Package org.springframework.security.oauth2.server.resource.authentication

Class DelegatingJwtGrantedAuthoritiesConverter

java.lang.Object
org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
All Implemented Interfaces:
org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,Collection<org.springframework.security.core.GrantedAuthority>>
public class DelegatingJwtGrantedAuthoritiesConverter extends Object implements org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,Collection<org.springframework.security.core.GrantedAuthority>>
A Jwt to GrantedAuthority Converter that is a composite of converters.

This is handy when needing to read authorities from multiple locations in a JWT; each underlying converter is called in series and the results are aggregated into a single collection of authorities.

For example, you might have a claim called "scope" and another called "roles". With DelegatingJwtGrantedAuthoritiesConverter, you can do: JwtGrantedAuthoritiesConverter scopes = new JwtGrantedAuthoritiesConverter(); JwtGrantedAuthoritiesConverter roles = new JwtGrantedAUthoritiesConverter(); roles.setAuthoritiesClaimName("roles"); roles.setAuthorityPrefix("ROLE_"); return new DelegatingJwtGrantedAuthoritiesConverter(scopes, roles);

Since:
5.5
See Also:

  • Constructor Details

    • DelegatingJwtGrantedAuthoritiesConverter

      public DelegatingJwtGrantedAuthoritiesConverter(Collection<org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,Collection<org.springframework.security.core.GrantedAuthority>>> authoritiesConverters)
      Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided Collection of Converters
      Parameters:
      authoritiesConverters - the Collection of Converters to use

    • DelegatingJwtGrantedAuthoritiesConverter

      @SafeVarargs public DelegatingJwtGrantedAuthoritiesConverter(org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,Collection<org.springframework.security.core.GrantedAuthority>>... authoritiesConverters)
      Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided array of Converters
      Parameters:
      authoritiesConverters - the array of Converters to use

  • Method Details

    • convert

      public Collection<org.springframework.security.core.GrantedAuthority> convert(org.springframework.security.oauth2.jwt.Jwt jwt)
      Extract GrantedAuthoritys from the given Jwt.

      The authorities are extracted from each delegated Converter one at a time. For each converter, its authorities are added in order, with duplicates removed.

      Specified by:
      convert in interface org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,Collection<org.springframework.security.core.GrantedAuthority>>
      Parameters:
      jwt - The Jwt token
      Returns:
      The authorities read from the token scopes