Class JwtValidator
- java.lang.Object
-
- org.wildfly.security.auth.realm.token.validator.JwtValidator
-
- All Implemented Interfaces:
TokenValidator
public class JwtValidator extends Object implements TokenValidator
A
TokenValidatorcapable of validating and parsing JWT. Most of the validations performed by this validator are based on RFC-7523 (JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants).This validator can also be used as a JWT parser only. In this case, for security reasons, you need to make sure that JWT validations such as issuer, audience and signature checks are performed before obtaining identities from this realm.
- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classJwtValidator.Builder
-
Field Summary
Fields Modifier and Type Field Description private Set<String>audiencesprivate PublicKeydefaultPublicKeyprivate Set<String>issuersprivate JwkManagerjwkManagerprivate Map<String,PublicKey>namedKeys
-
Constructor Summary
Constructors Constructor Description JwtValidator(JwtValidator.Builder configuration)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static JwtValidator.Builderbuilder()Returns aJwtValidator.Builderinstance that can be used to configure and create aJwtValidator.private SignaturecreateSignature(String encodedHeader, String encodedClaims)private static longcurrentTimeInSeconds()private jakarta.json.JsonObjectextractClaims(String encodedClaims)private booleanhasValidAudience(jakarta.json.JsonObject claims)private booleanhasValidIssuer(jakarta.json.JsonObject claims)private StringresolveAlgorithm(jakarta.json.JsonObject headers)private PublicKeyresolvePublicKey(jakarta.json.JsonObject headers)Attributesvalidate(BearerTokenEvidence evidence)Validates aBearerTokenEvidenceand returns anAttributesinstance containing all information within a security token passed throughevidence.private booleanverifySignature(String encodedHeader, String encodedClaims, String encodedSignature)private booleanverifyTimeConstraints(jakarta.json.JsonObject claims)
-
-
-
Constructor Detail
-
JwtValidator
JwtValidator(JwtValidator.Builder configuration)
-
-
Method Detail
-
builder
public static JwtValidator.Builder builder()
Returns aJwtValidator.Builderinstance that can be used to configure and create aJwtValidator.- Returns:
- a
JwtValidator.Builderinstance
-
validate
public Attributes validate(BearerTokenEvidence evidence) throws RealmUnavailableException
Description copied from interface:TokenValidatorValidates a
BearerTokenEvidenceand returns anAttributesinstance containing all information within a security token passed throughevidence.- Specified by:
validatein interfaceTokenValidator- Parameters:
evidence- aBearerTokenEvidenceholding the security token to validate- Returns:
- an
Attributesinstance containing all information from the security token, when valid. Otherwise, this method returns null to indicate that the security token is invalid - Throws:
RealmUnavailableException- if any error occurs when validating the evidence
-
verifyTimeConstraints
private boolean verifyTimeConstraints(jakarta.json.JsonObject claims)
-
extractClaims
private jakarta.json.JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
verifySignature
private boolean verifySignature(String encodedHeader, String encodedClaims, String encodedSignature) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
hasValidAudience
private boolean hasValidAudience(jakarta.json.JsonObject claims) throws RealmUnavailableException- Throws:
RealmUnavailableException
-
hasValidIssuer
private boolean hasValidIssuer(jakarta.json.JsonObject claims) throws RealmUnavailableException- Throws:
RealmUnavailableException
-
createSignature
private Signature createSignature(String encodedHeader, String encodedClaims) throws NoSuchAlgorithmException, SignatureException, RealmUnavailableException
-
resolveAlgorithm
private String resolveAlgorithm(jakarta.json.JsonObject headers)
-
resolvePublicKey
private PublicKey resolvePublicKey(jakarta.json.JsonObject headers)
-
currentTimeInSeconds
private static long currentTimeInSeconds()
-
-