Add JwtEncoderAlternative

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwsHeaderMutator.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.jwt;
+
+import java.util.Map;
+import java.util.function.Consumer;
+
+import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
+
+public interface JwsHeaderMutator<M extends JwsHeaderMutator<M>> {
+	/**
+	 * Set the algorithm {@code (alg)} header which identifies the algorithm
+	 * used when signing the JWS
+	 *
+	 * @return the {@link JwsHeaderMutator} for more customizations
+	 */
+	default M algorithm(JwsAlgorithm jws) {
+		return header(JoseHeaderNames.ALG, jws);
+	}
+
+	/**
+	 * Set a header that is critical for decoders to understand
+	 *
+	 * @param name the header name
+	 * @param value the header value
+	 * @return the {@link JwsHeaderMutator} for more customizations
+	 */
+	default M criticalHeader(String name, Object value) {
+		return criticalHeaders((crit) -> crit.put(name, value));
+	}
+
+	M criticalHeaders(Consumer<Map<String, Object>> criticalHeadersConsumer);
+
+	/**
+	 * Set a header
+	 *
+	 * Note that key-specific headers are typically best specified by the encoder
+	 * itself.
+	 *
+	 * See {@link JwtEncoderAlternative}
+	 */
+	default M header(String name, Object value) {
+		return headers((headers) -> headers.put(name, value));
+	}
+
+	M headers(Consumer<Map<String, Object>> headersConsumer);
+}

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java

@@ -17,7 +17,6 @@
 package org.springframework.security.oauth2.jwt;
 
 import java.time.Instant;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -103,7 +102,7 @@ public static Builder withTokenValue(String tokenValue) {
 	 * @author Josh Cummings
 	 * @since 5.2
 	 */
-	public static final class Builder {
+	public static final class Builder implements JwtClaimMutator<Builder> {
 
 		private String tokenValue;
 
@@ -116,24 +115,13 @@ private Builder(String tokenValue) {
 		}
 
 		/**
-		 * Use this token value in the resulting {@link Jwt}
-		 * @param tokenValue The token value to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder tokenValue(String tokenValue) {
-			this.tokenValue = tokenValue;
-			return this;
-		}
-
-		/**
-		 * Use this claim in the resulting {@link Jwt}
-		 * @param name The claim name
-		 * @param value The claim value
+		 * Use this header in the resulting {@link Jwt}
+		 * @param name The header name
+		 * @param value The header value
 		 * @return the {@link Builder} for further configurations
 		 */
-		public Builder claim(String name, Object value) {
-			this.claims.put(name, value);
-			return this;
+		public Builder header(String name, Object value) {
+			return headers((headers) -> headers.put(name, value));
 		}
 
 		/**
@@ -142,22 +130,12 @@ public Builder claim(String name, Object value) {
 		 * @param claimsConsumer the consumer
 		 * @return the {@link Builder} for further configurations
 		 */
+		@Override
 		public Builder claims(Consumer<Map<String, Object>> claimsConsumer) {
 			claimsConsumer.accept(this.claims);
 			return this;
 		}
 
-		/**
-		 * Use this header in the resulting {@link Jwt}
-		 * @param name The header name
-		 * @param value The header value
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder header(String name, Object value) {
-			this.headers.put(name, value);
-			return this;
-		}
-
 		/**
 		 * Provides access to every {@link #header(String, Object)} declared so far with
 		 * the possibility to add, replace, or remove.
@@ -169,72 +147,17 @@ public Builder headers(Consumer<Map<String, Object>> headersConsumer) {
 			return this;
 		}
 
-		/**
-		 * Use this audience in the resulting {@link Jwt}
-		 * @param audience The audience(s) to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder audience(Collection<String> audience) {
-			return claim(JwtClaimNames.AUD, audience);
-		}
-
-		/**
-		 * Use this expiration in the resulting {@link Jwt}
-		 * @param expiresAt The expiration to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder expiresAt(Instant expiresAt) {
-			this.claim(JwtClaimNames.EXP, expiresAt);
-			return this;
-		}
-
-		/**
-		 * Use this identifier in the resulting {@link Jwt}
-		 * @param jti The identifier to use
-		 * @return the {@link Builder} for further configurations
-		 */
 		public Builder jti(String jti) {
-			this.claim(JwtClaimNames.JTI, jti);
-			return this;
-		}
-
-		/**
-		 * Use this issued-at timestamp in the resulting {@link Jwt}
-		 * @param issuedAt The issued-at timestamp to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder issuedAt(Instant issuedAt) {
-			this.claim(JwtClaimNames.IAT, issuedAt);
-			return this;
+			return id(jti);
 		}
 
