Class UserPrincipalManager
java.lang.Object
com.azure.spring.cloud.autoconfigure.aad.filter.UserPrincipalManager
A user principal manager to load user info from JWT.
-
Constructor Summary
ConstructorDescriptionUserPrincipalManager
(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck) Create a newUserPrincipalManager
based of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()
UserPrincipalManager
(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache) Create a newUserPrincipalManager
based of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()
()}UserPrincipalManager
(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> keySource) ø Creates a newUserPrincipalManager
with a predefinedJWKSource
. -
Method Summary
Modifier and TypeMethodDescriptionbuildUserPrincipal
(String aadIssuedBearerToken) Parse the id token toUserPrincipal
.boolean
isTokenIssuedByAad
(String token) Whether the token was issued by AAD.
-
Constructor Details
-
UserPrincipalManager
public UserPrincipalManager(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> keySource) ø Creates a newUserPrincipalManager
with a predefinedJWKSource
.This is helpful in cases the JWK is not a remote JWKSet or for unit testing.
- Parameters:
keySource
- -JWKSource
containing at least one key
-
UserPrincipalManager
public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck) Create a newUserPrincipalManager
based of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()
- Parameters:
endpoints
- - used to retrieve the JWKS URLaadAuthenticationProperties
- - used to retrieve the environment.resourceRetriever
- - configures theRemoteJWKSet
call.explicitAudienceCheck
- Whether explicitly check the audience.- Throws:
IllegalArgumentException
- If AAD key discovery URI is malformed.
-
UserPrincipalManager
public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache) Create a newUserPrincipalManager
based of theAadAuthorizationServerEndpoints.getJwkSetEndpoint()
()}- Parameters:
endpoints
- - used to retrieve the JWKS URLaadAuthenticationProperties
- - used to retrieve the environment.resourceRetriever
- - configures theRemoteJWKSet
call.jwkSetCache
- - used to cache the JWK set for a finite time, default set to 5 minutes which matches constructor above if no jwkSetCache is passed inexplicitAudienceCheck
- Whether explicitly check the audience.- Throws:
IllegalArgumentException
- If AAD key discovery URI is malformed.
-
-
Method Details
-
buildUserPrincipal
public UserPrincipal buildUserPrincipal(String aadIssuedBearerToken) throws ParseException, com.nimbusds.jose.JOSEException, com.nimbusds.jose.proc.BadJOSEException Parse the id token toUserPrincipal
.- Parameters:
aadIssuedBearerToken
- The token issued by AAD.- Returns:
- The parsed
UserPrincipal
. - Throws:
ParseException
- If the token couldn't be parsed to a valid JWS object.com.nimbusds.jose.JOSEException
- If an internal processing exception is encountered.com.nimbusds.jose.proc.BadJOSEException
- If the JWT is rejected.
-
isTokenIssuedByAad
Whether the token was issued by AAD.- Parameters:
token
- the token- Returns:
- whether the token was issued by AAD
-