Class JwtValidator.Builder

    • Constructor Detail

      • Builder

        private Builder()
    • Method Detail

      • issuer

        public JwtValidator.Builder issuer​(String... issuer)

        Defines one or more string values representing an unique identifier for the entities that are allowed as issuers of a given JWT. During validation JWT tokens must have a iss claim that contains one of the values defined here.

        If not provided, the validator will not perform validations based on the issuer claim.

        Parameters:
        issuer - one or more string values representing the valid issuers
        Returns:
        this instance
      • audience

        public JwtValidator.Builder audience​(String... audience)

        Defines one or more string values representing the audiences supported by this configuration. During validation JWT tokens must have an aud claim that contains one of the values defined here.

        If not provided, the validator will not perform validations based on the audience claim.

        Parameters:
        audience - one or more string values representing the valid audiences
        Returns:
        this instance
      • publicKey

        public JwtValidator.Builder publicKey​(byte[] publicKeyPem)

        A default public key in its PEM format used to validate the signature of tokens without kid header parameter.

        If not provided, the validator will not validate signatures.

        Parameters:
        publicKeyPem - the public key in its PEM format
        Returns:
        this instance
      • publicKey

        public JwtValidator.Builder publicKey​(PublicKey publicKey)

        A default PublicKey format used to validate the signature of tokens without kid header parameter.

        If not provided, the validator will not validate signatures.

        Parameters:
        publicKey - the public key in its PEM format
        Returns:
        this instance
      • publicKeys

        public JwtValidator.Builder publicKeys​(Map<String,​PublicKey> namedKeys)

        A PublicKey map, which is used for validating tokens with kid and without jku header parameter.

        Parameters:
        namedKeys - map of public keys for toen verification, where the maps key stand for kid
        Returns:
        this instance
      • useSslContext

        public JwtValidator.Builder useSslContext​(SSLContext sslContext)

        A predefined SSLContext that will be used to connect to the jku endpoint when retrieving remote keys. This configuration is mandatory if using jku claims.

        Parameters:
        sslContext - the SSL context
        Returns:
        this instance
      • useSslHostnameVerifier

        public JwtValidator.Builder useSslHostnameVerifier​(HostnameVerifier hostnameVerifier)

        A HostnameVerifier that will be used to validate the hostname when using SSL/TLS. This configuration is mandatory if using jku claims.

        Parameters:
        hostnameVerifier - the hostname verifier
        Returns:
        this instance
      • setJkuTimeout

        public JwtValidator.Builder setJkuTimeout​(long timeout)

        A timeout for cached jwks when using jku claim. After this timeout, the keys of need to be re-cached before use. Default value is 2 minutes.

        Parameters:
        timeout - timeout in ms before keys needs to be re-cached
        Returns:
        this instance
      • build

        public JwtValidator build()
        Returns a JwtValidator instance based on all the configuration provided with this builder.
        Returns:
        a new JwtValidator instance with all the given configuration