Package com.azure.spring.cloud.autoconfigure.aad.filter

Class UserPrincipalManager

java.lang.Object
com.azure.spring.cloud.autoconfigure.aad.filter.UserPrincipalManager
public class UserPrincipalManager extends Object
A user principal manager to load user info from JWT.

  • Constructor Details

    • UserPrincipalManager

      public UserPrincipalManager(com.nimbusds.jose.jwk.source.JWKSource<com.nimbusds.jose.proc.SecurityContext> keySource)
      ø Creates a new UserPrincipalManager with a predefined JWKSource.

      This is helpful in cases the JWK is not a remote JWKSet or for unit testing.

      Parameters:
      keySource - - JWKSource containing at least one key

    • UserPrincipalManager

      public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck)
      Create a new UserPrincipalManager based of the AadAuthorizationServerEndpoints.getJwkSetEndpoint()
      Parameters:
      endpoints - - used to retrieve the JWKS URL
      aadAuthenticationProperties - - used to retrieve the environment.
      resourceRetriever - - configures the RemoteJWKSet call.
      explicitAudienceCheck - Whether explicitly check the audience.
      Throws:
      IllegalArgumentException - If AAD key discovery URI is malformed.

    • UserPrincipalManager

      public UserPrincipalManager(AadAuthorizationServerEndpoints endpoints, AadAuthenticationProperties aadAuthenticationProperties, com.nimbusds.jose.util.ResourceRetriever resourceRetriever, boolean explicitAudienceCheck, com.nimbusds.jose.jwk.source.JWKSetCache jwkSetCache)
      Create a new UserPrincipalManager based of the AadAuthorizationServerEndpoints.getJwkSetEndpoint() ()}
      Parameters:
      endpoints - - used to retrieve the JWKS URL
      aadAuthenticationProperties - - used to retrieve the environment.
      resourceRetriever - - configures the RemoteJWKSet call.
      jwkSetCache - - used to cache the JWK set for a finite time, default set to 5 minutes which matches constructor above if no jwkSetCache is passed in
      explicitAudienceCheck - Whether explicitly check the audience.
      Throws:
      IllegalArgumentException - If AAD key discovery URI is malformed.

  • Method Details

    • buildUserPrincipal

      public UserPrincipal buildUserPrincipal(String aadIssuedBearerToken) throws ParseException, com.nimbusds.jose.JOSEException, com.nimbusds.jose.proc.BadJOSEException
      Parse the id token to UserPrincipal.
      Parameters:
      aadIssuedBearerToken - The token issued by AAD.
      Returns:
      The parsed UserPrincipal.
      Throws:
      ParseException - If the token couldn't be parsed to a valid JWS object.
      com.nimbusds.jose.JOSEException - If an internal processing exception is encountered.
      com.nimbusds.jose.proc.BadJOSEException - If the JWT is rejected.

    • isTokenIssuedByAad

      public boolean isTokenIssuedByAad(String token)
      Whether the token was issued by AAD.
      Parameters:
      token - the token
      Returns:
      whether the token was issued by AAD