Skip to content

Commit 937acc5

Browse files
author
Stanislav Deviatykh
committed
Add jwtDecoder
1 parent 13f9344 commit 937acc5

File tree

1 file changed

+9
-11
lines changed

1 file changed

+9
-11
lines changed

mcp-server-security/src/main/java/org/springaicommunity/mcp/security/server/config/McpServerOAuth2Configurer.java

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ public class McpServerOAuth2Configurer extends AbstractHttpConfigurer<McpServerO
5454

5555
private boolean validateAudienceClaim = false;
5656

57-
private Consumer<NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder> jwtDecoderCustomizer = null;
57+
private NimbusJwtDecoder decoder = null;
5858

5959
public McpServerOAuth2Configurer authorizationServer(String issuerUri) {
6060
this.issuerUri = issuerUri;
@@ -92,8 +92,8 @@ public McpServerOAuth2Configurer validateAudienceClaim(boolean validateAudienceC
9292
return this;
9393
}
9494

95-
public McpServerOAuth2Configurer jwtDecoderCustomizer(Consumer<NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder> jwtDecoderCustomizer) {
96-
this.jwtDecoderCustomizer = jwtDecoderCustomizer;
95+
public McpServerOAuth2Configurer jwtDecoder(NimbusJwtDecoder decoder) {
96+
this.decoder = decoder;
9797
return this;
9898
}
9999

@@ -108,24 +108,22 @@ public void init(HttpSecurity http) throws Exception {
108108
.setProtectedResourceMetadataCustomizer(getProtectedMetadataCustomizer());
109109

110110
var entryPoint = new BearerResourceMetadataTokenAuthenticationEntryPoint(this.resourceIdentifier);
111+
var jwtDecoder = buildJwtDecoder();
111112

112113
//@formatter:off
113114
http
114115
.oauth2ResourceServer(resourceServer -> {
115-
resourceServer.jwt(jwt -> jwt.decoder(getJwtDecoder(http)));
116+
resourceServer.jwt(jwt -> jwt.decoder(jwtDecoder));
116117
resourceServer.authenticationEntryPoint(entryPoint);
117118
})
118119
.addFilterBefore(protectedResourceMetadataEndpointFilter, AbstractPreAuthenticatedProcessingFilter.class);
119120
//@formatter:on
120121
}
121122

122-
private JwtDecoder getJwtDecoder(HttpSecurity http) {
123-
var builder = NimbusJwtDecoder.withIssuerLocation(this.issuerUri);
124-
if (this.jwtDecoderCustomizer != null) {
125-
this.jwtDecoderCustomizer.accept(builder);
126-
}
127-
128-
var decoder = builder.build();
123+
private JwtDecoder buildJwtDecoder() {
124+
var decoder = this.decoder != null
125+
? this.decoder
126+
: NimbusJwtDecoder.withIssuerLocation(this.issuerUri).build();
129127

130128
if (this.validateAudienceClaim) {
131129
OAuth2TokenValidator<Jwt> jwtValidator = JwtValidators

0 commit comments

Comments
 (0)