io.micronaut.security.token.jwt.validator

Class JwtTokenValidator

java.lang.Object

io.micronaut.security.token.jwt.validator.JwtTokenValidator

All Implemented Interfaces:

io.micronaut.core.order.Ordered, TokenValidator

@Singleton
public class JwtTokenValidator
extends java.lang.Object
implements TokenValidator

Since:

1.0

Author:

Sergio del Amo

See Also:

Validating JWT Access Tokens

Field Summary

Fields

Modifier and Type	Field and Description
protected java.util.List<EncryptionConfiguration>	encryptionConfigurations
protected java.util.List<GenericJwtClaimsValidator>	genericJwtClaimsValidators
protected JwtAuthenticationFactory	jwtAuthenticationFactory
protected java.util.List<SignatureConfiguration>	signatureConfigurations

Fields inherited from interface io.micronaut.core.order.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
JwtTokenValidator(java.util.Collection<SignatureConfiguration> signatureConfigurations, java.util.Collection<EncryptionConfiguration> encryptionConfigurations) Deprecated. Use JwtTokenValidator(Collection, Collection, Collection, JwtAuthenticationFactory) instead.
JwtTokenValidator(java.util.Collection<SignatureConfiguration> signatureConfigurations, java.util.Collection<EncryptionConfiguration> encryptionConfigurations, java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators, JwtAuthenticationFactory jwtAuthenticationFactory) Constructor.

Method Summary

Modifier and Type	Method and Description
java.util.Optional<Authentication>	authenticationIfValidJwtSignatureAndClaims(java.lang.String token, java.util.Collection<? extends JwtClaimsValidator> claimsValidators) Authentication if JWT has valid signature and claims are verified.
java.util.List<EncryptionConfiguration>	getEncryptionConfigurations()
java.util.List<GenericJwtClaimsValidator>	getGenericJwtClaimsValidators()
java.util.List<SignatureConfiguration>	getSignatureConfigurations()
java.util.Optional<com.nimbusds.jwt.JWT>	parseJwtIfValidSignature(java.lang.String token) Deprecated. use JwtTokenValidatorUtils.parseJwtIfValidSignature(String, List, List)
boolean	validate(java.lang.String token)
boolean	validate(java.lang.String token, java.util.Collection<? extends JwtClaimsValidator> claimsValidators)
java.util.Optional<com.nimbusds.jwt.JWT>	validateEncryptedJWTSignature(com.nimbusds.jwt.EncryptedJWT encryptedJWT, java.lang.String token) Deprecated. use JwtTokenValidatorUtils.validateEncryptedJWTSignature(EncryptedJWT, String, List, List)
java.util.Optional<com.nimbusds.jwt.JWT>	validateJwtSignatureAndClaims(java.lang.String token) Validates JWT signature and Claims.
java.util.Optional<com.nimbusds.jwt.JWT>	validateJwtSignatureAndClaims(java.lang.String token, java.util.Collection<? extends JwtClaimsValidator> claimsValidators) Deprecated. use JwtTokenValidatorUtils.validateJwtSignatureAndClaims(String, Collection, List, List) instead.
java.util.Optional<com.nimbusds.jwt.JWT>	validatePlainJWTSignature(com.nimbusds.jwt.JWT jwt) Validates the Signature of a plain JWT.
java.util.Optional<com.nimbusds.jwt.JWT>	validateSignedJWTSignature(com.nimbusds.jwt.SignedJWT signedJWT) Validates a Signed JWT signature.
org.reactivestreams.Publisher<Authentication>	validateToken(java.lang.String token) Validates the provided token and returns the authentication state.
boolean	verifyClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet, java.util.Collection<? extends JwtClaimsValidator> claimsValidators) Deprecated. use JwtTokenValidatorUtils.verifyClaims(io.micronaut.security.token.jwt.generator.claims.JwtClaims, Collection) instead.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.micronaut.core.order.Ordered

getOrder

Field Detail

signatureConfigurations

protected final java.util.List<SignatureConfiguration> signatureConfigurations

encryptionConfigurations

protected final java.util.List<EncryptionConfiguration> encryptionConfigurations

genericJwtClaimsValidators

protected final java.util.List<GenericJwtClaimsValidator> genericJwtClaimsValidators

jwtAuthenticationFactory

protected final JwtAuthenticationFactory jwtAuthenticationFactory

Constructor Detail

JwtTokenValidator

@Inject
public JwtTokenValidator(java.util.Collection<SignatureConfiguration> signatureConfigurations,
                                 java.util.Collection<EncryptionConfiguration> encryptionConfigurations,
                                 java.util.Collection<GenericJwtClaimsValidator> genericJwtClaimsValidators,
                                 JwtAuthenticationFactory jwtAuthenticationFactory)

Constructor.

Parameters:

signatureConfigurations - List of Signature configurations which are used to attempt validation.

encryptionConfigurations - List of Encryption configurations which are used to attempt validation.

genericJwtClaimsValidators - Generic JWT Claims validators which should be used to validate any JWT.

jwtAuthenticationFactory - Utility to generate an Authentication given a JWT.

