com.fr.cert.token

接口 JwtParser

所有已知实现类:

DefaultJwtParser

public interface JwtParser

A parser for reading JWT strings, used to convert them into a Jwt object representing the expanded JWT.

从以下版本开始:

0.1

字段概要

字段

限定符和类型	字段和说明
static char	SEPARATOR_CHAR

方法概要

方法

限定符和类型	方法和说明
boolean	isSigned(java.lang.String jwt) Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.
Jwt	parse(java.lang.String jwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.
<T> T	parse(java.lang.String jwt, JwtHandler<T> handler) Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.
Jws<Claims>	parseClaimsJws(java.lang.String claimsJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.
Jwt<Header,Claims>	parseClaimsJwt(java.lang.String claimsJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
Jws<java.lang.String>	parsePlaintextJws(java.lang.String plaintextJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.
Jwt<Header,java.lang.String>	parsePlaintextJwt(java.lang.String plaintextJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
JwtParser	require(java.lang.String claimName, java.lang.Object value) Ensures that the specified claimName exists in the parsed JWT.
JwtParser	requireAudience(java.lang.String audience) Ensures that the specified aud exists in the parsed JWT.
JwtParser	requireExpiration(java.util.Date expiration) Ensures that the specified exp exists in the parsed JWT.
JwtParser	requireId(java.lang.String id) Ensures that the specified jti exists in the parsed JWT.
JwtParser	requireIssuedAt(java.util.Date issuedAt) Ensures that the specified iat exists in the parsed JWT.
JwtParser	requireIssuer(java.lang.String issuer) Ensures that the specified iss exists in the parsed JWT.
JwtParser	requireNotBefore(java.util.Date notBefore) Ensures that the specified nbf exists in the parsed JWT.
JwtParser	requireSubject(java.lang.String subject) Ensures that the specified sub exists in the parsed JWT.
JwtParser	setAllowedClockSkewSeconds(long seconds) Sets the amount of clock skew in seconds to tolerate when verifying the local time against the exp and nbf claims.
JwtParser	setClock(Clock clock) Sets the Clock that determines the timestamp to use when validating the parsed JWT.
JwtParser	setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver) Sets the CompressionCodecResolver used to acquire the CompressionCodec that should be used to decompress the JWT body.
JwtParser	setSigningKey(byte[] key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(java.security.Key key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(java.lang.String base64EncodedKeyBytes) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKeyResolver(SigningKeyResolver signingKeyResolver) Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature.

字段详细资料

SEPARATOR_CHAR

static final char SEPARATOR_CHAR

另请参阅:

常量字段值

方法详细资料

requireId

JwtParser requireId(java.lang.String id)

Ensures that the specified jti exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

id -

返回:

the parser method for chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireSubject

JwtParser requireSubject(java.lang.String subject)

Ensures that the specified sub exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

subject -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireAudience

JwtParser requireAudience(java.lang.String audience)

Ensures that the specified aud exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

audience -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireIssuer

JwtParser requireIssuer(java.lang.String issuer)

Ensures that the specified iss exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

issuer -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireIssuedAt

JwtParser requireIssuedAt(java.util.Date issuedAt)

Ensures that the specified iat exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

issuedAt -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireExpiration

JwtParser requireExpiration(java.util.Date expiration)

Ensures that the specified exp exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

expiration -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireNotBefore

JwtParser requireNotBefore(java.util.Date notBefore)

Ensures that the specified nbf exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

notBefore -

返回:

the parser for method chaining

另请参阅:

MissingClaimException, IncorrectClaimException

require

JwtParser require(java.lang.String claimName,
                java.lang.Object value)

Ensures that the specified claimName exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

参数:

claimName -

value -

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

setClock

JwtParser setClock(Clock clock)

Sets the Clock that determines the timestamp to use when validating the parsed JWT. The parser uses a DefaultClock instance by default.

参数:

clock - a Clock object to return the timestamp to use when validating the parsed JWT.

返回:

the parser for method chaining.

从以下版本开始:

0.7.0

setAllowedClockSkewSeconds

JwtParser setAllowedClockSkewSeconds(long seconds)

Sets the amount of clock skew in seconds to tolerate when verifying the local time against the exp and nbf claims.

参数:

seconds - the number of seconds to tolerate for clock skew when verifying exp or nbf claims.

返回:

the parser for method chaining.

从以下版本开始:

0.7.0

setSigningKey

JwtParser setSigningKey(byte[] key)

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

参数:

key - the algorithm-specific signature verification key used to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKey

JwtParser setSigningKey(java.lang.String base64EncodedKeyBytes)

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting byte array is used to invoke setSigningKey(byte[]).

