Package org.springframework.security.oauth2.server.resource.authentication

Class JwtAuthenticationProvider

java.lang.Object
org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
All Implemented Interfaces:
org.springframework.security.authentication.AuthenticationProvider
public final class JwtAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider
An AuthenticationProvider implementation of the Jwt-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.

This AuthenticationProvider is responsible for decoding and verifying a Jwt-encoded access token, returning its claims set as part of the Authentication statement.

Scopes are translated into GrantedAuthoritys according to the following algorithm: 1. If there is a "scope" or "scp" attribute, then if a String, then split by spaces and return, or if a Collection, then simply return 2. Take the resulting Collection of Strings and prepend the "SCOPE_" keyword, adding as GrantedAuthoritys.

Since:
5.1
See Also:
  • AuthenticationProvider
  • JwtDecoder

  • Constructor Summary

    Constructors
    Constructor
    Description
    JwtAuthenticationProvider(org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    authenticate(org.springframework.security.core.Authentication authentication)
    Decode and validate the Bearer Token.
    void
    setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,? extends org.springframework.security.authentication.AbstractAuthenticationToken> jwtAuthenticationConverter)
     
    boolean
    supports(Class<?> authentication)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • JwtAuthenticationProvider

      public JwtAuthenticationProvider(org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder)

  • Method Details

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Decode and validate the Bearer Token.
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Parameters:
      authentication - the authentication request object.
      Returns:
      A successful authentication
      Throws:
      org.springframework.security.core.AuthenticationException - if authentication failed for some reason

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider

    • setJwtAuthenticationConverter

      public void setJwtAuthenticationConverter(org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,? extends org.springframework.security.authentication.AbstractAuthenticationToken> jwtAuthenticationConverter)