Polish JwtValidators

The current name of createDelegatingJwtValidator is not intuitive. The
name implies it is just creating a DelegatingOAuth2TokenValidator with
no mention that JwtTimestampValidator is being added.

To resolve this, the arguments have been removed and only
JwtTimestampValidator is added. User's needing additional validators can
add the result of this method to DelegatingOAuth2TokenValidator along with
the additional validators they wish to use. The method name has been
renamed to createDefault which now accurately reflects what is created.
There is no need to have JwtValidator at the end of the method since
the method is located in JwtValidators.

The commit also adds createDefaultWithIssuer for creating with a specific issuer.

Issue: gh-5133

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtValidators.java

@@ -17,30 +17,50 @@ package org.springframework.security.oauth2.jwt;
 
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
+import java.util.List;
 
 import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 
 /**
+ * Provides factory methods for creating {@code OAuth2TokenValidator<Jwt>}
  * @author Josh Cummings
+ * @author Rob Winch
  * @since 5.1
  */
 public final class JwtValidators {
 
 	/**
-	 * Create a {@link Jwt} Validator that contains all standard validators as well as
-	 * any supplied in the parameter list.
-	 *
-	 * @param jwtValidators - additional validators to include in the delegating validator
+	 * <p>
+	 * Create a {@link Jwt} Validator that contains all standard validators when an issuer is known.
+	 * </p>
+	 * <p>
+	 * User's wanting to leverage the defaults plus additional validation can add the result of this
+	 * method to {@code DelegatingOAuth2TokenValidator} along with the additional validators.
+	 * </p>
+	 * @param issuer the issuer
 	 * @return - a delegating validator containing all standard validators as well as any supplied
 	 */
-	public static OAuth2TokenValidator<Jwt> createDelegatingJwtValidator(OAuth2TokenValidator<Jwt>... jwtValidators) {
-		Collection<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
+	public static OAuth2TokenValidator<Jwt> createDefaultWithIssuer(String issuer) {
+		List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
 		validators.add(new JwtTimestampValidator());
-		validators.addAll(Arrays.asList(jwtValidators));
+		validators.add(new JwtIssuerValidator(issuer));
 		return new DelegatingOAuth2TokenValidator<>(validators);
 	}
 
+	/**
+	 * <p>
+	 * Create a {@link Jwt} Validator that contains all standard validators.
+	 * </p>
+	 * <p>
+	 * User's wanting to leverage the defaults plus additional validation can add the result of this
+	 * method to {@code DelegatingOAuth2TokenValidator} along with the additional validators.
+	 * </p>
+	 * @return - a delegating validator containing all standard validators as well as any supplied
+	 */
+	public static OAuth2TokenValidator<Jwt> createDefault() {
+		return new DelegatingOAuth2TokenValidator<>(Arrays.asList(new JwtTimestampValidator()));
+	}
+
 	private JwtValidators() {}
 }

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderJwkSupport.java

@@ -78,7 +78,7 @@ public final class NimbusJwtDecoderJwkSupport implements JwtDecoder {
 	private final ConfigurableJWTProcessor<SecurityContext> jwtProcessor;
 	private final RestOperationsResourceRetriever jwkSetRetriever = new RestOperationsResourceRetriever();
 
-	private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDelegatingJwtValidator();
+	private OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators.createDefault();
 
 	/**
 	 * Constructs a {@code NimbusJwtDecoderJwkSupport} using the provided parameters.