参数:

base64EncodedKeyBytes - the BASE64-encoded algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKey

JwtParser setSigningKey(java.security.Key key)

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

参数:

key - the algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKeyResolver

JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver)

Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature. If the parsed String is not a JWS (no signature), this resolver is not used.

Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing the JWT and the JWT header or payload (plaintext body or Claims) must be inspected first to determine how to look up the signing key. Once returned by the resolver, the JwtParser will then verify the JWS signature with the returned key. For example:

 Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
         @Override
         public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
             //inspect the header or claims, lookup and return the signing key
             return getSigningKey(header, claims); //implement me
         }})
     .parseClaimsJws(compact);
 

A SigningKeyResolver is invoked once during parsing before the signature is verified.

This method should only be used if a signing key is not provided by the other setSigningKey* builder methods.

参数:

signingKeyResolver - the signing key resolver used to retrieve the signing key.

返回:

the parser for method chaining.

从以下版本开始:

0.4

setCompressionCodecResolver

JwtParser setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver)

Sets the CompressionCodecResolver used to acquire the CompressionCodec that should be used to decompress the JWT body. If the parsed JWT is not compressed, this resolver is not used.

NOTE: Compression is not defined by the JWT Specification, and it is not expected that other libraries (including JJWT versions < 0.6.0) are able to consume a compressed JWT body correctly. This method is only useful if the compact JWT was compressed with JJWT >= 0.6.0 or another library that you know implements the same behavior.

Default Support

JJWT's default JwtParser implementation supports both the DEFLATE and GZIP algorithms by default - you do not need to specify a CompressionCodecResolver in these cases.

However, if you want to use a compression algorithm other than DEF or GZIP, you must implement your own CompressionCodecResolver and specify that via this method and also when building JWTs.

参数:

compressionCodecResolver - the compression codec resolver used to decompress the JWT body.

返回:

the parser for method chaining.

从以下版本开始:

0.6.0

isSigned

boolean isSigned(java.lang.String jwt)

Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

Note that if you are reasonably sure that the token is signed, it is more efficient to attempt to parse the token (and catching exceptions if necessary) instead of calling this method first before parsing.

参数:

jwt - the compact serialized JWT to check

返回:

true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

parse

Jwt parse(java.lang.String jwt)
          throws ExpiredJwtException,
                 MalformedJwtException,
                 SignatureException,
                 java.lang.IllegalArgumentException

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.

This method returns a JWT or JWS based on the parsed string. Because it may be cumbersome to determine if it is a JWT or JWS, or if the body/payload is a Claims or String with instanceof checks, the parse(String,JwtHandler) method allows for a type-safe callback approach that may help reduce code or instanceof checks.

参数:

jwt - the compact serialized JWT to parse

返回:

the specified compact serialized JWT string based on the builder's current configuration state.

抛出:

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

java.lang.IllegalArgumentException - if the specified string is null or empty or only whitespace.

另请参阅:

parse(String, JwtHandler), parsePlaintextJwt(String), parseClaimsJwt(String), parsePlaintextJws(String), parseClaimsJws(String)

parse

<T> T parse(java.lang.String jwt,
          JwtHandler<T> handler)
        throws ExpiredJwtException,
               UnsupportedJwtException,
               MalformedJwtException,
               SignatureException,
               java.lang.IllegalArgumentException

Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.

If you are confident of the format of the JWT before parsing, you can create an anonymous subclass using the JwtHandlerAdapter and override only the methods you know are relevant for your use case(s), for example:

 String compactJwt = request.getParameter("jwt"); //we are confident this is a signed JWS

 String subject = Jwts.parser().setSigningKey(key).parse(compactJwt, new JwtHandlerAdapter<String>() {
     @Override
     public String onClaimsJws(Jws<Claims> jws) {
         return jws.getBody().getSubject();
     }
 });
 

If you know the JWT string can be only one type of JWT, then it is even easier to invoke one of the following convenience methods instead of this one:

• parsePlaintextJwt(String)
• parseClaimsJwt(String)
• parsePlaintextJws(String)
• parseClaimsJws(String)

参数:

jwt - the compact serialized JWT to parse

返回:

the result returned by the JwtHandler

抛出:

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

java.lang.IllegalArgumentException - if the specified string is null or empty or only whitespace, or if the handler is null.

