public class DefaultJWTProcessor<C extends SecurityContext> extends BaseJOSEProcessor<C> implements JWTProcessor<ReadOnlyJWTClaimsSet,C>
JSON Web Token
s.
Must be supplied with a JWS key selector
to
determine the key candidate(s) for the signature verification. The exact key
selection procedure is application-specific and may involve key ID lookup, a
certificate check and / or other information supplied in the message
context
.
Similarly, the processor must be supplied with a JWE key selector
if JWE messages are expected to be processed.
See sections 6 of RFC 7515 (JWS) and RFC 7516 (JWE) for guidelines on key selection.
This processor comes with the default JWS verifier factory
and the default JWE decrypter factory
; they can construct verifiers / decrypters for all
standard JOSE algorithms implemented by the library.
Note that for security reasons this processor is hardwired to reject
unsecured (plain) JWTs. Override the process(PlainJWT, SecurityContext)
if you need to handle plain JWTs as well.
An optional JWT claims verifier
may be set to
perform various application-specific JWT claims checks, such as issuer
acceptance, after successful JWS verification / JWE decryption.
To process generic JOSE objects (with arbitrary payloads) use the
DefaultJOSEProcessor
class.
Constructor and Description |
---|
DefaultJWTProcessor() |
Modifier and Type | Method and Description |
---|---|
JWTClaimsVerifier |
getJWTClaimsVerifier()
Gets the optional JWT claims verifier.
|
ReadOnlyJWTClaimsSet |
process(EncryptedJWT encryptedJWT,
C context)
Processes the specified encrypted JWT by decrypting it.
|
ReadOnlyJWTClaimsSet |
process(JWT jwt,
C context)
Processes the specified JWT (unsecured, signed or encrypted).
|
ReadOnlyJWTClaimsSet |
process(PlainJWT plainJWT,
C context)
Processes the specified unsecured (plain) JWT, typically by checking
its context.
|
ReadOnlyJWTClaimsSet |
process(SignedJWT signedJWT,
C context)
Processes the specified signed JWT by verifying its signature.
|
ReadOnlyJWTClaimsSet |
process(String jwtString,
C context)
Parses and processes the specified JWT (unsecured, signed or
encrypted).
|
void |
setJWTClaimsVerifier(JWTClaimsVerifier claimsVerifier)
Sets the optional JWT claims verifier.
|
getJWEDecrypterFactory, getJWEKeySelector, getJWSKeySelector, getJWSVerifierFactory, setJWEDecrypterFactory, setJWEKeySelector, setJWSKeySelector, setJWSVerifierFactory
public DefaultJWTProcessor()
public JWTClaimsVerifier getJWTClaimsVerifier()
null
if not specified.public void setJWTClaimsVerifier(JWTClaimsVerifier claimsVerifier)
claimsVerifier
- The JWT claims verifier, null
if not
specified.public ReadOnlyJWTClaimsSet process(String jwtString, C context) throws ParseException, BadJOSEException, JOSEException
JWTProcessor
process
in interface JWTProcessor<ReadOnlyJWTClaimsSet,C extends SecurityContext>
jwtString
- The JWT, compact-encoded to a URL-safe string. Must
not be null
.context
- Optional context of the JOSE object, null
if not required.null
if no return value is necessary.ParseException
- If the string couldn't be parsed to a valid
JWT.BadJOSEException
- If the JWT is rejected.JOSEException
- If an internal processing exception is
encountered.public ReadOnlyJWTClaimsSet process(JWT jwt, C context) throws BadJOSEException, JOSEException
JWTProcessor
process
in interface JWTProcessor<ReadOnlyJWTClaimsSet,C extends SecurityContext>
jwt
- The JWT. Must not be null
.context
- Optional context of the JOSE object, null
if
not required.null
if no return value is necessary.BadJOSEException
- If the JWT is rejected.JOSEException
- If an internal processing exception is
encountered.public ReadOnlyJWTClaimsSet process(PlainJWT plainJWT, C context) throws BadJOSEException, JOSEException
JWTProcessor
process
in interface JWTProcessor<ReadOnlyJWTClaimsSet,C extends SecurityContext>
plainJWT
- The unsecured (plain) JWT. Not null
.context
- Optional context of the unsecured JWT, null
if not required.null
if no return value is necessary.BadJOSEException
- If the unsecured (plain) JWT is rejected,
after examining the context or due to the
payload not being a JSON object.JOSEException
- If an internal processing exception is
encountered.public ReadOnlyJWTClaimsSet process(SignedJWT signedJWT, C context) throws BadJOSEException, JOSEException
JWTProcessor
process
in interface JWTProcessor<ReadOnlyJWTClaimsSet,C extends SecurityContext>
signedJWT
- The signed JWT. Not null
.context
- Optional context of the signed JWT, null
if
not required.null
if no return value is necessary.BadJOSEException
- If the signed JWT is rejected, typically
due to a bad signature or the payload not
being a JSON object.JOSEException
- If an internal processing exception is
encountered.public ReadOnlyJWTClaimsSet process(EncryptedJWT encryptedJWT, C context) throws BadJOSEException, JOSEException
JWTProcessor
process
in interface JWTProcessor<ReadOnlyJWTClaimsSet,C extends SecurityContext>
encryptedJWT
- The encrypted JWT. Not null
.context
- Optional context of the encrypted JWT,
null
if not required.null
if no return value is necessary.BadJOSEException
- If the encrypted JWT is rejected, typically
due to failed decryption or the payload not
being a JSON object.JOSEException
- If an internal processing exception is
encountered.Copyright © 2015 Connect2id Ltd.. All Rights Reserved.