com.fr.cert.token.impl

类 DefaultJwtParser

java.lang.Object

com.fr.cert.token.impl.DefaultJwtParser

所有已实现的接口:

JwtParser

public class DefaultJwtParser
extends java.lang.Object
implements JwtParser

字段概要

从接口继承的字段 com.fr.cert.token.JwtParser

SEPARATOR_CHAR

构造器概要

构造器

构造器和说明
DefaultJwtParser()

方法概要

方法

限定符和类型	方法和说明
protected JwtSignatureValidator	createSignatureValidator(SignatureAlgorithm alg, java.security.Key key)
boolean	isSigned(java.lang.String jwt) Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.
Jwt	parse(java.lang.String jwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.
<T> T	parse(java.lang.String compact, JwtHandler<T> handler) Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.
Jws<Claims>	parseClaimsJws(java.lang.String claimsJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.
Jwt<Header,Claims>	parseClaimsJwt(java.lang.String claimsJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
Jws<java.lang.String>	parsePlaintextJws(java.lang.String plaintextJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.
Jwt<Header,java.lang.String>	parsePlaintextJwt(java.lang.String plaintextJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
protected java.util.Map<java.lang.String,java.lang.Object>	readValue(java.lang.String val)
JwtParser	require(java.lang.String claimName, java.lang.Object value) Ensures that the specified claimName exists in the parsed JWT.
JwtParser	requireAudience(java.lang.String audience) Ensures that the specified aud exists in the parsed JWT.
JwtParser	requireExpiration(java.util.Date expiration) Ensures that the specified exp exists in the parsed JWT.
JwtParser	requireId(java.lang.String id) Ensures that the specified jti exists in the parsed JWT.
JwtParser	requireIssuedAt(java.util.Date issuedAt) Ensures that the specified iat exists in the parsed JWT.
JwtParser	requireIssuer(java.lang.String issuer) Ensures that the specified iss exists in the parsed JWT.
JwtParser	requireNotBefore(java.util.Date notBefore) Ensures that the specified nbf exists in the parsed JWT.
JwtParser	requireSubject(java.lang.String subject) Ensures that the specified sub exists in the parsed JWT.
JwtParser	setAllowedClockSkewSeconds(long seconds) Sets the amount of clock skew in seconds to tolerate when verifying the local time against the exp and nbf claims.
JwtParser	setClock(Clock clock) Sets the Clock that determines the timestamp to use when validating the parsed JWT.
JwtParser	setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver) Sets the CompressionCodecResolver used to acquire the CompressionCodec that should be used to decompress the JWT body.
JwtParser	setSigningKey(byte[] key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(java.security.Key key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(java.lang.String base64EncodedKeyBytes) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKeyResolver(SigningKeyResolver signingKeyResolver) Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

DefaultJwtParser

public DefaultJwtParser()

方法详细资料

requireIssuedAt

public JwtParser requireIssuedAt(java.util.Date issuedAt)

从接口复制的说明: JwtParser

Ensures that the specified iat exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireIssuedAt 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireIssuer

public JwtParser requireIssuer(java.lang.String issuer)

从接口复制的说明: JwtParser

Ensures that the specified iss exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireIssuer 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireAudience

public JwtParser requireAudience(java.lang.String audience)

从接口复制的说明: JwtParser

Ensures that the specified aud exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireAudience 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireSubject

public JwtParser requireSubject(java.lang.String subject)

从接口复制的说明: JwtParser

Ensures that the specified sub exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireSubject 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireId

public JwtParser requireId(java.lang.String id)

从接口复制的说明: JwtParser

Ensures that the specified jti exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireId 在接口中 JwtParser

返回:

the parser method for chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireExpiration

public JwtParser requireExpiration(java.util.Date expiration)

从接口复制的说明: JwtParser

Ensures that the specified exp exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireExpiration 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

requireNotBefore

public JwtParser requireNotBefore(java.util.Date notBefore)

从接口复制的说明: JwtParser

Ensures that the specified nbf exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

requireNotBefore 在接口中 JwtParser

返回:

the parser for method chaining

另请参阅:

MissingClaimException, IncorrectClaimException

require

public JwtParser require(java.lang.String claimName,
                java.lang.Object value)

从接口复制的说明: JwtParser

Ensures that the specified claimName exists in the parsed JWT. If missing or if the parsed value does not equal the specified value, an exception will be thrown indicating that the JWT is invalid and may not be used.

