Class NimbusReactiveJwtDecoder
java.lang.Object
org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
- All Implemented Interfaces:
ReactiveJwtDecoder
An implementation of a
ReactiveJwtDecoder
that "decodes" a JSON Web
Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web
Signature (JWS).
NOTE: This implementation uses the Nimbus JOSE + JWT SDK internally.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A builder for creatingNimbusReactiveJwtDecoder
instances based on a JWK Set uri.static final class
A builder for creatingNimbusReactiveJwtDecoder
instances.static final class
A builder for creatingNimbusReactiveJwtDecoder
instances based on a public key.static final class
A builder for creatingNimbusReactiveJwtDecoder
instances based on aSecretKey
. -
Constructor Summary
ConstructorDescriptionNimbusReactiveJwtDecoder
(String jwkSetUrl) Constructs aNimbusReactiveJwtDecoder
using the provided parameters.NimbusReactiveJwtDecoder
(RSAPublicKey publicKey) Constructs aNimbusReactiveJwtDecoder
using the provided parameters.NimbusReactiveJwtDecoder
(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT, reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor) Constructs aNimbusReactiveJwtDecoder
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Jwt>
Decodes the JWT from it's compact claims representation format and returns aJwt
.void
setClaimSetConverter
(org.springframework.core.convert.converter.Converter<Map<String, Object>, Map<String, Object>> claimSetConverter) Use the followingConverter
for manipulating the JWT's claim setvoid
setJwtValidator
(OAuth2TokenValidator<Jwt> jwtValidator) Use the providedOAuth2TokenValidator
to validate incomingJwt
s.withJwkSetUri
(String jwkSetUri) Use the given JWK Set uri to validate JWTs.withJwkSource
(Function<com.nimbusds.jwt.SignedJWT, reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source) Use the givenFunction
to validate JWTsUse the given public key to validate JWTswithSecretKey
(SecretKey secretKey) Use the givenSecretKey
to validate the MAC on a JSON Web Signature (JWS).
-
Constructor Details
-
NimbusReactiveJwtDecoder
Constructs aNimbusReactiveJwtDecoder
using the provided parameters.- Parameters:
jwkSetUrl
- the JSON Web Key (JWK) SetURL
-
NimbusReactiveJwtDecoder
Constructs aNimbusReactiveJwtDecoder
using the provided parameters.- Parameters:
publicKey
- theRSAPublicKey
used to verify the signature- Since:
- 5.2
-
NimbusReactiveJwtDecoder
public NimbusReactiveJwtDecoder(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT, reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor) Constructs aNimbusReactiveJwtDecoder
using the provided parameters.- Parameters:
jwtProcessor
- theConverter
used to process and verify the signed Jwt and return the Jwt Claim Set- Since:
- 5.2
-
-
Method Details
-
setJwtValidator
Use the providedOAuth2TokenValidator
to validate incomingJwt
s.- Parameters:
jwtValidator
- theOAuth2TokenValidator
to use
-
setClaimSetConverter
public void setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String, Object>, Map<String, Object>> claimSetConverter) Use the followingConverter
for manipulating the JWT's claim set- Parameters:
claimSetConverter
- theConverter
to use
-
decode
Description copied from interface:ReactiveJwtDecoder
Decodes the JWT from it's compact claims representation format and returns aJwt
.- Specified by:
decode
in interfaceReactiveJwtDecoder
- Parameters:
token
- the JWT value- Returns:
- a
Jwt
- Throws:
JwtException
- if an error occurs while attempting to decode the JWT
-
withJwkSetUri
public static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder withJwkSetUri(String jwkSetUri) Use the given JWK Set uri to validate JWTs.- Parameters:
jwkSetUri
- the JWK Set uri to use- Returns:
- a
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
for further configurations - Since:
- 5.2
-
withPublicKey
public static NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder withPublicKey(RSAPublicKey key) Use the given public key to validate JWTs- Parameters:
key
- the public key to use- Returns:
- a
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
for further configurations - Since:
- 5.2
-
withSecretKey
public static NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder withSecretKey(SecretKey secretKey) Use the givenSecretKey
to validate the MAC on a JSON Web Signature (JWS).- Parameters:
secretKey
- theSecretKey
used to validate the MAC- Returns:
- a
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
for further configurations - Since:
- 5.2
-
withJwkSource
public static NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder withJwkSource(Function<com.nimbusds.jwt.SignedJWT, reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source) Use the givenFunction
to validate JWTs- Parameters:
source
- theFunction
- Returns:
- a
NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
for further configurations - Since:
- 5.2
-