Skip to content

Commit 7df85a2

Browse files
jzheauxjzheaux
committed
Polish NimbusJwtDecoder
1 parent ab43a66 commit 7df85a2

File tree

1 file changed

+11
-21
lines changed

1 file changed

+11
-21
lines changed

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java

+11-21
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Obje
130130
* Decode and validate the JWT from its compact claims representation format
131131
* @param token the JWT value
132132
* @return a validated {@link Jwt}
133-
* @throws JwtException
133+
* @throws JwtException when the token is malformed or otherwise invalid
134134
*/
135135
@Override
136136
public Jwt decode(String token) throws JwtException {
@@ -274,14 +274,14 @@ public static final class JwkSetUriJwtDecoderBuilder {
274274
private static final JOSEObjectTypeVerifier<SecurityContext> NO_TYPE_VERIFIER = (header, context) -> {
275275
};
276276

277-
private Function<RestOperations, String> jwkSetUri;
277+
private final Function<RestOperations, String> jwkSetUri;
278278

279279
private Function<JWKSource<SecurityContext>, Set<JWSAlgorithm>> defaultAlgorithms = (source) -> Set
280280
.of(JWSAlgorithm.RS256);
281281

282282
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
283283

284-
private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
284+
private final Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
285285

286286
private RestOperations restOperations = new RestTemplate();
287287

@@ -337,9 +337,7 @@ private JwkSetUriJwtDecoderBuilder(Function<RestOperations, String> jwkSetUri,
337337
*
338338
* <p>
339339
* The difference is that by setting this to {@code false}, it allows you to
340-
* provide validation by type, like for {@code at+jwt}:
341-
*
342-
* <code>
340+
* provide validation by type, like for {@code at+jwt}: <code>
343341
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
344342
* .validateType(false)
345343
* .build();
@@ -388,8 +386,8 @@ public JwkSetUriJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>
388386
* <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well
389387
* as the <a href=
390388
* "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
391-
* @param restOperations
392-
* @return
389+
* @param restOperations the {@link RestOperations} instance to use
390+
* @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
393391
*/
394392
public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) {
395393
Assert.notNull(restOperations, "restOperations cannot be null");
@@ -552,7 +550,7 @@ public static final class PublicKeyJwtDecoderBuilder {
552550

553551
private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
554552

555-
private RSAPublicKey key;
553+
private final RSAPublicKey key;
556554

557555
private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
558556

@@ -595,9 +593,7 @@ private PublicKeyJwtDecoderBuilder(RSAPublicKey key) {
595593
*
596594
* <p>
597595
* The difference is that by setting this to {@code false}, it allows you to
598-
* provide validation by type, like for {@code at+jwt}:
599-
*
600-
* <code>
596+
* provide validation by type, like for {@code at+jwt}: <code>
601597
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
602598
* .validateType(false)
603599
* .build();
@@ -616,9 +612,7 @@ public PublicKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
616612
/**
617613
* Use the given signing
618614
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
619-
* "_blank">algorithm</a>.
620-
*
621-
* The value should be one of
615+
* "_blank">algorithm</a>. The value should be one of
622616
* <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
623617
* "_blank">RS256, RS384, or RS512</a>.
624618
* @param signatureAlgorithm the algorithm to use
@@ -728,9 +722,7 @@ private SecretKeyJwtDecoderBuilder(SecretKey secretKey) {
728722
*
729723
* <p>
730724
* The difference is that by setting this to {@code false}, it allows you to
731-
* provide validation by type, like for {@code at+jwt}:
732-
*
733-
* <code>
725+
* provide validation by type, like for {@code at+jwt}: <code>
734726
* NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
735727
* .validateType(false)
736728
* .build();
@@ -749,9 +741,7 @@ public SecretKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
749741
/**
750742
* Use the given
751743
* <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
752-
* "_blank">algorithm</a> when generating the MAC.
753-
*
754-
* The value should be one of
744+
* "_blank">algorithm</a> when generating the MAC. The value should be one of
755745
* <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
756746
* "_blank">HS256, HS384 or HS512</a>.
757747
* @param macAlgorithm the MAC algorithm to use

0 commit comments

Comments
 (0)