Class UserPrincipalManager
- java.lang.Object
-
- com.azure.spring.cloud.autoconfigure.aad.filter.UserPrincipalManager
-
public class UserPrincipalManager extends Object
A user principal manager to load user info from JWT.
-
-
Constructor Summary
Constructors Constructor Description UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck)Create a newUserPrincipalManagerbased of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)Create a newUserPrincipalManagerbased of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()()}UserPrincipalManager(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> keySource)ø Creates a newUserPrincipalManagerwith a predefinedJWKSource.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description UserPrincipalbuildUserPrincipal(String aadIssuedBearerToken)Parse the id token toUserPrincipal.booleanisTokenIssuedByAad(String token)Whether the token was issued by AAD.
-
-
-
Constructor Detail
-
UserPrincipalManager
public UserPrincipalManager(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> keySource)
ø Creates a newUserPrincipalManagerwith a predefinedJWKSource.This is helpful in cases the JWK is not a remote JWKSet or for unit testing.
- Parameters:
keySource- -JWKSourcecontaining at least one key
-
UserPrincipalManager
public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck)
Create a newUserPrincipalManagerbased of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()- Parameters:
endpoints- - used to retrieve the JWKS URLaadAuthenticationProperties- - used to retrieve the environment.resourceRetriever- - configures theRemoteJWKSetcall.explicitAudienceCheck- Whether explicitly check the audience.- Throws:
IllegalArgumentException- If AAD key discovery URI is malformed.
-
UserPrincipalManager
public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)
Create a newUserPrincipalManagerbased of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()()}- Parameters:
endpoints- - used to retrieve the JWKS URLaadAuthenticationProperties- - used to retrieve the environment.resourceRetriever- - configures theRemoteJWKSetcall.jwkSetCache- - used to cache the JWK set for a finite time, default set to 5 minutes which matches constructor above if no jwkSetCache is passed inexplicitAudienceCheck- Whether explicitly check the audience.- Throws:
IllegalArgumentException- If AAD key discovery URI is malformed.
-
-
Method Detail
-
buildUserPrincipal
public UserPrincipal buildUserPrincipal(String aadIssuedBearerToken) throws ParseException, com.nimbusds.jose.JOSEException, com.nimbusds.jose.proc.BadJOSEException
Parse the id token toUserPrincipal.- Parameters:
aadIssuedBearerToken- The token issued by AAD.- Returns:
- The parsed
UserPrincipal. - Throws:
ParseException- If the token couldn't be parsed to a valid JWS object.com.nimbusds.jose.JOSEException- If an internal processing exception is encountered.com.nimbusds.jose.proc.BadJOSEException- If the JWT is rejected.
-
isTokenIssuedByAad
public boolean isTokenIssuedByAad(String token)
Whether the token was issued by AAD.- Parameters:
token- the token- Returns:
- whether the token was issued by AAD
-
-