diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java index 5fb6e54b6b..eb5efbabec 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java @@ -130,7 +130,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { * Decode and validate the JWT from its compact claims representation format * @param token the JWT value * @return a validated {@link Jwt} - * @throws JwtException + * @throws JwtException when the token is malformed or otherwise invalid */ @Override public Jwt decode(String token) throws JwtException { @@ -274,14 +274,14 @@ public final class NimbusJwtDecoder implements JwtDecoder { private static final JOSEObjectTypeVerifier NO_TYPE_VERIFIER = (header, context) -> { }; - private Function jwkSetUri; + private final Function jwkSetUri; private Function, Set> defaultAlgorithms = (source) -> Set .of(JWSAlgorithm.RS256); private JOSEObjectTypeVerifier typeVerifier = JWT_TYPE_VERIFIER; - private Set signatureAlgorithms = new HashSet<>(); + private final Set signatureAlgorithms = new HashSet<>(); private RestOperations restOperations = new RestTemplate(); @@ -337,9 +337,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { * *

* The difference is that by setting this to {@code false}, it allows you to - * provide validation by type, like for {@code at+jwt}: - * - * + * provide validation by type, like for {@code at+jwt}: * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * .validateType(false) * .build(); @@ -388,8 +386,8 @@ public final class NimbusJwtDecoder implements JwtDecoder { * JWK Set uri as well * as the Issuer. - * @param restOperations - * @return + * @param restOperations the {@link RestOperations} instance to use + * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations */ public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) { Assert.notNull(restOperations, "restOperations cannot be null"); @@ -552,7 +550,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { private JOSEObjectTypeVerifier typeVerifier = JWT_TYPE_VERIFIER; - private RSAPublicKey key; + private final RSAPublicKey key; private Consumer> jwtProcessorCustomizer; @@ -595,9 +593,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { * *

* The difference is that by setting this to {@code false}, it allows you to - * provide validation by type, like for {@code at+jwt}: - * - * + * provide validation by type, like for {@code at+jwt}: * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * .validateType(false) * .build(); @@ -616,9 +612,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { /** * Use the given signing * algorithm. - * - * The value should be one of + * "_blank">algorithm. The value should be one of * RS256, RS384, or RS512. * @param signatureAlgorithm the algorithm to use @@ -728,9 +722,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { * *

* The difference is that by setting this to {@code false}, it allows you to - * provide validation by type, like for {@code at+jwt}: - * - * + * provide validation by type, like for {@code at+jwt}: * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * .validateType(false) * .build(); @@ -749,9 +741,7 @@ public final class NimbusJwtDecoder implements JwtDecoder { /** * Use the given * algorithm when generating the MAC. - * - * The value should be one of + * "_blank">algorithm when generating the MAC. The value should be one of * HS256, HS384 or HS512. * @param macAlgorithm the MAC algorithm to use