Class JwtAuthenticationSecurityConfiguration
java.lang.Object
org.apache.nifi.web.security.configuration.JwtAuthenticationSecurityConfiguration
JSON Web Token Configuration for Authentication Security
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final Authorizerprivate final org.springframework.security.oauth2.jwt.JwtDecoderprivate final JwtRevocationServiceprivate final Durationprivate final NiFiPropertiesprivate final StandardVerificationKeySelectorprivate final VerificationKeyService -
Constructor Summary
ConstructorsConstructorDescriptionJwtAuthenticationSecurityConfiguration(NiFiProperties niFiProperties, Authorizer authorizer, org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder, JwtRevocationService jwtRevocationService, StandardVerificationKeySelector standardVerificationKeySelector, VerificationKeyService verificationKeyService) -
Method Summary
Modifier and TypeMethodDescriptionAuthentication Entry Point delegating to Bearer Token Entry Point for returning headers on authentication failuresorg.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilterbearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, NiFiWebAuthenticationDetails> authenticationDetailsSource) Bearer Token Authentication Filter responsible for reading and authenticating Bearer JSON Web Tokens from HTTP RequestsApplication Bearer Token Provider responsible for signing and encoding new JSON Web Tokensorg.springframework.security.oauth2.server.resource.web.BearerTokenResolverBearer Token Resolver responsible for reading Bearer JSON Web Tokens from HTTP headers or cookiesorg.springframework.scheduling.concurrent.ThreadPoolTaskSchedulerCommand Scheduler responsible for running commands in background threadJSON Web Signature Signer Provider responsible for managing Bearer Token signing key pairsJSON Web Token Authentication Converter provides application User objectsorg.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProviderJSON Web Token Authentication Provider responsible for decoding and verifying Bearer Tokens from HTTP RequestsJSON Web Token Logout Listener responsible for revoking application Bearer Tokens after logout completionKey Expiration Command responsible for removing expired signing key pairskeyGenerationCommand(KeyPairGenerator keyPairGenerator) Key Generation Command responsible for rotating JSON Web Signature key pairs based on configurationRevocation Expiration Command responsible for removing expired application Bearer Token revocation records
-
Field Details
-
niFiProperties
-
authorizer
-
jwtDecoder
private final org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder -
jwtRevocationService
-
verificationKeySelector
-
verificationKeyService
-
keyRotationPeriod
-
-
Constructor Details
-
JwtAuthenticationSecurityConfiguration
@Autowired public JwtAuthenticationSecurityConfiguration(NiFiProperties niFiProperties, Authorizer authorizer, org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder, JwtRevocationService jwtRevocationService, StandardVerificationKeySelector standardVerificationKeySelector, VerificationKeyService verificationKeyService)
-
-
Method Details
-
bearerTokenAuthenticationFilter
@Bean public org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter bearerTokenAuthenticationFilter(org.springframework.security.authentication.AuthenticationManager authenticationManager, org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, NiFiWebAuthenticationDetails> authenticationDetailsSource) Bearer Token Authentication Filter responsible for reading and authenticating Bearer JSON Web Tokens from HTTP Requests- Parameters:
authenticationManager- Authentication Manager configured with JWT Authentication Provider- Returns:
- Bearer Token Authentication Filter
-
bearerTokenResolver
@Bean public org.springframework.security.oauth2.server.resource.web.BearerTokenResolver bearerTokenResolver()Bearer Token Resolver responsible for reading Bearer JSON Web Tokens from HTTP headers or cookies- Returns:
- Standard implementation of Bearer Token Resolver
-
authenticationEntryPoint
Authentication Entry Point delegating to Bearer Token Entry Point for returning headers on authentication failures- Returns:
- Authentication Entry Point
-
jwtAuthenticationProvider
@Bean public org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider jwtAuthenticationProvider()JSON Web Token Authentication Provider responsible for decoding and verifying Bearer Tokens from HTTP Requests- Returns:
- JSON Web Token Authentication Provider
-
jwtLogoutListener
JSON Web Token Logout Listener responsible for revoking application Bearer Tokens after logout completion- Returns:
- JSON Web Token Logout Listener using Revocation Service for tracking
-
jwtAuthenticationConverter
JSON Web Token Authentication Converter provides application User objects- Returns:
- Authentication Converter from JSON Web Tokens to User objects
-
bearerTokenProvider
Application Bearer Token Provider responsible for signing and encoding new JSON Web Tokens- Returns:
- Application Bearer Token Provider
-
issuerProvider
-
jwsSignerProvider
JSON Web Signature Signer Provider responsible for managing Bearer Token signing key pairs- Returns:
- JSON Web Signature Signer Provider
-
keyGenerationCommand
Key Generation Command responsible for rotating JSON Web Signature key pairs based on configuration- Parameters:
keyPairGenerator- Key Pair Generator for JSON Web Signatures- Returns:
- Key Generation Command scheduled according to application properties
-
keyExpirationCommand
Key Expiration Command responsible for removing expired signing key pairs- Returns:
- Key Expiration Command scheduled according to application properties
-
revocationExpirationCommand
Revocation Expiration Command responsible for removing expired application Bearer Token revocation records- Returns:
- Revocation Expiration Command scheduled according to application properties
-
commandScheduler
@Bean public org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler commandScheduler()Command Scheduler responsible for running commands in background thread- Returns:
- Thread Pool Task Scheduler with named threads
-