Class SyncopeJWTSSOProvider
- java.lang.Object
-
- org.apache.syncope.core.spring.security.SyncopeJWTSSOProvider
-
- All Implemented Interfaces:
com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>,com.nimbusds.jose.JOSEProvider,com.nimbusds.jose.JWSProvider,com.nimbusds.jose.JWSVerifier,JWTSSOProvider
public class SyncopeJWTSSOProvider extends Object implements JWTSSOProvider
Default implementation for internal JWT validation.
-
-
Field Summary
Fields Modifier and Type Field Description protected AccessTokenDAOaccessTokenDAOprotected AccessTokenJWSVerifierdelegateprotected static EncryptorENCRYPTORprotected static LoggerLOGprotected SecurityPropertiessecurityPropertiesprotected UserDAOuserDAO
-
Constructor Summary
Constructors Constructor Description SyncopeJWTSSOProvider(SecurityProperties securityProperties, AccessTokenJWSVerifier delegate, UserDAO userDAO, AccessTokenDAO accessTokenDAO)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetIssuer()Gives the identifier for the JWT issuer verified by this instance.com.nimbusds.jose.jca.JCAContextgetJCAContext()Pair<User,Set<SyncopeGrantedAuthority>>resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims)Attempts to resolve the given JWT claims into internalUserand authorities.Set<com.nimbusds.jose.JWSAlgorithm>supportedJWSAlgorithms()booleanverify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature)
-
-
-
Field Detail
-
LOG
protected static final Logger LOG
-
ENCRYPTOR
protected static final Encryptor ENCRYPTOR
-
securityProperties
protected final SecurityProperties securityProperties
-
delegate
protected final AccessTokenJWSVerifier delegate
-
userDAO
protected final UserDAO userDAO
-
accessTokenDAO
protected final AccessTokenDAO accessTokenDAO
-
-
Constructor Detail
-
SyncopeJWTSSOProvider
public SyncopeJWTSSOProvider(SecurityProperties securityProperties, AccessTokenJWSVerifier delegate, UserDAO userDAO, AccessTokenDAO accessTokenDAO)
-
-
Method Detail
-
getIssuer
public String getIssuer()
Description copied from interface:JWTSSOProviderGives the identifier for the JWT issuer verified by this instance.- Specified by:
getIssuerin interfaceJWTSSOProvider- Returns:
- identifier for the JWT issuer verified by this instance
-
supportedJWSAlgorithms
public Set<com.nimbusds.jose.JWSAlgorithm> supportedJWSAlgorithms()
- Specified by:
supportedJWSAlgorithmsin interfacecom.nimbusds.jose.JWSProvider
-
getJCAContext
public com.nimbusds.jose.jca.JCAContext getJCAContext()
- Specified by:
getJCAContextin interfacecom.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>
-
verify
public boolean verify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature) throws com.nimbusds.jose.JOSEException- Specified by:
verifyin interfacecom.nimbusds.jose.JWSVerifier- Throws:
com.nimbusds.jose.JOSEException
-
resolve
@Transactional(readOnly=true) public Pair<User,Set<SyncopeGrantedAuthority>> resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims)
Description copied from interface:JWTSSOProviderAttempts to resolve the given JWT claims into internalUserand authorities. IMPORTANT: this is not invoked for theadminsuper-user.- Specified by:
resolvein interfaceJWTSSOProvider- Parameters:
jwtClaims- JWT claims- Returns:
- internal User, with authorities, matching the provided JWT claims, if found; otherwise null
-
-