org.springframework.security.oauth2.jwt.JwtTimestampValidator#validate
用于校验Authorization
中的token是否过期
public OAuth2TokenValidatorResult validate(Jwt jwt) {
Assert.notNull(jwt, "jwt cannot be null");
Instant expiry = jwt.getExpiresAt();
if (expiry != null && Instant.now(this.clock).minus(this.clockSkew).isAfter(expiry)) {
OAuth2Error oAuth2Error = this.createOAuth2Error(String.format("Jwt expired at %s", jwt.getExpiresAt()));
return OAuth2TokenValidatorResult.failure(new OAuth2Error[]{oAuth2Error});
} else {
Instant notBefore = jwt.getNotBefore();
if (notBefore != null && Instant.now(this.clock).plus(this.clockSkew).isBefore(notBefore)) {
OAuth2Error oAuth2Error = this.createOAuth2Error(String.format("Jwt used before %s", jwt.getNotBefore()));
return OAuth2TokenValidatorResult.failure(new OAuth2Error[]{oAuth2Error});
} else {
return OAuth2TokenValidatorResult.success();
}
}
}
路径
org.springframework.security.web.server.authentication.AuthenticationWebFilter#filter
org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager#authenticate
- org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder#decode(java.lang.String)
- org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder#validateJwt
- org.springframework.security.oauth2.jwt.JwtTimestampValidator#validate