Spring Multi JWK Sources

Provide multiple JWKs to Spring security

License	License The Apache License, Version 2.0
Categories	Categories Ant Build Tools Net Security
GroupId	GroupId net.savantly.security
ArtifactId	ArtifactId spring-multi-jwk-source
Last Version	Last Version 0.0.1.RELEASE
Release Date	Release Date Apr 3, 2020
Type	Type jar
Description	Description Spring Multi JWK Sources Provide multiple JWKs to Spring security
Project URL	Project URL https://github.com/savantly-net/spring-multi-jwk-source
Source Code Management	Source Code Management http://github.com/savantly-net/spring-multi-jwk-source/tree/master

Download spring-multi-jwk-source

Filename	Size
spring-multi-jwk-source-0.0.1.RELEASE.pom
spring-multi-jwk-source-0.0.1.RELEASE.jar	11 KB
spring-multi-jwk-source-0.0.1.RELEASE-sources.jar	6 KB
spring-multi-jwk-source-0.0.1.RELEASE-javadoc.jar	402 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/net.savantly.security/spring-multi-jwk-source/ -->
<dependency>
    <groupId>net.savantly.security</groupId>
    <artifactId>spring-multi-jwk-source</artifactId>
    <version>0.0.1.RELEASE</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/net.savantly.security/spring-multi-jwk-source/
implementation 'net.savantly.security:spring-multi-jwk-source:0.0.1.RELEASE'

Gradle Kotlin

// https://jarcasting.com/artifacts/net.savantly.security/spring-multi-jwk-source/
implementation ("net.savantly.security:spring-multi-jwk-source:0.0.1.RELEASE")

Apache Buildr

'net.savantly.security:spring-multi-jwk-source:jar:0.0.1.RELEASE'

Apache Ivy

<dependency org="net.savantly.security" name="spring-multi-jwk-source" rev="0.0.1.RELEASE">
  <artifact name="spring-multi-jwk-source" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='net.savantly.security', module='spring-multi-jwk-source', version='0.0.1.RELEASE')
)

Scala SBT

libraryDependencies += "net.savantly.security" % "spring-multi-jwk-source" % "0.0.1.RELEASE"

Leiningen

[net.savantly.security/spring-multi-jwk-source "0.0.1.RELEASE"]

Dependencies

compile (5)

Group / Artifact	Type	Version
com.nimbusds : nimbus-jose-jwt	jar	8.5
org.springframework.security : spring-security-oauth2-client	jar
org.springframework.security : spring-security-oauth2-jose	jar
org.springframework.security : spring-security-oauth2-resource-server	jar
com.fasterxml.jackson.core : jackson-databind	jar

runtime (1)

Group / Artifact	Type	Version
org.springframework : spring-webflux	jar

test (8)

Group / Artifact	Type	Version
org.junit.jupiter : junit-jupiter-engine	jar
org.junit.jupiter : junit-jupiter-api	jar
org.junit.jupiter : junit-jupiter-params	jar
org.springframework.boot : spring-boot	jar
org.springframework.security : spring-security-test	jar
org.springframework.boot : spring-boot-test	jar
org.springframework.boot : spring-boot-starter-webflux	jar
org.springframework.cloud : spring-cloud-starter-security	jar

Project Modules

There are no modules declared in this project.

Spring Multi JWK sources

Currently only Webflux is support.
Gladly accepting PRs!

Quick start

gradle

compile 'net.savantly.security:spring-multi-jwk-source:0.0.1.RELEASE'

Maven

<dependency>
  <groupId>net.savantly.security</groupId>
  <artifactId>spring-multi-jwk-source</artifactId>
  <version>0.0.1.RELEASE</version>
</dependency>

Example Usage

@SpringBootApplication(exclude = {ReactiveOAuth2ResourceServerAutoConfiguration.class})
@Controller
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class TestReactiveApplication {

	private String oidcIssuerLocation = "https://dev-931599.okta.com/oauth2/default/v1/keys";
	private JwtService jwtService;
	
	public TestReactiveApplication() throws IOException, JOSEException, ParseException {
		// Use our custom Jwt Service to sign 
		// our Jwt service has it's own key pair, that we'll use in addition to the external OIDC
		this.jwtService = new JwtService(new ClassPathResource("test-rsa"));
	}
    
    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        http
            .authorizeExchange()
                .anyExchange().permitAll()
                .and()
                .csrf().disable()
                .oauth2Login().and()
            .oauth2ResourceServer()
                .jwt().jwtDecoder(jwtDecoder());
        return http.build();
    }
    
    @Bean
    public ReactiveMultiJwtDecoder jwtDecoder() {
    	// pass multiple JWK sources into the constructor
    	ReactiveMultiJwtDecoder jwtDecoder = new ReactiveMultiJwtDecoder(oidcIssuerLocation, jwtService.getRsaPublicJWK());
		return jwtDecoder;
    }
}

Savantly

Savantly custom software solutions for your business

Versions

Version
0.0.1.RELEASE Apr 3, 2020

Spring Multi JWK Sources

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management