Skip to content

Commit 46b3174

Browse files
jzheauxjzheaux
committed
Polish NimbusJwtDecoder
1 parent 3611463 commit 46b3174

File tree

1 file changed

+11
-21
lines changed

1 file changed

+11
-21
lines changed

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java

+11-21
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Obje
130130
* Decode and validate the JWT from its compact claims representation format
131131
* @param token the JWT value
132132
* @return a validated {@link Jwt}
133-
* @throws JwtException
133+
* @throws JwtException when the token is malformed or otherwise invalid
134134
*/
135135
@Override
136136
public Jwt decode(String token) throws JwtException {
@@ -274,14 +274,14 @@ public static final class JwkSetUriJwtDecoderBuilder {
274274
private static final JOSEObjectTypeVerifier<SecurityContext> NO_TYPE_VERIFIER = (header, context) -> {
275275
};
276276

277-
private Function<RestOperations, String> jwkSetUri;
277+
private final Function<RestOperations, String> jwkSetUri;
278278

279279
private Function<JWKSource<SecurityContext>, Set<JWSAlgorithm>> defaultAlgorithms = (source) -> Set
280280
.of(JWSAlgorithm.RS256);
281281

282282
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
283283

284-
private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
284+
private final Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
285285

286286
private RestOperations restOperations = new RestTemplate();
287287

@@ -336,9 +336,7 @@ private JwkSetUriJwtDecoderBuilder(Function<RestOperations, String> jwkSetUri,
336336
*
337337
* <p>
338338
* The difference is that by setting this to {@code false}, it allows you to
339-
* provide validation by type, like for {@code at+jwt}:
340-
*
341-
* <code>
339+
* provide validation by type, like for {@code at+jwt}: <code>
342340
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
343341
* .validateType(false)
344342
* .build();
@@ -387,8 +385,8 @@ public JwkSetUriJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>
387385
* <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well
388386
* as the <a href=
389387
* "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
390-
* @param restOperations
391-
* @return
388+
* @param restOperations the {@link RestOperations} instance to use
389+
* @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
392390
*/
393391
public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) {
394392
Assert.notNull(restOperations, "restOperations cannot be null");
@@ -551,7 +549,7 @@ public static final class PublicKeyJwtDecoderBuilder {
551549

552550
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
553551

554-
private RSAPublicKey key;
552+
private final RSAPublicKey key;
555553

556554
private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
557555

@@ -593,9 +591,7 @@ private PublicKeyJwtDecoderBuilder(RSAPublicKey key) {
593591
*
594592
* <p>
595593
* The difference is that by setting this to {@code false}, it allows you to
596-
* provide validation by type, like for {@code at+jwt}:
597-
*
598-
* <code>
594+
* provide validation by type, like for {@code at+jwt}: <code>
599595
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
600596
* .validateType(false)
601597
* .build();
@@ -614,9 +610,7 @@ public PublicKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
614610
/**
615611
* Use the given signing
616612
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
617-
* "_blank">algorithm</a>.
618-
*
619-
* The value should be one of
613+
* "_blank">algorithm</a>. The value should be one of
620614
* <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
621615
* "_blank">RS256, RS384, or RS512</a>.
622616
* @param signatureAlgorithm the algorithm to use
@@ -725,9 +719,7 @@ private SecretKeyJwtDecoderBuilder(SecretKey secretKey) {
725719
*
726720
* <p>
727721
* The difference is that by setting this to {@code false}, it allows you to
728-
* provide validation by type, like for {@code at+jwt}:
729-
*
730-
* <code>
722+
* provide validation by type, like for {@code at+jwt}: <code>
731723
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
732724
* .validateType(false)
733725
* .build();
@@ -746,9 +738,7 @@ public SecretKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
746738
/**
747739
* Use the given
748740
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
749-
* "_blank">algorithm</a> when generating the MAC.
750-
*
751-
* The value should be one of
741+
* "_blank">algorithm</a> when generating the MAC. The value should be one of
752742
* <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
753743
* "_blank">HS256, HS384 or HS512</a>.
754744
* @param macAlgorithm the MAC algorithm to use

0 commit comments

Comments
 (0)