Package org.wildfly.security.auth.realm.token.validator

Class JwtValidator.Builder

    • Method Detail

      • issuer

        public JwtValidator.Builder issuer​(String... issuer)

        Defines one or more string values representing an unique identifier for the entities that are allowed as issuers of a given JWT. During validation JWT tokens must have a iss claim that contains one of the values defined here.

        If not provided, the validator will not perform validations based on the issuer claim.

        Parameters:
        issuer - one or more string values representing the valid issuers
        Returns:
        this instance

      • audience

        public JwtValidator.Builder audience​(String... audience)

        Defines one or more string values representing the audiences supported by this configuration. During validation JWT tokens must have an aud claim that contains one of the values defined here.

        If not provided, the validator will not perform validations based on the audience claim.

        Parameters:
        audience - one or more string values representing the valid audiences
        Returns:
        this instance

      • publicKey

        public JwtValidator.Builder publicKey​(byte[] publicKeyPem)

        A default public key in its PEM format used to validate the signature of tokens without kid header parameter.

        If not provided, the validator will not validate signatures.

        Parameters:
        publicKeyPem - the public key in its PEM format
        Returns:
        this instance

      • publicKey

        public JwtValidator.Builder publicKey​(PublicKey publicKey)

        A default PublicKey format used to validate the signature of tokens without kid header parameter.

        If not provided, the validator will not validate signatures.

        Parameters:
        publicKey - the public key in its PEM format
        Returns:
        this instance

      • publicKeys

        public JwtValidator.Builder publicKeys​(Map<String,​PublicKey> namedKeys)

        A PublicKey map, which is used for validating tokens with kid and without jku header parameter.

        Parameters:
        namedKeys - map of public keys for toen verification, where the maps key stand for kid
        Returns:
        this instance

      • useSslContext

        public JwtValidator.Builder useSslContext​(SSLContext sslContext)

        A predefined SSLContext that will be used to connect to the jku endpoint when retrieving remote keys. This configuration is mandatory if using jku claims.

        Parameters:
        sslContext - the SSL context
        Returns:
        this instance

      • useSslHostnameVerifier

        public JwtValidator.Builder useSslHostnameVerifier​(HostnameVerifier hostnameVerifier)

        A HostnameVerifier that will be used to validate the hostname when using SSL/TLS. This configuration is mandatory if using jku claims.

        Parameters:
        hostnameVerifier - the hostname verifier
        Returns:
        this instance

      • setJkuTimeout

        public JwtValidator.Builder setJkuTimeout​(long timeout)

        A timeout for cached jwks when using jku claim. After this timeout, the keys of need to be re-cached before use. Default value is 2 minutes.

        Parameters:
        timeout - timeout in ms before keys needs to be re-cached
        Returns:
        this instance

      • connectionTimeout

        public JwtValidator.Builder connectionTimeout​(int connectionTimeout)
        Sets the connection timeout to a specified timeout, in milliseconds. A non-zero value specifies the timeout when connecting to a resource. A timeout of zero is interpreted as an infinite timeout.
        Parameters:
        connectionTimeout - the connection timeout
        Returns:
        this instance

      • readTimeout

        public JwtValidator.Builder readTimeout​(int readTimeout)
        Sets the read timeout to a specified timeout, in milliseconds. A non-zero value specifies the timeout when reading from Input stream when a connection is established to a resource. A timeout of zero is interpreted as an infinite timeout.
        Parameters:
        readTimeout - the read timeout
        Returns:
        this instance

      • setJkuMinTimeBetweenRequests

        public JwtValidator.Builder setJkuMinTimeBetweenRequests​(int minTimeBetweenRequests)

        The time in which there will be no more requests to retrieve the keys from the jkws URL.

        Parameters:
        minTimeBetweenRequests - The time in millis
        Returns:
        this instance

      • setAllowedJkuValues

        public JwtValidator.Builder setAllowedJkuValues​(String... allowedJkuValues)
        One or more string values representing the jku values that are supported by this configuration. During JWT validation, if the jku header parameter is present in a token, it must exactly match one of the strings defined here or token validation will fail.
        Parameters:
        allowedJkuValues - the allowed values for the jku header parameter
        Returns:
        this instance

      • build

        public JwtValidator build()
        Returns a JwtValidator instance based on all the configuration provided with this builder.
        Returns:
        a new JwtValidator instance with all the given configuration