Package org.springframework.security.oauth2.jwt

Class NimbusReactiveJwtDecoder

java.lang.Object

org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

All Implemented Interfaces:

ReactiveJwtDecoder

public final class NimbusReactiveJwtDecoder
extends Object
implements ReactiveJwtDecoder

An implementation of a ReactiveJwtDecoder that "decodes" a JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS).

NOTE: This implementation uses the Nimbus JOSE + JWT SDK internally.

Since:

5.1

See Also:

• ReactiveJwtDecoder
• JSON Web Token (JWT)
• JSON Web Signature (JWS)
• JSON Web Key (JWK)
• Nimbus JOSE + JWT SDK

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a JWK Set uri.
static final class	NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances.
static final class	NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a public key.
static final class	NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	A builder for creating NimbusReactiveJwtDecoder instances based on a SecretKey.

Constructor Summary

Constructors

Constructor	Description
NimbusReactiveJwtDecoder(String jwkSetUrl)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(RSAPublicKey publicKey)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT,reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor)	Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<Jwt>	decode(String token)	Decodes the JWT from it's compact claims representation format and returns a Jwt.
void	setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)	Use the following Converter for manipulating the JWT's claim set
void	setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator)	Use the provided OAuth2TokenValidator to validate incoming Jwts.
static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder	withJwkSetUri(String jwkSetUri)	Use the given JWK Set uri to validate JWTs.
static NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder	withJwkSource(Function<com.nimbusds.jwt.SignedJWT,reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source)	Use the given Function to validate JWTs
static NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder	withPublicKey(RSAPublicKey key)	Use the given public key to validate JWTs
static NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder	withSecretKey(SecretKey secretKey)	Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(String jwkSetUrl)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

jwkSetUrl - the JSON Web Key (JWK) Set URL

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(RSAPublicKey publicKey)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

publicKey - the RSAPublicKey used to verify the signature

Since:

5.2

NimbusReactiveJwtDecoder

public NimbusReactiveJwtDecoder(org.springframework.core.convert.converter.Converter<com.nimbusds.jwt.JWT,reactor.core.publisher.Mono<com.nimbusds.jwt.JWTClaimsSet>> jwtProcessor)

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

Parameters:

jwtProcessor - the Converter used to process and verify the signed Jwt and return the Jwt Claim Set

Since:

5.2

Method Details

setJwtValidator

public void setJwtValidator(OAuth2TokenValidator<Jwt> jwtValidator)

Use the provided OAuth2TokenValidator to validate incoming Jwts.

Parameters:

jwtValidator - the OAuth2TokenValidator to use

setClaimSetConverter

public void setClaimSetConverter(org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>> claimSetConverter)

Use the following Converter for manipulating the JWT's claim set

Parameters:

claimSetConverter - the Converter to use

decode

public reactor.core.publisher.Mono<Jwt> decode(String token)
                                        throws JwtException

Description copied from interface: ReactiveJwtDecoder

Decodes the JWT from it's compact claims representation format and returns a Jwt.

Specified by:

decode in interface ReactiveJwtDecoder

Parameters:

token - the JWT value

Returns:

a Jwt

Throws:

JwtException - if an error occurs while attempting to decode the JWT

withJwkSetUri

public static NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder withJwkSetUri(String jwkSetUri)

Use the given JWK Set uri to validate JWTs.

Parameters:

jwkSetUri - the JWK Set uri to use

Returns:

a NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withPublicKey

public static NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder withPublicKey(RSAPublicKey key)

Use the given public key to validate JWTs

Parameters:

key - the public key to use

Returns:

a NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withSecretKey

public static NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder withSecretKey(SecretKey secretKey)

Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

Parameters:

secretKey - the SecretKey used to validate the MAC

Returns:

a NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder for further configurations

Since:

5.2

withJwkSource

public static NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder withJwkSource(Function<com.nimbusds.jwt.SignedJWT,reactor.core.publisher.Flux<com.nimbusds.jose.jwk.JWK>> source)

Use the given Function to validate JWTs

Parameters:

source - the Function

Returns:

a NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder for further configurations

Since:

5.2