@ThreadSafe public class DefaultJWTClaimsVerifier<C extends SecurityContext> extends Object implements JWTClaimsSetVerifier<C>, JWTClaimsVerifier, ClockSkewAware
Performs the following checks:
This class may be extended to perform additional checks.
| Modifier and Type | Field and Description |
|---|---|
static int |
DEFAULT_MAX_CLOCK_SKEW_SECONDS
The default maximum acceptable clock skew, in seconds (60).
|
| Constructor and Description |
|---|
DefaultJWTClaimsVerifier() |
| Modifier and Type | Method and Description |
|---|---|
String |
getAcceptedAudience()
Gets the accepted audience ("aud").
|
String |
getAcceptedIssuer()
Gets the accepted issuer ("iss").
|
int |
getMaxClockSkew()
Gets the maximum acceptable clock skew.
|
boolean |
requiresExpirationTime()
Gets the expiration time ("exp") requirement.
|
void |
requiresExpirationTime(boolean expRequired)
Sets the expiration time ("exp") requirement.
|
boolean |
requiresIssuedAtTime()
Gets the issued-at time ("iat") requirement.
|
void |
requiresIssuedAtTime(boolean iatRequired)
Sets the issued-at time ("iat") requirement.
|
boolean |
requiresNotBeforeTime()
Gets the not-before time ("nbf") requirement.
|
void |
requiresNotBeforeTime(boolean nbfRequired)
Sets the not-before time ("nbf") requirement.
|
void |
setAcceptedAudience(String aud)
Sets the accepted audience ("aud").
|
void |
setAcceptedIssuer(String iss)
Sets the accepted issuer ("iss").
|
void |
setMaxClockSkew(int maxClockSkewSeconds)
Sets the maximum acceptable clock skew.
|
void |
verify(JWTClaimsSet claimsSet)
Performs verification of selected or all claims in the specified JWT
claims set.
|
void |
verify(JWTClaimsSet claimsSet,
C context)
Verifies selected or all claims from the specified JWT claims set.
|
public static final int DEFAULT_MAX_CLOCK_SKEW_SECONDS
public DefaultJWTClaimsVerifier()
public int getMaxClockSkew()
ClockSkewAwaregetMaxClockSkew in interface ClockSkewAwarepublic void setMaxClockSkew(int maxClockSkewSeconds)
ClockSkewAwaresetMaxClockSkew in interface ClockSkewAwaremaxClockSkewSeconds - The maximum acceptable clock skew, in
seconds. Zero if none.public boolean requiresIssuedAtTime()
true if the issued-at time claim is required,
false if not.public void requiresIssuedAtTime(boolean iatRequired)
iatRequired - true if the issued-at time claim is
required, false if not.public boolean requiresExpirationTime()
true if the expiration time claim is required,
false if not.public void requiresExpirationTime(boolean expRequired)
expRequired - true if the expiration time claim is
required, false if not.public boolean requiresNotBeforeTime()
true if the not-before time claim is required,
false if not.public void requiresNotBeforeTime(boolean nbfRequired)
nbfRequired - true if the not-before time claim is
required, false if not.public String getAcceptedIssuer()
null if not specified.public void setAcceptedIssuer(String iss)
iss - The accepted issuer, null if not specified.public String getAcceptedAudience()
null if not specified.public void setAcceptedAudience(String aud)
aud - The accepted audience, null if not specified.public void verify(JWTClaimsSet claimsSet) throws BadJWTException
JWTClaimsVerifierverify in interface JWTClaimsVerifierclaimsSet - The JWT claims set. Not null.BadJWTException - If the JWT claims set is rejected.public void verify(JWTClaimsSet claimsSet, C context) throws BadJWTException
JWTClaimsSetVerifierverify in interface JWTClaimsSetVerifier<C extends SecurityContext>claimsSet - The JWT claims set. Not null.context - Optional context, null if not required.BadJWTException - If the JWT claims set is rejected.Copyright © 2019 Connect2id Ltd.. All rights reserved.