JwtTokenValidator

@Deprecated
public JwtTokenValidator(java.util.Collection<SignatureConfiguration> signatureConfigurations,
                                     java.util.Collection<EncryptionConfiguration> encryptionConfigurations)

Deprecated. Use JwtTokenValidator(Collection, Collection, Collection, JwtAuthenticationFactory) instead.

Deprecated Constructor.

Parameters:

signatureConfigurations - List of Signature configurations which are used to attempt validation.

encryptionConfigurations - List of Encryption configurations which are used to attempt validation.

Method Detail

validatePlainJWTSignature

public java.util.Optional<com.nimbusds.jwt.JWT> validatePlainJWTSignature(com.nimbusds.jwt.JWT jwt)

Validates the Signature of a plain JWT.

Parameters:

jwt - a JWT Token

Returns:

empty if signature configurations exists, Optional.of(jwt) if no signature configuration is available.

validateSignedJWTSignature

public java.util.Optional<com.nimbusds.jwt.JWT> validateSignedJWTSignature(com.nimbusds.jwt.SignedJWT signedJWT)

Validates a Signed JWT signature.

Parameters:

signedJWT - a Signed JWT Token

Returns:

empty if signature validation fails

verifyClaims

@Deprecated
public boolean verifyClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet,
                                        java.util.Collection<? extends JwtClaimsValidator> claimsValidators)

Deprecated. use JwtTokenValidatorUtils.verifyClaims(io.micronaut.security.token.jwt.generator.claims.JwtClaims, Collection) instead.

Verifies the provided claims with the provided validators.

Parameters:

jwtClaimsSet - JWT Claims

claimsValidators - The claims validators

Returns:

Whether the JWT claims pass every validation.

validateEncryptedJWTSignature

@Deprecated
public java.util.Optional<com.nimbusds.jwt.JWT> validateEncryptedJWTSignature(com.nimbusds.jwt.EncryptedJWT encryptedJWT,
                                                                                          java.lang.String token)

Deprecated. use JwtTokenValidatorUtils.validateEncryptedJWTSignature(EncryptedJWT, String, List, List)

Validates a encrypted JWT Signature.

Parameters:

encryptedJWT - a encrytped JWT Token

token - the JWT token as String

Returns:

empty if signature validation fails

validateToken

public org.reactivestreams.Publisher<Authentication> validateToken(java.lang.String token)

Description copied from interface: TokenValidator

Validates the provided token and returns the authentication state.

Specified by:

validateToken in interface TokenValidator

Parameters:

token - The token string.

Returns:

Publishes Authentication based on the JWT or empty if the validation fails.

authenticationIfValidJwtSignatureAndClaims

public java.util.Optional<Authentication> authenticationIfValidJwtSignatureAndClaims(java.lang.String token,
                                                                                     java.util.Collection<? extends JwtClaimsValidator> claimsValidators)

Authentication if JWT has valid signature and claims are verified.

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

empty if signature or claims verification failed, An Authentication otherwise.

validateJwtSignatureAndClaims

public java.util.Optional<com.nimbusds.jwt.JWT> validateJwtSignatureAndClaims(java.lang.String token)

Validates JWT signature and Claims.

Parameters:

token - A JWT token

Returns:

empty if signature or claims verification failed, JWT otherwise.

validate

public boolean validate(java.lang.String token)

Parameters:

token - A JWT token

Returns:

true if signature or claims verification passed

validate

public boolean validate(java.lang.String token,
                        java.util.Collection<? extends JwtClaimsValidator> claimsValidators)

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

true if signature or claims verification passed

validateJwtSignatureAndClaims

@Deprecated
public java.util.Optional<com.nimbusds.jwt.JWT> validateJwtSignatureAndClaims(java.lang.String token,
                                                                                          java.util.Collection<? extends JwtClaimsValidator> claimsValidators)

Deprecated. use JwtTokenValidatorUtils.validateJwtSignatureAndClaims(String, Collection, List, List) instead.

Validates JWT signature and Claims.

Parameters:

token - A JWT token

claimsValidators - a Collection of claims Validators.

Returns:

empty if signature or claims verification failed, JWT otherwise.

parseJwtIfValidSignature

@Deprecated
public java.util.Optional<com.nimbusds.jwt.JWT> parseJwtIfValidSignature(java.lang.String token)

Deprecated. use JwtTokenValidatorUtils.parseJwtIfValidSignature(String, List, List)

Returns a JWT if the signature could be verified.

Parameters:

token - a JWT token

Returns:

Empty if JWT signature verification failed or JWT if valid signature.

getSignatureConfigurations

public java.util.List<SignatureConfiguration> getSignatureConfigurations()

Returns:

List of Signature configurations which are used to attempt validation.

getEncryptionConfigurations

public java.util.List<EncryptionConfiguration> getEncryptionConfigurations()

Returns:

List of Encryption configurations which are used to attempt validation.

getGenericJwtClaimsValidators

public java.util.List<GenericJwtClaimsValidator> getGenericJwtClaimsValidators()

Returns:

Generic JWT Claims validators which should be used to validate any JWT.