns:

true if the implementation can more closely evaluate the Authentication class presented

setJwtAuthenticationConverter

public void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)