com.auth0.spring.security.api

Class JwtWebSecurityConfigurer

java.lang.Object

com.auth0.spring.security.api.JwtWebSecurityConfigurer

public class JwtWebSecurityConfigurer
extends java.lang.Object

Utility class for configuring Security for your Spring API

Method Summary

Modifier and Type	Method and Description
org.springframework.security.config.annotation.web.builders.HttpSecurity	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Further configure the HttpSecurity object with some sensible defaults by registering objects to obtain a bearer token from a request.
static JwtWebSecurityConfigurer	forHS256(java.lang.String audience, java.lang.String issuer, org.springframework.security.authentication.AuthenticationProvider provider) Configures application authorization for JWT signed with HS256
static JwtWebSecurityConfigurer	forHS256(java.lang.String audience, java.lang.String issuer, byte[] secret) Configures application authorization for JWT signed with HS256
static JwtWebSecurityConfigurer	forHS256WithBase64Secret(java.lang.String audience, java.lang.String issuer, java.lang.String secret) Configures application authorization for JWT signed with HS256
static JwtWebSecurityConfigurer	forRS256(java.lang.String audience, java.lang.String issuer) Configures application authorization for JWT signed with RS256.
static JwtWebSecurityConfigurer	forRS256(java.lang.String audience, java.lang.String issuer, org.springframework.security.authentication.AuthenticationProvider provider) Configures application authorization for JWT signed with RS256 Will try to validate the token using the public key downloaded from "$issuer/.well-known/jwks.json" and matched by the value of kid of the JWT header

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

forRS256

public static JwtWebSecurityConfigurer forRS256(java.lang.String audience,
                                                java.lang.String issuer)

Configures application authorization for JWT signed with RS256. Will try to validate the token using the public key downloaded from "$issuer/.well-known/jwks.json" and matched by the value of kid of the JWT header

Parameters:

audience - identifier of the API and must match the aud value in the token

issuer - of the token for this API and must match the iss value in the token

Returns:

JwtWebSecurityConfigurer for further configuration

forRS256

public static JwtWebSecurityConfigurer forRS256(java.lang.String audience,
                                                java.lang.String issuer,
                                                org.springframework.security.authentication.AuthenticationProvider provider)

Configures application authorization for JWT signed with RS256 Will try to validate the token using the public key downloaded from "$issuer/.well-known/jwks.json" and matched by the value of kid of the JWT header

Parameters:

audience - identifier of the API and must match the aud value in the token

issuer - of the token for this API and must match the iss value in the token

provider - of Spring Authentication objects that can validate a PreAuthenticatedAuthenticationJsonWebToken

Returns:

JwtWebSecurityConfigurer for further configuration

forHS256WithBase64Secret

public static JwtWebSecurityConfigurer forHS256WithBase64Secret(java.lang.String audience,
                                                                java.lang.String issuer,
                                                                java.lang.String secret)

Configures application authorization for JWT signed with HS256

Parameters:

audience - identifier of the API and must match the aud value in the token

issuer - of the token for this API and must match the iss value in the token

secret - used to sign and verify tokens encoded in Base64

Returns:

JwtWebSecurityConfigurer for further configuration

forHS256

public static JwtWebSecurityConfigurer forHS256(java.lang.String audience,
                                                java.lang.String issuer,
                                                byte[] secret)

Configures application authorization for JWT signed with HS256

Parameters:

audience - identifier of the API and must match the aud value in the token

issuer - of the token for this API and must match the iss value in the token

secret - used to sign and verify tokens

Returns:

JwtWebSecurityConfigurer for further configuration

forHS256

public static JwtWebSecurityConfigurer forHS256(java.lang.String audience,
                                                java.lang.String issuer,
                                                org.springframework.security.authentication.AuthenticationProvider provider)

Configures application authorization for JWT signed with HS256

Parameters:

audience - identifier of the API and must match the aud value in the token

issuer - of the token for this API and must match the iss value in the token

provider - of Spring Authentication objects that can validate a PreAuthenticatedAuthenticationJsonWebToken

Returns:

JwtWebSecurityConfigurer for further configuration

configure

public org.springframework.security.config.annotation.web.builders.HttpSecurity configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                                                                   throws java.lang.Exception

Further configure the HttpSecurity object with some sensible defaults by registering objects to obtain a bearer token from a request.

Parameters:

http - configuration for Spring

Returns:

the http configuration for further customizations

Throws:

java.lang.Exception