public interface SigningKeyResolver
SigningKeyResolver can be used by a JwtParser to find a signing key that
should be used to verify a JWS signature.
A SigningKeyResolver is necessary when the signing key is not already known before parsing the JWT and the
JWT header or payload (plaintext body or Claims) must be inspected first to determine how to look up the signing key.
Once returned by the resolver, the JwtParser will then verify the JWS signature with the returned key. For
example:
Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
//inspect the header or claims, lookup and return the signing key
return getSigningKeyBytes(header, claims); //implement me
}})
.parseClaimsJws(compact);
A SigningKeyResolver is invoked once during parsing before the signature is verified.
If you only need to resolve a signing key for a particular JWS (either a plaintext or Claims JWS), consider using
the SigningKeyResolverAdapter and overriding only the method you need to support instead of
implementing this interface directly.
SigningKeyResolverAdapter| 限定符和类型 | 方法和说明 |
|---|---|
java.security.Key |
resolveSigningKey(JwsHeader header,
Claims claims)
Returns the signing key that should be used to validate a digital signature for the Claims JWS with the specified
header and claims.
|
java.security.Key |
resolveSigningKey(JwsHeader header,
java.lang.String plaintext)
Returns the signing key that should be used to validate a digital signature for the Plaintext JWS with the
specified header and plaintext payload.
|
java.security.Key resolveSigningKey(JwsHeader header, Claims claims)
header - the header of the JWS to validateclaims - the claims (body) of the JWS to validatejava.security.Key resolveSigningKey(JwsHeader header, java.lang.String plaintext)
header - the header of the JWS to validateplaintext - the plaintext body of the JWS to validate