Package org.apache.nifi.web.security.configuration

Class JwtDecoderConfiguration

java.lang.Object
org.apache.nifi.web.security.configuration.JwtDecoderConfiguration
@Configuration public class JwtDecoderConfiguration extends Object
JSON Web Token Decoder Configuration with component supporting Bearer Token parsing and verification

  • Field Details

    • REQUIRED_CLAIMS

      private static final Set<String> REQUIRED_CLAIMS

    • properties

      private final NiFiProperties properties

    • clientRegistrationRepository

      private final org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository

    • oidcRestOperations

      private final org.springframework.web.client.RestOperations oidcRestOperations

    • stateManagerProvider

      private final StateManagerProvider stateManagerProvider

    • keyRotationPeriod

      private final Duration keyRotationPeriod

  • Constructor Details

    • JwtDecoderConfiguration

      @Autowired public JwtDecoderConfiguration(NiFiProperties properties, org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository, @Qualifier("oidcRestOperations") org.springframework.web.client.RestOperations oidcRestOperations, StateManagerProvider stateManagerProvider)

  • Method Details

    • jwtDecoder

      @Bean public org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder()
      JWT Decoder responsible for parsing and verifying Bearer Tokens from application or OIDC Identity Provider
      Returns:
      JWT Decoder delegating to OpenID Connect JWT Decoder on matching Issuer claims

    • jwtProcessor

      @Bean public com.nimbusds.jwt.proc.JWTProcessor<com.nimbusds.jose.proc.SecurityContext> jwtProcessor()
      JSON Web Token Processor supporting application Bearer Token Decoder with configured Signing Key Selector
      Returns:
      Application JSON Web Token Processor for verification

    • jwtTokenValidator

      @Bean public org.springframework.security.oauth2.core.OAuth2TokenValidator<org.springframework.security.oauth2.jwt.Jwt> jwtTokenValidator()
      Token Validator responsible for validating JWT claims after parsing and verification based on matching Issuer
      Returns:
      Token Validator supporting application Bearer Tokens

    • idTokenDecoderFactory

      @Bean public org.springframework.security.oauth2.jwt.JwtDecoderFactory<org.springframework.security.oauth2.client.registration.ClientRegistration> idTokenDecoderFactory()
      OpenID Connect Identifier Token Decoder with configured JWS Algorithm for verification
      Returns:
      OpenID Connect Identifier Token Decoder

    • jwtRevocationService

      @Bean public JwtRevocationService jwtRevocationService()
      JWT Revocation Service with backing local State Manager for tracking revoked application Bearer Tokens
      Returns:
      JWT Revocation Service using local State Manager

    • verificationKeySelector

      @Bean public StandardVerificationKeySelector verificationKeySelector()
      Verification Key Selector with configured key rotation period
      Returns:
      Verification Key Selector supporting JSON Web Token signature verification

    • verificationKeyService

      @Bean public VerificationKeyService verificationKeyService()
      Verification Key Service using local State Manager for storing public keys
      Returns:
      Standard Verification Key Service with local State Manager