 		/**
-		 * Use this issuer in the resulting {@link Jwt}
-		 * @param issuer The issuer to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder issuer(String issuer) {
-			this.claim(JwtClaimNames.ISS, issuer);
-			return this;
-		}
-
-		/**
-		 * Use this not-before timestamp in the resulting {@link Jwt}
-		 * @param notBefore The not-before timestamp to use
-		 * @return the {@link Builder} for further configurations
-		 */
-		public Builder notBefore(Instant notBefore) {
-			this.claim(JwtClaimNames.NBF, notBefore);
-			return this;
-		}
-
-		/**
-		 * Use this subject in the resulting {@link Jwt}
-		 * @param subject The subject to use
+		 * Use this token value in the resulting {@link Jwt}
+		 * @param tokenValue The token value to use
 		 * @return the {@link Builder} for further configurations
 		 */
-		public Builder subject(String subject) {
-			this.claim(JwtClaimNames.SUB, subject);
+		public Builder tokenValue(String tokenValue) {
+			this.tokenValue = tokenValue;
 			return this;
 		}
 

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtClaimMutator.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.jwt;
+
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Consumer;
+
+/**
+ * A claims mutator for the "claims" that may be contained in the JSON
+ * object JWT Claims Set of a JSON Web Token (JWT).
+ *
+ * @author Josh Cummings
+ * @since 5.5
+ * @see JwtClaimNames
+ * @see Jwt
+ * @see <a target="_blank" href=
+ * "https://tools.ietf.org/html/rfc7519#section-4.1">Registered Claim Names</a>
+ */
+public interface JwtClaimMutator<M extends JwtClaimMutator<M>> {
+
+	/**
+	 * Returns the Issuer {@code (iss)} claim which identifies the principal that issued
+	 * the JWT.
+	 * @return the Issuer identifier
+	 */
+	default M issuer(String uri) {
+		return claim(JwtClaimNames.ISS, uri);
+	}
+
+	/**
+	 * Returns the Subject {@code (sub)} claim which identifies the principal that is the
+	 * subject of the JWT.
+	 * @return the Subject identifier
+	 */
+	default M subject(String sub) {
+		return claim(JwtClaimNames.SUB, sub);
+	}
+
+	/**
+	 * Returns the Audience {@code (aud)} claim which identifies the recipient(s) that the
+	 * JWT is intended for.
+	 * @return the Audience(s) that this JWT intended for
+	 */
+	default M audience(List<String> audience) {
+		return claim(JwtClaimNames.AUD, audience);
+	}
+
+	/**
+	 * Returns the Expiration time {@code (exp)} claim which identifies the expiration
+	 * time on or after which the JWT MUST NOT be accepted for processing.
+	 * @return the Expiration time on or after which the JWT MUST NOT be accepted for
+	 * processing
+	 */
+	default M expiresAt(Instant expiresAt) {
+		return claim(JwtClaimNames.EXP, expiresAt);
+	}
+
+	/**
+	 * Returns the Not Before {@code (nbf)} claim which identifies the time before which
+	 * the JWT MUST NOT be accepted for processing.
+	 * @return the Not Before time before which the JWT MUST NOT be accepted for
+	 * processing
+	 */
+	default M notBefore(Instant notBefore) {
+		return claim(JwtClaimNames.NBF, notBefore);
+	}
+
+	/**
+	 * Returns the Issued at {@code (iat)} claim which identifies the time at which the
+	 * JWT was issued.
+	 * @return the Issued at claim which identifies the time at which the JWT was issued
+	 */
+	default M issuedAt(Instant issuedAt) {
+		return claim(JwtClaimNames.IAT, issuedAt);
+	}
+
+	/**
+	 * Sets the JWT ID {@code (jti)} claim which provides a unique identifier for the
+	 * JWT.
+	 * @return the {@link JwtClaimMutator} for more customizations
+	 */
+	default M id(String id) {
+		return claim(JwtClaimNames.JTI, id);
+	}
+
+	default M claim(String name, Object value) {
+		claims((claims) -> claims.put(name, value));
+		return (M) this;
+	}
+
+	M claims(Consumer<Map<String, Object>> claimsConsumer);
+}

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtEncoderAlternative.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.jwt;
+
+import java.util.function.Consumer;
+
+/**
+ * Encodes and signs JWTs, implementations may also support encryption.
+ */
+public interface JwtEncoderAlternative {
+
+	/**
+	 * Return a {@link JwtMutator} for specifying any claims or headers needed in the JWT
+	 *
+	 * @return a parameter mutator
+	 */
+	JwtMutator<?> encoder();
+
+	/**
+	 * A parameter mutator for specifying headers and claims to encode
+	 */
+	interface JwtMutator<B extends JwtMutator<B>> {
+		/**
+		 * Mutate the JWS headers
+		 *
+		 * @param headersConsumer the {@link Consumer} that mutates the JWS headers
+		 * @return the {@link JwtMutator} for further customizations
+		 */
+		B jwsHeaders(Consumer<JwsHeaderMutator<?>> headersConsumer);
+
+		/**
+		 * Mutate the JWT Claims Set
+		 *
+		 * @param claimsConsumer the {@link Consumer} that mutates the JWT Claims Set
+		 * @return the {@link JwtMutator} for further customizations
+		 */
+		B claims(Consumer<JwtClaimMutator<?>> claimsConsumer);
+
+		/**
+		 * Sign and serialize the JWT
+		 *
+		 * @return the signed and serialized JWT
+		 */
+		String encode();
+	}
+}