Polish NimbusJwtDecoder

spring-projects · Feb 27, 2025 · 7df85a2 · 7df85a2
1 parent ab43a66
commit 7df85a2
Showing 1 changed file with 11 additions and 21 deletions.
diff --git a/...2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/...2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -130,7 +130,7 @@ public void setClaimSetConverter(Converter<Map<String, Object>, Map<String, Obje
 	 * Decode and validate the JWT from its compact claims representation format
 	 * @param token the JWT value
 	 * @return a validated {@link Jwt}
-	 * @throws JwtException
+	 * @throws JwtException when the token is malformed or otherwise invalid
 	 */
 	@Override
 	public Jwt decode(String token) throws JwtException {
@@ -274,14 +274,14 @@ public static final class JwkSetUriJwtDecoderBuilder {
 		private static final JOSEObjectTypeVerifier<SecurityContext> NO_TYPE_VERIFIER = (header, context) -> {
 		};
 
-		private Function<RestOperations, String> jwkSetUri;
+		private final Function<RestOperations, String> jwkSetUri;
 
 		private Function<JWKSource<SecurityContext>, Set<JWSAlgorithm>> defaultAlgorithms = (source) -> Set
 			.of(JWSAlgorithm.RS256);
 
 		private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
 
-		private Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
+		private final Set<SignatureAlgorithm> signatureAlgorithms = new HashSet<>();
 
 		private RestOperations restOperations = new RestTemplate();
 
@@ -337,9 +337,7 @@ private JwkSetUriJwtDecoderBuilder(Function<RestOperations, String> jwkSetUri,
 		 *
 		 * <p>
 		 * The difference is that by setting this to {@code false}, it allows you to
-		 * provide validation by type, like for {@code at+jwt}:
-		 *
-		 * <code>
+		 * provide validation by type, like for {@code at+jwt}: <code>
 		 *     NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
 		 *         .validateType(false)
 		 *         .build();
@@ -388,8 +386,8 @@ public JwkSetUriJwtDecoderBuilder jwsAlgorithms(Consumer<Set<SignatureAlgorithm>
 		 * <a href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> uri as well
 		 * as the <a href=
 		 * "https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier">Issuer</a>.
-		 * @param restOperations
-		 * @return
+		 * @param restOperations the {@link RestOperations} instance to use
+		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 		 */
 		public JwkSetUriJwtDecoderBuilder restOperations(RestOperations restOperations) {
 			Assert.notNull(restOperations, "restOperations cannot be null");
@@ -552,7 +550,7 @@ public static final class PublicKeyJwtDecoderBuilder {
 
 		private JOSEObjectTypeVerifier<SecurityContext> typeVerifier = JWT_TYPE_VERIFIER;
 
-		private RSAPublicKey key;
+		private final RSAPublicKey key;
 
 		private Consumer<ConfigurableJWTProcessor<SecurityContext>> jwtProcessorCustomizer;
 
@@ -595,9 +593,7 @@ private PublicKeyJwtDecoderBuilder(RSAPublicKey key) {
 		 *
 		 * <p>
 		 * The difference is that by setting this to {@code false}, it allows you to
-		 * provide validation by type, like for {@code at+jwt}:
-		 *
-		 * <code>
+		 * provide validation by type, like for {@code at+jwt}: <code>
 		 *     NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
 		 *         .validateType(false)
 		 *         .build();
@@ -616,9 +612,7 @@ public PublicKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
 		/**
 		 * Use the given signing
 		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
-		 * "_blank">algorithm</a>.
-		 *
-		 * The value should be one of
+		 * "_blank">algorithm</a>. The value should be one of
 		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target=
 		 * "_blank">RS256, RS384, or RS512</a>.
 		 * @param signatureAlgorithm the algorithm to use
@@ -728,9 +722,7 @@ private SecretKeyJwtDecoderBuilder(SecretKey secretKey) {
 		 *
 		 * <p>
 		 * The difference is that by setting this to {@code false}, it allows you to
-		 * provide validation by type, like for {@code at+jwt}:
-		 *
-		 * <code>
+		 * provide validation by type, like for {@code at+jwt}: <code>
 		 *     NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(issuer)
 		 *         .validateType(false)
 		 *         .build();
@@ -749,9 +741,7 @@ public SecretKeyJwtDecoderBuilder validateType(boolean shouldValidateTypHeader)
 		/**
 		 * Use the given
 		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target=
-		 * "_blank">algorithm</a> when generating the MAC.
-		 *
-		 * The value should be one of
+		 * "_blank">algorithm</a> when generating the MAC. The value should be one of
 		 * <a href="https://tools.ietf.org/html/rfc7518#section-3.2" target=
 		 * "_blank">HS256, HS384 or HS512</a>.
 		 * @param macAlgorithm the MAC algorithm to use