UnsupportedJwtException

从以下版本开始:

0.2

另请参阅:

parsePlaintextJwt(String), parseClaimsJwt(String), parsePlaintextJws(String), parseClaimsJws(String), parse(String)

parsePlaintextJwt

Jwt<Header,java.lang.String> parsePlaintextJwt(java.lang.String plaintextJwt)
                                               throws UnsupportedJwtException,
                                                      MalformedJwtException,
                                                      SignatureException,
                                                      java.lang.IllegalArgumentException

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned plaintext JWT. An unsigned plaintext JWT has a String (non-JSON) body payload and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned plaintext JWT with non-JSON string body, an UnsupportedJwtException will be thrown.

参数:

plaintextJwt - a compact serialized unsigned plaintext JWT string.

返回:

the Jwt instance that reflects the specified compact JWT string.

抛出:

UnsupportedJwtException - if the plaintextJwt argument does not represent an unsigned plaintext JWT

MalformedJwtException - if the plaintextJwt string is not a valid JWT

SignatureException - if the plaintextJwt string is actually a JWS and signature validation fails

java.lang.IllegalArgumentException - if the plaintextJwt string is null or empty or only whitespace

从以下版本开始:

0.2

另请参阅:

parseClaimsJwt(String), parsePlaintextJws(String), parseClaimsJws(String), parse(String, JwtHandler), parse(String)

parseClaimsJwt

Jwt<Header,Claims> parseClaimsJwt(java.lang.String claimsJwt)
                                  throws ExpiredJwtException,
                                         UnsupportedJwtException,
                                         MalformedJwtException,
                                         SignatureException,
                                         java.lang.IllegalArgumentException

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned Claims JWT. An unsigned Claims JWT has a Claims body and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned Claims JWT, an UnsupportedJwtException will be thrown.

参数:

claimsJwt - a compact serialized unsigned Claims JWT string.

返回:

the Jwt instance that reflects the specified compact JWT string.

抛出:

UnsupportedJwtException - if the claimsJwt argument does not represent an unsigned Claims JWT

MalformedJwtException - if the claimsJwt string is not a valid JWT

SignatureException - if the claimsJwt string is actually a JWS and signature validation fails

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

java.lang.IllegalArgumentException - if the claimsJwt string is null or empty or only whitespace

从以下版本开始:

0.2

另请参阅:

parsePlaintextJwt(String), parsePlaintextJws(String), parseClaimsJws(String), parse(String, JwtHandler), parse(String)

parsePlaintextJws

Jws<java.lang.String> parsePlaintextJws(java.lang.String plaintextJws)
                                        throws UnsupportedJwtException,
                                               MalformedJwtException,
                                               SignatureException,
                                               java.lang.IllegalArgumentException

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a plaintext JWS. A plaintext JWS is a JWT with a String (non-JSON) body (payload) that has been cryptographically signed.

If the compact string presented does not reflect a plaintext JWS, an UnsupportedJwtException will be thrown.

参数:

plaintextJws - a compact serialized JWS string.

返回:

the Jws instance that reflects the specified compact JWS string.

抛出:

UnsupportedJwtException - if the plaintextJws argument does not represent an plaintext JWS

MalformedJwtException - if the plaintextJws string is not a valid JWS

SignatureException - if the plaintextJws JWS signature validation fails

java.lang.IllegalArgumentException - if the plaintextJws string is null or empty or only whitespace

从以下版本开始:

0.2

另请参阅:

parsePlaintextJwt(String), parseClaimsJwt(String), parseClaimsJws(String), parse(String, JwtHandler), parse(String)

parseClaimsJws

Jws<Claims> parseClaimsJws(java.lang.String claimsJws)
                           throws ExpiredJwtException,
                                  UnsupportedJwtException,
                                  MalformedJwtException,
                                  SignatureException,
                                  java.lang.IllegalArgumentException

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a Claims JWS. A Claims JWS is a JWT with a Claims body that has been cryptographically signed.

If the compact string presented does not reflect a Claims JWS, an UnsupportedJwtException will be thrown.

参数:

claimsJws - a compact serialized Claims JWS string.

返回:

the Jws instance that reflects the specified compact Claims JWS string.

抛出:

UnsupportedJwtException - if the claimsJws argument does not represent an Claims JWS

MalformedJwtException - if the claimsJws string is not a valid JWS

SignatureException - if the claimsJws JWS signature validation fails

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

java.lang.IllegalArgumentException - if the claimsJws string is null or empty or only whitespace

从以下版本开始:

0.2

另请参阅:

parsePlaintextJwt(String), parseClaimsJwt(String), parsePlaintextJws(String), parse(String, JwtHandler), parse(String)