Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 21:33:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish NimbusJwtDecoder

Browse Source
This commit is contained in:
Josh Cummings 2025-02-27 11:04:16 -07:00
parent ab43a660b9
commit 7df85a2ed9
1 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
View File

@ -130,7 +130,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
* Decode and validate the JWT from its compact claims representation format * Decode and validate the JWT from its compact claims representation format
* @param token the JWT value * @param token the JWT value
* @return a validated {@link Jwt} * @return a validated {@link Jwt}
* @throws JwtException * @throws JwtException when the token is malformed or otherwise invalid
*/ */
@Override @Override
public Jwt decode(String token) throws JwtException { public Jwt decode(String token) throws JwtException {
@ -274,14 +274,14 @@ public final class NimbusJwtDecoder implements JwtDecoder {
private static final JOSEObjectTypeVerifier<SecurityContext> NO_TYPE_VERIFIER = (header, context) -> { private static final JOSEObjectTypeVerifier<SecurityContext> NO_TYPE_VERIFIER = (header, context) -> {
}; };
private Function<RestOperations, String> jwkSetUri; private final Function<RestOperations, String> jwkSetUri;
private Function<JWKSource<SecurityContext>, Set<JWSAlgorithm>> defaultAlgorithms = (source) -> Set private Function<JWKSource<SecurityContext>, Set<JWSAlgorithm>> defaultAlgorithms = (source) -> Set
.of(JWSAlgorithm.RS256); .of(JWSAlgorithm.RS256);
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER; private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>(); private final Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
private RestOperations restOperations = new RestTemplate(); private RestOperations restOperations = new RestTemplate();
@ -337,9 +337,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
* *
* <p> * <p>
* The difference is that by setting this to {@code false}, it allows you to * The difference is that by setting this to {@code false}, it allows you to
* provide validation by type, like for {@code at+jwt}: * provide validation by type, like for {@code at+jwt}: <code>
*
* <code>
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
* .validateType(false) * .validateType(false)
* .build(); * .build();
@ -388,8 +386,8 @@ public final class NimbusJwtDecoder implements JwtDecoder {
* <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well
* as the <a href= * as the <a href=
* "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>. * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
* @param restOperations * @param restOperations the {@link RestOperations} instance to use
* @return * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
*/ */
public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) { public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) {
Assert.notNull(restOperations, "restOperations cannot be null"); Assert.notNull(restOperations, "restOperations cannot be null");
@ -552,7 +550,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER; private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
private RSAPublicKey key; private final RSAPublicKey key;
private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer; private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
@ -595,9 +593,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
* *
* <p> * <p>
* The difference is that by setting this to {@code false}, it allows you to * The difference is that by setting this to {@code false}, it allows you to
* provide validation by type, like for {@code at+jwt}: * provide validation by type, like for {@code at+jwt}: <code>
*
* <code>
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
* .validateType(false) * .validateType(false)
* .build(); * .build();
@ -616,9 +612,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
/** /**
* Use the given signing * Use the given signing
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target= * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
* "_blank">algorithm</a>. * "_blank">algorithm</a>. The value should be one of
*
* The value should be one of
* <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target= * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
* "_blank">RS256, RS384, or RS512</a>. * "_blank">RS256, RS384, or RS512</a>.
* @param signatureAlgorithm the algorithm to use * @param signatureAlgorithm the algorithm to use
@ -728,9 +722,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
* *
* <p> * <p>
* The difference is that by setting this to {@code false}, it allows you to * The difference is that by setting this to {@code false}, it allows you to
* provide validation by type, like for {@code at+jwt}: * provide validation by type, like for {@code at+jwt}: <code>
*
* <code>
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer) * NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
* .validateType(false) * .validateType(false)
* .build(); * .build();
@ -749,9 +741,7 @@ public final class NimbusJwtDecoder implements JwtDecoder {
/** /**
* Use the given * Use the given
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target= * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
* "_blank">algorithm</a> when generating the MAC. * "_blank">algorithm</a> when generating the MAC. The value should be one of
*
* The value should be one of
* <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target= * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
* "_blank">HS256, HS384 or HS512</a>. * "_blank">HS256, HS384 or HS512</a>.
* @param macAlgorithm the MAC algorithm to use * @param macAlgorithm the MAC algorithm to use