From f808740c57f7d073107ff766d5ff76e750f6153e Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 30 Nov 2018 06:53:35 -0500 Subject: [PATCH] Update reference manual to use NimbusJwtDecoder Fixes gh-6188 --- .../servlet/preface/java-configuration.adoc | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc index 2957ec7e2a..dcbb7431d7 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc @@ -606,7 +606,7 @@ Or, exposing a `JwtDecoder` `@Bean` has the same effect as `decoder()`: ```java @Bean public JwtDecoder jwtDecoder() { - return new NimbusJwtDecoderJwkSupport(jwkSetUri); + return new NimbusJwtDecoder(JwtProcessors.withJwkSetUri(jwkSetUri).build()); } ``` @@ -719,7 +719,7 @@ Resource Server uses `JwtTimestampValidator` to verify a token's validity window ```java @Bean JwtDecoder jwtDecoder() { - NimbusJwtDecoderJwkSupport jwtDecoder = (NimbusJwtDecoderJwkSupport) + NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.withOidcIssuerLocation(issuerUri); OAuth2TokenValidator withClockSkew = new DelegatingOAuth2TokenValidator<>( @@ -759,7 +759,7 @@ Then, to add into a resource server, it's a matter of specifying the `JwtDecoder ```java @Bean JwtDecoder jwtDecoder() { - NimbusJwtDecoderJwkSupport jwtDecoder = (NimbusJwtDecoderJwkSupport) + NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.withOidcIssuerLocation(issuerUri); OAuth2TokenValidator audienceValidator = new AudienceValidator(); @@ -807,11 +807,11 @@ An individual claim's conversion strategy can be configured using `MappedJwtClai ```java @Bean JwtDecoder jwtDecoder() { - NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUri); + NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(JwtProcessors.withJwkSetUri(jwkSetUri).build()); MappedJwtClaimSetConverter converter = MappedJwtClaimSetConverter .withDefaults(Collections.singletonMap("sub", this::lookupUserIdBySub)); - jwtDecoder.setJwtClaimSetConverter(converter); + jwtDecoder.setClaimSetConverter(converter); return jwtDecoder; } @@ -862,8 +862,8 @@ And then, the instance can be supplied like normal: ```java @Bean JwtDecoder jwtDecoder() { - NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUri); - jwtDecoder.setJwtClaimSetConverter(new UsernameSubClaimAdapter()); + NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(JwtProcessors.withJwkSetUri(jwkSetUri).build()); + jwtDecoder.setClaimSetConverter(new UsernameSubClaimAdapter()); return jwtDecoder; } ``` @@ -876,7 +876,7 @@ By default, Resource Server uses connection and socket timeouts of 30 seconds ea This may be too short in some scenarios. Further, it doesn't take into account more sophisticated patterns like back-off and discovery. -To adjust the way in which Resource Server connects to the authorization server, `NimbusJwtDecoderJwkSupport` accepts an instance of `RestOperations`: +To adjust the way in which Resource Server connects to the authorization server, `NimbusJwtDecoder` accepts an instance of `RestOperations`: ```java @Bean @@ -886,8 +886,7 @@ public JwtDecoder jwtDecoder(RestTemplateBuilder builder) { .setReadTimeout(60000) .build(); - NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUri); - jwtDecoder.setRestOperations(rest); + NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(JwtProcessors.withJwkSetUri(jwkSetUri).restOperations(rest).build()); return jwtDecoder; } ```