指定者:

require 在接口中 JwtParser

返回:

the parser for method chaining.

另请参阅:

MissingClaimException, IncorrectClaimException

setClock

public JwtParser setClock(Clock clock)

从接口复制的说明: JwtParser

Sets the Clock that determines the timestamp to use when validating the parsed JWT. The parser uses a DefaultClock instance by default.

指定者:

setClock 在接口中 JwtParser

参数:

clock - a Clock object to return the timestamp to use when validating the parsed JWT.

返回:

the parser for method chaining.

setAllowedClockSkewSeconds

public JwtParser setAllowedClockSkewSeconds(long seconds)

从接口复制的说明: JwtParser

Sets the amount of clock skew in seconds to tolerate when verifying the local time against the exp and nbf claims.

指定者:

setAllowedClockSkewSeconds 在接口中 JwtParser

参数:

seconds - the number of seconds to tolerate for clock skew when verifying exp or nbf claims.

返回:

the parser for method chaining.

setSigningKey

public JwtParser setSigningKey(byte[] key)

从接口复制的说明: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

指定者:

setSigningKey 在接口中 JwtParser

参数:

key - the algorithm-specific signature verification key used to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKey

public JwtParser setSigningKey(java.lang.String base64EncodedKeyBytes)

从接口复制的说明: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting byte array is used to invoke JwtParser.setSigningKey(byte[]).

指定者:

setSigningKey 在接口中 JwtParser

参数:

base64EncodedKeyBytes - the BASE64-encoded algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKey

public JwtParser setSigningKey(java.security.Key key)

从接口复制的说明: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

指定者:

setSigningKey 在接口中 JwtParser

参数:

key - the algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

返回:

the parser for method chaining.

setSigningKeyResolver

public JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver)

从接口复制的说明: JwtParser

Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature. If the parsed String is not a JWS (no signature), this resolver is not used.

Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing the JWT and the JWT header or payload (plaintext body or Claims) must be inspected first to determine how to look up the signing key. Once returned by the resolver, the JwtParser will then verify the JWS signature with the returned key. For example:

 Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
         @Override
         public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
             //inspect the header or claims, lookup and return the signing key
             return getSigningKey(header, claims); //implement me
         }})
     .parseClaimsJws(compact);
 

A SigningKeyResolver is invoked once during parsing before the signature is verified.

This method should only be used if a signing key is not provided by the other setSigningKey* builder methods.

指定者:

setSigningKeyResolver 在接口中 JwtParser

参数:

signingKeyResolver - the signing key resolver used to retrieve the signing key.

返回:

the parser for method chaining.

setCompressionCodecResolver

public JwtParser setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver)

从接口复制的说明: JwtParser

Sets the CompressionCodecResolver used to acquire the CompressionCodec that should be used to decompress the JWT body. If the parsed JWT is not compressed, this resolver is not used.

NOTE: Compression is not defined by the JWT Specification, and it is not expected that other libraries (including JJWT versions < 0.6.0) are able to consume a compressed JWT body correctly. This method is only useful if the compact JWT was compressed with JJWT >= 0.6.0 or another library that you know implements the same behavior.

Default Support

JJWT's default JwtParser implementation supports both the DEFLATE and GZIP algorithms by default - you do not need to specify a CompressionCodecResolver in these cases.

However, if you want to use a compression algorithm other than DEF or GZIP, you must implement your own CompressionCodecResolver and specify that via this method and also when building JWTs.

指定者:

setCompressionCodecResolver 在接口中 JwtParser

参数:

compressionCodecResolver - the compression codec resolver used to decompress the JWT body.

返回:

the parser for method chaining.

isSigned

public boolean isSigned(java.lang.String jwt)

从接口复制的说明: JwtParser

Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

Note that if you are reasonably sure that the token is signed, it is more efficient to attempt to parse the token (and catching exceptions if necessary) instead of calling this method first before parsing.

指定者:

isSigned 在接口中 JwtParser

参数:

jwt - the compact serialized JWT to check

返回:

true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

parse

public Jwt parse(java.lang.String jwt)
          throws ExpiredJwtException,
                 MalformedJwtException,
                 SignatureException

从接口复制的说明: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.

