Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.jws

Class JWSAuthenticator<A extends Authentication>

java.lang.Object
io.inverno.mod.security.jose.jws.JWSAuthenticator<A>
Type Parameters:
A - the original authentication type
All Implemented Interfaces:
Authenticator<TokenCredentials,JWSAuthentication<A>>
public class JWSAuthenticator<A extends Authentication> extends Object implements Authenticator<TokenCredentials,JWSAuthentication<A>>

An authenticator implementation that authenticates JWS token credentials and expose the original authentication.

The expected token must be a valid JWS compact string which is not using NoAlgorithm.NONE algorithm.

Since:
1.5
Author:
Jeremy Kuhn

  • Constructor Details

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Class<A> authenticationType)

      Creates a JWS authenticator with the specified JWS service and original authentication type.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Type authenticationType)

      Creates a JWS authenticator with the specified JWS service and original authentication type.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Class<A> authenticationType, Publisher<? extends JWK> keys)

      Creates a JWS authenticator with the specified JWS service, original authentication type and keys.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      keys - the keys to consider to verify the JWS

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Type authenticationType, Publisher<? extends JWK> keys)

      Creates a JWS authenticator with the specified JWS service, original authentication type and keys.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      keys - the keys to consider to verify the JWS

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Class<A> authenticationType, String... processedParameters)

      Creates a JWS authenticator with the specified JWS service, original authentication type and processed parameters.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      processedParameters - the parameters processed by the application

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Type authenticationType, String... processedParameters)

      Creates a JWS authenticator with the specified JWS service, original authentication type and processed parameters.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      processedParameters - the parameters processed by the application

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Class<A> authenticationType, Publisher<? extends JWK> keys, String... processedParameters)

      Creates a JWS authenticator with the specified JWS service, original authentication type, keys and processed parameters.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      keys - the keys to consider to verify the JWS
      processedParameters - the parameters processed by the application

    • JWSAuthenticator

      public JWSAuthenticator(JWSService jwsService, Type authenticationType, Publisher<? extends JWK> keys, String... processedParameters)

      Creates a JWS authenticator with the specified JWS service, original authentication type, keys and processed parameters.

      Parameters:
      jwsService - the JWS service
      authenticationType - the original authentication type
      keys - the keys to consider to verify the JWS
      processedParameters - the parameters processed by the application

  • Method Details

    • authenticate

      public Mono<JWSAuthentication<A>> authenticate(TokenCredentials credentials)
      Description copied from interface: Authenticator

      Authenticates the specified credentials and returns an authentication.

      Implementations can return an empty mono to indicate that they were unable to authenticate the credentials. This does not mean credentials are invalid, this simply mean that a particular authenticator does not manage them and therefore can's possibly determine whether they are valid. For example, when considering login credentials composed of a user and a password, an authenticator which does not manage that particular user can return an empty mono.

      Implementations must return denied authentications with AuthenticationException when they were able to authenticate credentials which turned out to be invalid. For example, a login credentials authenticator must return a denied authentication exception when it does manage a particular username but the provided password was invalid.

      A denied authentication can also bre reported by throwing an AuthenticationException when returning an actual authentication instance is not practical.

      Specified by:
      authenticate in interface Authenticator<TokenCredentials,JWSAuthentication<A extends Authentication>>
      Parameters:
      credentials - the credentials to authenticate
      Returns:
      a mono emitting an authentication, an error mono or an empty mono if the authenticator could not authenticate the credentials