Package org.wildfly.security.auth.realm.token.validator

Class JwtValidator.Builder

java.lang.Object
org.wildfly.security.auth.realm.token.validator.JwtValidator.Builder
Enclosing class:
JwtValidator
public static class JwtValidator.Builder extends Object

  • Method Details

    • issuer

      public JwtValidator.Builder issuer(String... issuer)

      Defines one or more string values representing an unique identifier for the entities that are allowed as issuers of a given JWT. During validation JWT tokens must have a iss claim that contains one of the values defined here.

      If not provided, the validator will not perform validations based on the issuer claim.

      Parameters:
      issuer - one or more string values representing the valid issuers
      Returns:
      this instance

    • audience

      public JwtValidator.Builder audience(String... audience)

      Defines one or more string values representing the audiences supported by this configuration. During validation JWT tokens must have an aud claim that contains one of the values defined here.

      If not provided, the validator will not perform validations based on the audience claim.

      Parameters:
      audience - one or more string values representing the valid audiences
      Returns:
      this instance

    • publicKey

      public JwtValidator.Builder publicKey(byte[] publicKeyPem)

      A default public key in its PEM format used to validate the signature of tokens without kid header parameter.

      If not provided, the validator will not validate signatures.

      Parameters:
      publicKeyPem - the public key in its PEM format
      Returns:
      this instance

    • publicKey

      public JwtValidator.Builder publicKey(PublicKey publicKey)

      A default PublicKey format used to validate the signature of tokens without kid header parameter.

      If not provided, the validator will not validate signatures.

      Parameters:
      publicKey - the public key in its PEM format
      Returns:
      this instance

    • publicKeys

      public JwtValidator.Builder publicKeys(Map<String,PublicKey> namedKeys)

      A PublicKey map, which is used for validating tokens with kid and without jku header parameter.

      Parameters:
      namedKeys - map of public keys for toen verification, where the maps key stand for kid
      Returns:
      this instance

    • useSslContext

      public JwtValidator.Builder useSslContext(SSLContext sslContext)

      A predefined SSLContext that will be used to connect to the jku endpoint when retrieving remote keys. This configuration is mandatory if using jku claims.

      Parameters:
      sslContext - the SSL context
      Returns:
      this instance

    • useSslHostnameVerifier

      public JwtValidator.Builder useSslHostnameVerifier(HostnameVerifier hostnameVerifier)

      A HostnameVerifier that will be used to validate the hostname when using SSL/TLS. This configuration is mandatory if using jku claims.

      Parameters:
      hostnameVerifier - the hostname verifier
      Returns:
      this instance

    • setJkuTimeout

      public JwtValidator.Builder setJkuTimeout(long timeout)

      A timeout for cached jwks when using jku claim. After this timeout, the keys of need to be re-cached before use. Default value is 2 minutes.

      Parameters:
      timeout - timeout in ms before keys needs to be re-cached
      Returns:
      this instance

    • connectionTimeout

      public JwtValidator.Builder connectionTimeout(int connectionTimeout)
      Sets the connection timeout to a specified timeout, in milliseconds. A non-zero value specifies the timeout when connecting to a resource. A timeout of zero is interpreted as an infinite timeout.
      Parameters:
      connectionTimeout - the connection timeout
      Returns:
      this instance

    • readTimeout

      public JwtValidator.Builder readTimeout(int readTimeout)
      Sets the read timeout to a specified timeout, in milliseconds. A non-zero value specifies the timeout when reading from Input stream when a connection is established to a resource. A timeout of zero is interpreted as an infinite timeout.
      Parameters:
      readTimeout - the read timeout
      Returns:
      this instance

    • setJkuMinTimeBetweenRequests

      public JwtValidator.Builder setJkuMinTimeBetweenRequests(int minTimeBetweenRequests)

      The time in which there will be no more requests to retrieve the keys from the jkws URL.

      Parameters:
      minTimeBetweenRequests - The time in millis
      Returns:
      this instance

    • setAllowedJkuValues

      public JwtValidator.Builder setAllowedJkuValues(String... allowedJkuValues)
      One or more string values representing the jku values that are supported by this configuration. During JWT validation, if the jku header parameter is present in a token, it must exactly match one of the strings defined here or token validation will fail.
      Parameters:
      allowedJkuValues - the allowed values for the jku header parameter
      Returns:
      this instance

    • build

      public JwtValidator build()
      Returns a JwtValidator instance based on all the configuration provided with this builder.
      Returns:
      a new JwtValidator instance with all the given configuration