This method returns a JWT or JWS based on the parsed string. Because it may be cumbersome to determine if it is a JWT or JWS, or if the body/payload is a Claims or String with instanceof checks, the parse(String,JwtHandler) method allows for a type-safe callback approach that may help reduce code or instanceof checks.

指定者:

parse 在接口中 JwtParser

参数:

jwt - the compact serialized JWT to parse

返回:

the specified compact serialized JWT string based on the builder's current configuration state.

抛出:

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

另请参阅:

JwtParser.parse(String, JwtHandler), JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String)

createSignatureValidator

protected JwtSignatureValidator createSignatureValidator(SignatureAlgorithm alg,
                                             java.security.Key key)

parse

public <T> T parse(java.lang.String compact,
          JwtHandler<T> handler)
        throws ExpiredJwtException,
               MalformedJwtException,
               SignatureException

从接口复制的说明: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.

If you are confident of the format of the JWT before parsing, you can create an anonymous subclass using the JwtHandlerAdapter and override only the methods you know are relevant for your use case(s), for example:

 String compactJwt = request.getParameter("jwt"); //we are confident this is a signed JWS

 String subject = Jwts.parser().setSigningKey(key).parse(compactJwt, new JwtHandlerAdapter<String>() {
     @Override
     public String onClaimsJws(Jws<Claims> jws) {
         return jws.getBody().getSubject();
     }
 });
 

If you know the JWT string can be only one type of JWT, then it is even easier to invoke one of the following convenience methods instead of this one:

• JwtParser.parsePlaintextJwt(String)
• JwtParser.parseClaimsJwt(String)
• JwtParser.parsePlaintextJws(String)
• JwtParser.parseClaimsJws(String)

指定者:

parse 在接口中 JwtParser

参数:

compact - the compact serialized JWT to parse

返回:

the result returned by the JwtHandler

抛出:

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

另请参阅:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String)

parsePlaintextJwt

public Jwt<Header,java.lang.String> parsePlaintextJwt(java.lang.String plaintextJwt)

从接口复制的说明: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned plaintext JWT. An unsigned plaintext JWT has a String (non-JSON) body payload and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned plaintext JWT with non-JSON string body, an UnsupportedJwtException will be thrown.

指定者:

parsePlaintextJwt 在接口中 JwtParser

参数:

plaintextJwt - a compact serialized unsigned plaintext JWT string.

返回:

the Jwt instance that reflects the specified compact JWT string.

另请参阅:

JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parseClaimsJwt

public Jwt<Header,Claims> parseClaimsJwt(java.lang.String claimsJwt)

从接口复制的说明: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned Claims JWT. An unsigned Claims JWT has a Claims body and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned Claims JWT, an UnsupportedJwtException will be thrown.

指定者:

parseClaimsJwt 在接口中 JwtParser

参数:

claimsJwt - a compact serialized unsigned Claims JWT string.

返回:

the Jwt instance that reflects the specified compact JWT string.

另请参阅:

JwtParser.parsePlaintextJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parsePlaintextJws

public Jws<java.lang.String> parsePlaintextJws(java.lang.String plaintextJws)

从接口复制的说明: JwtParser

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a plaintext JWS. A plaintext JWS is a JWT with a String (non-JSON) body (payload) that has been cryptographically signed.

If the compact string presented does not reflect a plaintext JWS, an UnsupportedJwtException will be thrown.

指定者:

parsePlaintextJws 在接口中 JwtParser

参数:

plaintextJws - a compact serialized JWS string.

返回:

the Jws instance that reflects the specified compact JWS string.

另请参阅:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parseClaimsJws

public Jws<Claims> parseClaimsJws(java.lang.String claimsJws)

从接口复制的说明: JwtParser

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a Claims JWS. A Claims JWS is a JWT with a Claims body that has been cryptographically signed.

If the compact string presented does not reflect a Claims JWS, an UnsupportedJwtException will be thrown.

指定者:

parseClaimsJws 在接口中 JwtParser

参数:

claimsJws - a compact serialized Claims JWS string.

返回:

the Jws instance that reflects the specified compact Claims JWS string.

另请参阅:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

readValue

protected java.util.Map<java.lang.String,java.lang.Object> readValue(java.lang.String val)