Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update JwtAuthenticationConverter Docs

Browse Source 
Replaced usage of deprecated API

Fixes gh-7062
This commit is contained in:
Josh Cummings 2019-09-05 16:15:55 -06:00
parent 9639962e27
commit 08f68c9122
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc
View File

@ -706,17 +706,24 @@ public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
}
Converter<Jwt, AbstractAuthenticationToken> grantedAuthoritiesExtractor() {
return new GrantedAuthoritiesExtractor();
JwtAuthenticationConverter jwtAuthenticationConverter =
new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter
(new GrantedAuthoritiesExtractor());
return jwtAuthenticationConveter;
}
```
which is responsible for converting a `Jwt` into an `Authentication`.
As part of its configuration, we can supply a subsidiary converter to go from `Jwt` to a `Collection` of `GrantedAuthority`s.
We can override this quite simply to alter the way granted authorities are derived:
That final converter might be something like `GrantedAuthoritiesExtractor` below:
```java
static class GrantedAuthoritiesExtractor extends JwtAuthenticationConverter {
protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
static class GrantedAuthoritiesExtractor
implements Converter<Jwt, Collection<GrantedAuthority>> {
public Collection<GrantedAuthority> convert(Jwt jwt) {
Collection<String> authorities = (Collection<String>)
jwt.getClaims().get("mycustomclaim");