Nimbus Jwt Decoder Configurability

[jzheaux]

It would be nice if NimbusJwtDecoderJwkSupport were a bit easier to test. Also, NimbusJwtDecoderJwkSupport is very opinionated in the way that Nimbus gets configured.

We could alleviate both of these by introducing a constructor or separate JwtDecoder implementation entirely that takes a Nimbus JwtProcessor:

public NimbusJwtDecoderJwkSupport(JwtProcessor<SecurityContext> jwtProcessor) {
    this.jwtProcessor = jwtProcessor;
}

or

public class NimbusJwtDecoder(JwtProcessor<SecurityContext> jwtProcessor) {
    this.jwtProcessor = this.jwtProcessor;
}

// and

private NimbusJwtDecoder delegate;

public class NimbusJwtDecoderJwkSupport(String jwkSetUrl) {
    JwtProcessor<SecurityContext> jwtProcessor = // .... configure
    this.delegate = new NimbusJwtDecoder(jwtProcessor);
}

Either of these would make it possible to:

1. Write tests that do not depend on a legitimate static Jwt and Jwk Set to be provided, simplifying unit tests
2. Provide for easier configuration for users who want to configure Nimbus themselves outside of Spring Security's guidance.

[DarrenForsythe]

This would help greatly in areas where IDP isn't providing the Key's via the jwks url, which is poor but painful to workaround in 5.1. Currently having to copy the the decoder to be able to set a custom keyset.

 X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509") //
                        .generateCertificate(
                                new URL(https://public-signing-key);

                RSAKey jwk = new RSAKey.Builder((RSAPublicKey) certificate.getPublicKey()).keyID("signing-cert")
                        .build();
                final JWKSet jwkSet = new JWKSet(jwk);
                JWKSource keySource = new ImmutableJWKSet(jwkSet);
                ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();
                JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS384;

                JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource);
                jwtProcessor.setJWSKeySelector(keySelector1);

                final JWT jwt = JWTParser.parse(s);
                JWTClaimsSet claimsSet = jwtProcessor1.process(jwt, null);

//rest of the impl from Nimbus decoder