com.netflix.genie.web.security.oauth2.pingfederate

Class PingFederateJWTConfig

java.lang.Object

com.netflix.genie.web.security.oauth2.pingfederate.PingFederateJWTConfig

@Configuration
 @Conditional(value=PingFederateSecurityConditions.PingFederateJWTEnabled.class)
public class PingFederateJWTConfig
extends java.lang.Object

Beans needed to support OAuth2 authentication via JWT tokens returned from Ping Federate.

Since:

3.0.0

Constructor Summary

Constructors

Constructor and Description
PingFederateJWTConfig()

Method Summary

Modifier and Type	Method and Description
org.jose4j.jwt.consumer.JwtConsumer	jwtConsumer(java.security.PublicKey jwtPublicKey, PingFederateValidator pingFederateValidator) The jwtConsumer class which will be used to verify and parse the JWT token from ping federate.
java.security.PublicKey	jwtPublicKey(java.lang.String keyValue) The public key used to verify the signatures of JWT tokens.
PingFederateJWTTokenServices	pingFederateJWTTokenServices(org.jose4j.jwt.consumer.JwtConsumer jwtConsumer, com.netflix.spectator.api.Registry registry) The token services class used to take a JWT token and produce a Spring Security Authentication object.
PingFederateValidator	pingFederateValidator(com.netflix.spectator.api.Registry registry) A validator which checks the validity of the JWT tokens sent in from ping federate against expected Genie required fields.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PingFederateJWTConfig

public PingFederateJWTConfig()

Method Detail

pingFederateValidator

@Bean
public PingFederateValidator pingFederateValidator(com.netflix.spectator.api.Registry registry)

A validator which checks the validity of the JWT tokens sent in from ping federate against expected Genie required fields.

Parameters:

registry - The metrics registry to use

Returns:

The validator

jwtPublicKey

@Bean
public java.security.PublicKey jwtPublicKey(@Value(value="${genie.security.oauth2.pingfederate.jwt.keyValue}")
                                                  java.lang.String keyValue)
                                           throws java.io.IOException,
                                                  org.jose4j.lang.JoseException,
                                                  java.security.spec.InvalidKeySpecException,
                                                  java.security.cert.CertificateException

The public key used to verify the signatures of JWT tokens.

Parameters:

keyValue - The string of the public key to use in either RSA or X.509 format

Returns:

A public key object to use when validating JWT tokens

Throws:

java.io.IOException - On reading or closing byte array input stream

org.jose4j.lang.JoseException - When trying to create the key using jose library

java.security.spec.InvalidKeySpecException - When the cert has an invalid spec

java.security.cert.CertificateException - When trying to create a X.509 specification object

jwtConsumer

@Bean
public org.jose4j.jwt.consumer.JwtConsumer jwtConsumer(@Qualifier(value="jwtPublicKey")
                                                             java.security.PublicKey jwtPublicKey,
                                                             PingFederateValidator pingFederateValidator)

The jwtConsumer class which will be used to verify and parse the JWT token from ping federate.

Parameters:

jwtPublicKey - The public key used to verify the signature on the JWT token.

pingFederateValidator - The validator to add to the validation chain specifically for Ping Federate

Returns:

The consumer to use

pingFederateJWTTokenServices

@Bean
 @Primary
public PingFederateJWTTokenServices pingFederateJWTTokenServices(org.jose4j.jwt.consumer.JwtConsumer jwtConsumer,
                                                                                 com.netflix.spectator.api.Registry registry)

The token services class used to take a JWT token and produce a Spring Security Authentication object.

Parameters:

jwtConsumer - The JWT consumer used to verify and parse the JWT tokens

registry - The metrics registry to use for collecting metrics

Returns:

The Token services class