Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Docs 

Issue gh-8332
This commit is contained in:
Josh Cummings 2020-04-10 16:40:18 -06:00
parent 10aa9743ed
commit ad8c49acae
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc
View File

@ -1025,6 +1025,27 @@ public JwtDecoder jwtDecoder(RestTemplateBuilder builder) {
}
```
Also by default, Resource Server caches in-memory the authorization server's JWK set for 5 minutes, which you may want to adjust.
Further, it doesn't take into account more sophisticated caching patterns like eviction or using a shared cache.
To adjust the way in which Resource Server caches the JWK set, `NimbusJwtDecoder` accepts an instance of `Cache`:
```java
@Bean
public JwtDecoder jwtDecoder(CacheManager cacheManager) {
return NimbusJwtDecoder.withJwtSetUri(jwkSetUri)
.cache(cacheManager.getCache("jwks"))
.build();
}
```
When given a `Cache`, Resource Server will use the JWK Set Uri as the key and the JWK Set JSON as the value.
NOTE: Spring isn't a cache provider, so you'll need to make sure to include the appropriate dependencies, like `spring-boot-starter-cache` and your favorite caching provider.
NOTE: Whether it's socket or cache timeouts, you may instead want to work with Nimbus directly.
To do so, remember that `NimbusJwtDecoder` ships with a constructor that takes Nimbus's `JWTProcessor`.
[[oauth2resourceserver-opaque-minimalconfiguration]]
=== Minimal Configuration for Introspection