π Request & Filters
HttpServletRequest β incoming request.SecurityFilterChain β wires filters.BearerTokenAuthenticationFilter β extracts Authorization: Bearer β¦, calls AuthenticationManager.
βοΈ Routing & Managers
JwtIssuerAuthenticationManagerResolver
- Reads
iss from the token (peek only).
- Returns the correct
AuthenticationManager for that issuer/realm.
- Think: βWhich manager should handle this token?β
AuthenticationManager (usually ProviderManager)
- Delegates to one of its
AuthenticationProviders.
- Think: βWhich provider knows how to authenticate this token?β
JwtAuthenticationProvider (implements AuthenticationProvider)
- Glue between
JwtDecoder + JwtAuthenticationConverter and Springβs provider model.
- uses
JwtDecoder β validate signature, issuer, expiry β produce a Jwt.
- uses
JwtAuthenticationConverter β read claims β map to GrantedAuthority.
- returns a
JwtAuthenticationToken (which implements Authentication).
- Think: βTurn a raw JWT into a trusted Spring
Authentication.β
π JWT Validation & Conversion
JwtDecoder β validates signature/exp/iss β produces Jwt.Jwt β parsed claims.JwtAuthenticationConverter β converts Jwt β authorities.Converter β generic interface (e.g. Jwt β Collection<GrantedAuthority>).
π€ Authentication Objects
JwtAuthenticationToken β extends AbstractAuthenticationToken β implements Authentication, holds Jwt, principal, authorities.Authentication β contract for current identity.