io.micronaut.security.token.jwt.validator

Class JwtTokenValidator

java.lang.Object

io.micronaut.security.token.jwt.validator.JwtTokenValidator

All Implemented Interfaces:

Ordered, TokenValidator

@Singleton
public class JwtTokenValidator
extends Object
implements TokenValidator

Since:

1.0

Author:

Sergio del Amo

See Also:

Validating JWT Access Tokens

Field Summary

Fields

Modifier and Type	Field and Description
protected List<EncryptionConfiguration>	encryptionConfigurations
protected List<GenericJwtClaimsValidator>	genericJwtClaimsValidators
protected JwtAuthenticationFactory	jwtAuthenticationFactory
protected List<SignatureConfiguration>	signatureConfigurations

Fields inherited from interface io.micronaut.core.order.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
JwtTokenValidator(Collection<SignatureConfiguration> signatureConfigurations, Collection<EncryptionConfiguration> encryptionConfigurations) Deprecated. Use JwtTokenValidator(Collection, Collection, Collection, JwtAuthenticationFactory) instead.
JwtTokenValidator(Collection<SignatureConfiguration> signatureConfigurations, Collection<EncryptionConfiguration> encryptionConfigurations, Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, JwtAuthenticationFactory jwtAuthenticationFactory) Constructor.

Method Summary

Modifier and Type	Method and Description
Optional<Authentication>	authenticationIfValidJwtSignatureAndClaims(String token, Collection<? extends JwtClaimsValidator> claimsValidators) Authentication if JWT has valid signature and claims are verified.
List<EncryptionConfiguration>	getEncryptionConfigurations()
List<GenericJwtClaimsValidator>	getGenericJwtClaimsValidators()
List<SignatureConfiguration>	getSignatureConfigurations()
Optional<com.nimbusds.jwt.JWT>	parseJwtIfValidSignature(String token) Retuns a JWT if the signature could be verified.
boolean	validate(String token)
boolean	validate(String token, Collection<? extends JwtClaimsValidator> claimsValidators)
Optional<com.nimbusds.jwt.JWT>	validateEncryptedJWTSignature(com.nimbusds.jwt.EncryptedJWT encryptedJWT, String token) Validates a encrypted JWT Signature.
Optional<com.nimbusds.jwt.JWT>	validateJwtSignatureAndClaims(String token) Validates JWT signature and Claims.
Optional<com.nimbusds.jwt.JWT>	validateJwtSignatureAndClaims(String token, Collection<? extends JwtClaimsValidator> claimsValidators) Validates JWT signature and Claims.
Optional<com.nimbusds.jwt.JWT>	validatePlainJWTSignature(com.nimbusds.jwt.JWT jwt) Validates the Signature of a plain JWT.
Optional<com.nimbusds.jwt.JWT>	validateSignedJWTSignature(com.nimbusds.jwt.SignedJWT signedJWT) Validates a Signed JWT signature.
Publisher<Authentication>	validateToken(String token) Validates the provided token and returns the authentication state.
boolean	verifyClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet, Collection<? extends JwtClaimsValidator> claimsValidators) Verifies the provided claims with the provided validators.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.micronaut.core.order.Ordered

getOrder

Field Detail

signatureConfigurations

protected final List<SignatureConfiguration> signatureConfigurations

encryptionConfigurations

protected final List<EncryptionConfiguration> encryptionConfigurations

genericJwtClaimsValidators

protected final List<GenericJwtClaimsValidator> genericJwtClaimsValidators

jwtAuthenticationFactory

protected final JwtAuthenticationFactory jwtAuthenticationFactory

Constructor Detail

JwtTokenValidator

@Inject
public JwtTokenValidator(Collection<SignatureConfiguration> signatureConfigurations,
                                 Collection<EncryptionConfiguration> encryptionConfigurations,
                                 Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators,
                                 JwtAuthenticationFactory jwtAuthenticationFactory)

Constructor.

Parameters:

signatureConfigurations - List of Signature configurations which are used to attempt validation.

encryptionConfigurations - List of Encryption configurations which are used to attempt validation.

genericJwtClaimsValidators - Generic JWT Claims validators which should be used to validate any JWT.

jwtAuthenticationFactory - Utility to generate an Authentication given a JWT.

