public class AsapAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider
UnverifiedBearerToken and if the token is valid,
transforms it into an authenticated token which includes the granted authorities.
In order for this authentication provider to be invoked with a UnverifiedBearerToken, be sure to register a
BearerTokenAuthenticationProcessingFilter, otherwise it will never get asked to authenticate.
By default, this class will accept any valid token, which means any ASAP key will result in the request being
authenticated. If you only want to allow a subset of issuers/subjects to be authenticated, implement
getGrantedAuthorities(com.atlassian.asap.api.Jwt) to throw an exception for unknown issuers/subjects.
If your application is set up so that it requires authorization (e.g. specific roles) in addition to authentication,
you can use IssuerAndSubjectWhitelistAsapAuthenticationProvider or implement getGrantedAuthorities(com.atlassian.asap.api.Jwt)
to grant specific authorities to tokens. Otherwise, defaultAuthorities are granted to all the tokens.
| Constructor and Description |
|---|
AsapAuthenticationProvider(JwtValidator jwtValidator) |
AsapAuthenticationProvider(JwtValidator jwtValidator,
Collection<org.springframework.security.core.GrantedAuthority> defaultAuthorities) |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.security.core.Authentication |
authenticate(org.springframework.security.core.Authentication authentication) |
protected static String |
effectiveSubject(Jwt jwt) |
protected Collection<org.springframework.security.core.GrantedAuthority> |
getDefaultAuthorities() |
protected Collection<org.springframework.security.core.GrantedAuthority> |
getGrantedAuthorities(Jwt validJwt)
Subclasses should implement the strategy to grant authorities to valid JWT tokens with the given combination
of issuer and effective subject.
|
boolean |
supports(Class<?> authentication) |
public AsapAuthenticationProvider(JwtValidator jwtValidator, Collection<org.springframework.security.core.GrantedAuthority> defaultAuthorities)
public AsapAuthenticationProvider(JwtValidator jwtValidator)
public final org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
throws org.springframework.security.core.AuthenticationException
authenticate in interface org.springframework.security.authentication.AuthenticationProviderorg.springframework.security.core.AuthenticationExceptionprotected Collection<org.springframework.security.core.GrantedAuthority> getGrantedAuthorities(Jwt validJwt) throws org.springframework.security.core.AuthenticationException
org.springframework.security.core.AuthenticationException - is the token, although valid, is unauthorizedprotected static String effectiveSubject(Jwt jwt)
jwt - a tokenpublic final boolean supports(Class<?> authentication)
supports in interface org.springframework.security.authentication.AuthenticationProviderprotected Collection<org.springframework.security.core.GrantedAuthority> getDefaultAuthorities()
Copyright © 2017 Atlassian. All rights reserved.