Class SyncopeJWTSSOProvider
java.lang.Object
org.apache.syncope.core.spring.security.SyncopeJWTSSOProvider
- All Implemented Interfaces:
com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>,com.nimbusds.jose.JOSEProvider,com.nimbusds.jose.JWSProvider,com.nimbusds.jose.JWSVerifier,JWTSSOProvider
Default implementation for internal JWT validation.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final AccessTokenDAOprotected final AccessTokenJWSVerifierprotected final EncryptorManagerprotected static final Loggerprotected final SecurityPropertiesprotected final UserDAO -
Constructor Summary
ConstructorsConstructorDescriptionSyncopeJWTSSOProvider(SecurityProperties securityProperties, EncryptorManager encryptorManager, AccessTokenJWSVerifier delegate, UserDAO userDAO, AccessTokenDAO accessTokenDAO) -
Method Summary
Modifier and TypeMethodDescriptionGives the identifier for the JWT issuer verified by this instance.com.nimbusds.jose.jca.JCAContextresolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims) Attempts to resolve the given JWT claims into internalUserand authorities.Set<com.nimbusds.jose.JWSAlgorithm> booleanverify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature)
-
Field Details
-
LOG
-
securityProperties
-
encryptorManager
-
delegate
-
userDAO
-
accessTokenDAO
-
-
Constructor Details
-
SyncopeJWTSSOProvider
public SyncopeJWTSSOProvider(SecurityProperties securityProperties, EncryptorManager encryptorManager, AccessTokenJWSVerifier delegate, UserDAO userDAO, AccessTokenDAO accessTokenDAO)
-
-
Method Details
-
getIssuer
Description copied from interface:JWTSSOProviderGives the identifier for the JWT issuer verified by this instance.- Specified by:
getIssuerin interfaceJWTSSOProvider- Returns:
- identifier for the JWT issuer verified by this instance
-
supportedJWSAlgorithms
- Specified by:
supportedJWSAlgorithmsin interfacecom.nimbusds.jose.JWSProvider
-
getJCAContext
public com.nimbusds.jose.jca.JCAContext getJCAContext()- Specified by:
getJCAContextin interfacecom.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>
-
verify
public boolean verify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature) throws com.nimbusds.jose.JOSEException - Specified by:
verifyin interfacecom.nimbusds.jose.JWSVerifier- Throws:
com.nimbusds.jose.JOSEException
-
resolve
@Transactional(readOnly=true) public Pair<User,Set<SyncopeGrantedAuthority>> resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims) Description copied from interface:JWTSSOProviderAttempts to resolve the given JWT claims into internalUserand authorities. IMPORTANT: this is not invoked for theadminsuper-user.- Specified by:
resolvein interfaceJWTSSOProvider- Parameters:
jwtClaims- JWT claims- Returns:
- internal User, with authorities, matching the provided JWT claims, if found; otherwise null
-