closes gh-16170

Signed-off-by: douxiaofeng99 <[email protected]>
spring-projects · Feb 11, 2025 · d2c72a9 · d2c72a9
1 parent 27cb115
commit d2c72a9
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/...2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoder.java b/...2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtEncoder.java
@@ -46,6 +46,7 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 
+import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@@ -86,6 +87,8 @@ public final class NimbusJwtEncoder implements JwtEncoder {
 
 	private final JWKSource<SecurityContext> jwkSource;
 
+	private Converter<List<JWK>, JWK> jwkSelector;
+
 	/**
 	 * Constructs a {@code NimbusJwtEncoder} using the provided parameters.
 	 * @param jwkSource the {@code com.nimbusds.jose.jwk.source.JWKSource}
@@ -95,6 +98,10 @@ public NimbusJwtEncoder(JWKSource<SecurityContext> jwkSource) {
 		this.jwkSource = jwkSource;
 	}
 
+	public void setJwkSelector(Converter<List<JWK>, JWK> jwkSelector) {
+		this.jwkSelector = jwkSelector;
+	}
+
 	@Override
 	public Jwt encode(JwtEncoderParameters parameters) throws JwtEncodingException {
 		Assert.notNull(parameters, "parameters cannot be null");
@@ -124,6 +131,10 @@ private JWK selectJwk(JwsHeader headers) {
 					"Failed to select a JWK signing key -> " + ex.getMessage()), ex);
 		}
 
+		if (null != this.jwkSelector) {
+			return this.jwkSelector.convert(jwks);
+		}
+
 		if (jwks.size() > 1) {
 			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
 					"Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));