java.lang.Object
org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
All Implemented Interfaces:
AuthenticationProvider

public final class JwtAuthenticationProvider extends Object implements AuthenticationProvider
An AuthenticationProvider implementation of the Jwt-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.

This AuthenticationProvider is responsible for decoding and verifying a Jwt-encoded access token, returning its claims set as part of the Authentication statement.

Scopes are translated into GrantedAuthoritys according to the following algorithm: 1. If there is a "scope" or "scp" attribute, then if a String, then split by spaces and return, or if a Collection, then simply return 2. Take the resulting Collection of Strings and prepend the "SCOPE_" keyword, adding as GrantedAuthoritys.

Since:
5.1
See Also:
  • Constructor Details

    • JwtAuthenticationProvider

      public JwtAuthenticationProvider(JwtDecoder jwtDecoder)
  • Method Details

    • authenticate

      public Authentication authenticate(Authentication authentication) throws AuthenticationException
      Decode and validate the Bearer Token.
      Specified by:
      authenticate in interface AuthenticationProvider
      Parameters:
      authentication - the authentication request object.
      Returns:
      A successful authentication
      Throws:
      AuthenticationException - if authentication failed for some reason
    • supports

      public boolean supports(Class<?> authentication)
      Description copied from interface: AuthenticationProvider
      Returns true if this AuthenticationProvider supports the indicated Authentication object.

      Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

      Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

      Specified by:
      supports in interface AuthenticationProvider
      Returns:
      true if the implementation can more closely evaluate the Authentication class presented
    • setJwtAuthenticationConverter

      public void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<Jwt,? extends AbstractAuthenticationToken> jwtAuthenticationConverter)