JwtTokenValidator

@Deprecated
public JwtTokenValidator(Collection<SignatureConfiguration> signatureConfigurations,
                                     Collection<EncryptionConfiguration> encryptionConfigurations)

Deprecated. Use JwtTokenValidator(Collection, Collection, Collection, JwtAuthenticationFactory) instead.

Deprecated Constructor.

Parameters:

signatureConfigurations - List of Signature configurations which are used to attempt validation.

encryptionConfigurations - List of Encryption configurations which are used to attempt validation.

Method Detail

validatePlainJWTSignature

public Optional<com.nimbusds.jwt.JWT> validatePlainJWTSignature(com.nimbusds.jwt.JWT jwt)

Validates the Signature of a plain JWT.

Parameters:

jwt - a JWT Token

Returns:

empty if signature configurations exists, Optional.of(jwt) if no signature configuration is available.

validateSignedJWTSignature

public Optional<com.nimbusds.jwt.JWT> validateSignedJWTSignature(com.nimbusds.jwt.SignedJWT signedJWT)

Validates a Signed JWT signature.

Parameters:

signedJWT - a Signed JWT Token

Returns:

empty if signature validation fails

verifyClaims

public boolean verifyClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet,
                            Collection<? extends JwtClaimsValidator> claimsValidators)

Verifies the provided claims with the provided validators.

Parameters:

jwtClaimsSet - JWT Claims

claimsValidators - The claims validators

Returns:

Whether the JWT claims pass every validation.

validateEncryptedJWTSignature

public Optional<com.nimbusds.jwt.JWT> validateEncryptedJWTSignature(com.nimbusds.jwt.EncryptedJWT encryptedJWT,
                                                                    String token)

Validates a encrypted JWT Signature.

Parameters:

encryptedJWT - a encrytped JWT Token

token - the JWT token as String

Returns:

empty if signature validation fails

validateToken

public Publisher<Authentication> validateToken(String token)

Description copied from interface: TokenValidator

Validates the provided token and returns the authentication state.

Specified by:

validateToken in interface TokenValidator

Parameters:

token - The token string.

Returns:

Publishes Authentication based on the JWT or empty if the validation fails.

authenticationIfValidJwtSignatureAndClaims

public Optional<Authentication> authenticationIfValidJwtSignatureAndClaims(String token,
                                                                           Collection<? extends JwtClaimsValidator> claimsValidators)

Authentication if JWT has valid signature and claims are verified.

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

empty if signature or claims verification failed, An Authentication otherwise.

validateJwtSignatureAndClaims

public Optional<com.nimbusds.jwt.JWT> validateJwtSignatureAndClaims(String token)

Validates JWT signature and Claims.

Parameters:

token - A JWT token

Returns:

empty if signature or claims verification failed, JWT otherwise.

validate

public boolean validate(String token)

Parameters:

token - A JWT token

Returns:

true if signature or claims verification passed

validate

public boolean validate(String token,
                        Collection<? extends JwtClaimsValidator> claimsValidators)

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

true if signature or claims verification passed

validateJwtSignatureAndClaims

public Optional<com.nimbusds.jwt.JWT> validateJwtSignatureAndClaims(String token,
                                                                    Collection<? extends JwtClaimsValidator> claimsValidators)

Validates JWT signature and Claims.

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

empty if signature or claims verification failed, JWT otherwise.

parseJwtIfValidSignature

public Optional<com.nimbusds.jwt.JWT> parseJwtIfValidSignature(String token)

Retuns a JWT if the signature could be verified.

Parameters:

token - a JWT token

Returns:

Empty if JWT signature verification failed or JWT if valid signature.

getSignatureConfigurations

public List<SignatureConfiguration> getSignatureConfigurations()

Returns:

List of Signature configurations which are used to attempt validation.

getEncryptionConfigurations

public List<EncryptionConfiguration> getEncryptionConfigurations()

Returns:

List of Encryption configurations which are used to attempt validation.

getGenericJwtClaimsValidators

public List<GenericJwtClaimsValidator> getGenericJwtClaimsValidators()

Returns:

Generic JWT Claims validators which should be used to validate any JWT.