Class JwtValidator
- java.lang.Object
-
- org.wildfly.security.auth.realm.token.validator.JwtValidator
-
- All Implemented Interfaces:
TokenValidator
public class JwtValidator extends Object implements TokenValidator
A
TokenValidator
capable of validating and parsing JWT. Most of the validations performed by this validator are based on RFC-7523 (JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants).This validator can also be used as a JWT parser only. In this case, for security reasons, you need to make sure that JWT validations such as issuer, audience and signature checks are performed before obtaining identities from this realm.
- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
JwtValidator.Builder
-
Field Summary
Fields Modifier and Type Field Description private Set<String>
audiences
private PublicKey
defaultPublicKey
private Set<String>
issuers
private JwkManager
jwkManager
private Map<String,PublicKey>
namedKeys
-
Constructor Summary
Constructors Constructor Description JwtValidator(JwtValidator.Builder configuration)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static JwtValidator.Builder
builder()
Returns aJwtValidator.Builder
instance that can be used to configure and create aJwtValidator
.private Signature
createSignature(String encodedHeader, String encodedClaims)
private static long
currentTimeInSeconds()
private jakarta.json.JsonObject
extractClaims(String encodedClaims)
private boolean
hasValidAudience(jakarta.json.JsonObject claims)
private boolean
hasValidIssuer(jakarta.json.JsonObject claims)
private String
resolveAlgorithm(jakarta.json.JsonObject headers)
private PublicKey
resolvePublicKey(jakarta.json.JsonObject headers)
Attributes
validate(BearerTokenEvidence evidence)
Validates aBearerTokenEvidence
and returns anAttributes
instance containing all information within a security token passed throughevidence
.private boolean
verifySignature(String encodedHeader, String encodedClaims, String encodedSignature)
private boolean
verifyTimeConstraints(jakarta.json.JsonObject claims)
-
-
-
Constructor Detail
-
JwtValidator
JwtValidator(JwtValidator.Builder configuration)
-
-
Method Detail
-
builder
public static JwtValidator.Builder builder()
Returns aJwtValidator.Builder
instance that can be used to configure and create aJwtValidator
.- Returns:
- a
JwtValidator.Builder
instance
-
validate
public Attributes validate(BearerTokenEvidence evidence) throws RealmUnavailableException
Description copied from interface:TokenValidator
Validates a
BearerTokenEvidence
and returns anAttributes
instance containing all information within a security token passed throughevidence
.- Specified by:
validate
in interfaceTokenValidator
- Parameters:
evidence
- aBearerTokenEvidence
holding the security token to validate- Returns:
- an
Attributes
instance containing all information from the security token, when valid. Otherwise, this method returns null to indicate that the security token is invalid - Throws:
RealmUnavailableException
- if any error occurs when validating the evidence
-
verifyTimeConstraints
private boolean verifyTimeConstraints(jakarta.json.JsonObject claims)
-
extractClaims
private jakarta.json.JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
verifySignature
private boolean verifySignature(String encodedHeader, String encodedClaims, String encodedSignature) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
hasValidAudience
private boolean hasValidAudience(jakarta.json.JsonObject claims) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
hasValidIssuer
private boolean hasValidIssuer(jakarta.json.JsonObject claims) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
createSignature
private Signature createSignature(String encodedHeader, String encodedClaims) throws NoSuchAlgorithmException, SignatureException, RealmUnavailableException
-
resolveAlgorithm
private String resolveAlgorithm(jakarta.json.JsonObject headers)
-
resolvePublicKey
private PublicKey resolvePublicKey(jakarta.json.JsonObject headers)
-
currentTimeInSeconds
private static long currentTimeInSeconds()
-
-