JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setMaxFutureValidityInMinutes(confService.getMaxTokenValidity()) .setAllowedClockSkewInSeconds(confService.getAllowedClockSkew()) .setRequireSubject() .setExpectedIssuer(confService.getIssuer()) .setExpectedAudience(confService.getClientID()) .setVerificationKeyResolver(resolver) .build();
JwtConsumer consumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); consumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(315360000) // use seconds of 10 years to skip expiration validation as we need skip it in some cases. .setSkipDefaultAudienceValidation() .setVerificationKeyResolver(x509VerificationKeyResolver) .build();
public static JwtClaims getJwtClaims(String token) JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(ISSUER) // whom the JWT needs to have been issued by .setExpectedAudience(AUDIENCE) // to whom the JWT is intended for .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key .build(); // create the JwtConsumer instance
final JwtConsumerBuilder builder = new JwtConsumerBuilder() .setRequireExpirationTime() .setRequireSubject() .setSkipDefaultAudienceValidation() .setExpectedIssuer(authContextInfo.getIssuedBy()) .setVerificationKey(authContextInfo.getSignerKey()) .setJwsAlgorithmConstraints( new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256)); builder.setAllowedClockSkewInSeconds(authContextInfo.getExpGracePeriodSecs()); builder.setEvaluationTime(NumericDate.fromSeconds(0)); final JwtConsumer jwtConsumer = builder.build(); final JwtContext jwtContext = jwtConsumer.process(token); final String type = jwtContext.getJoseObjects().get(0).getHeader("typ");
if (token.getKey() != null && !token.getKey().isEmpty() && token.getType().equals(TokenType.JWT)) { try { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(60) .setExpectedIssuer(issuer != null ? issuer : config.getIssuer()) .setExpectedAudience(audience != null ? audience : config.getAudience()) .setEvaluationTime(org.jose4j.jwt.NumericDate.now()) .setVerificationKey(publicKey) .build(); JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey()); loggedUser.setIdentity((String) jwtClaims.getClaimValue("identity"));
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(CertificateUtils.stringToCertificate(certificate.getCertificate()).getPublicKey()) // Set public key .setExpectedIssuer(issuer) // Set expected issuer .setRequireIssuedAt() // Set require reserved claim: iat .setRequireExpirationTime() // Set require reserved claim: exp .setRequireSubject() // // Set require reserved claim: sub .build();
public JWTVerifier(final String secret, final String issuer, final String audience) { final JwtConsumerBuilder builder = new JwtConsumerBuilder(); if (StringUtils.isNotBlank(audience)) builder.setExpectedAudience(audience); if (StringUtils.isNotBlank(issuer)) builder.setExpectedIssuer(issuer); builder.setVerificationKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8))); builder.setAllowedClockSkewInSeconds(60); builder.setRelaxVerificationKeyValidation(); // Allow HMAC keys < 256 bits consumer = builder.build(); }
public Processor(final URI jwksUri, String[] audiences, String[] expectedIssuers) { final HttpsJwksVerificationKeyResolver resolver = new HttpsJwksVerificationKeyResolver(new HttpsJwks(jwksUri.toString())); this.consumer = new JwtConsumerBuilder() .setVerificationKeyResolver(resolver) // Set resolver key .setRequireIssuedAt() // Set require reserved claim: iat .setRequireExpirationTime() // Set require reserved claim: exp .setRequireSubject() // // Set require reserved claim: sub .setExpectedIssuers(true, expectedIssuers) .setExpectedAudience(audiences) .build(); }
final FeedParser parser = new FeedParser(articleDao, processor); final JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setAllowedClockSkewInSeconds(30) .setRequireExpirationTime() .setRequireSubject() .setVerificationKey(new HmacKey(VERIFICATION_KEY)) .setRelaxVerificationKeyValidation() .build(); final CachingJwtAuthenticator<User> cachingJwtAuthenticator = new CachingJwtAuthenticator<>( env.metrics(),
private static URI extractIssuer(final String jwt) throws InvalidJwtException, MalformedClaimException { // Parse JWT without validation final JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); final JwtContext jwtContext = jwtConsumer.process(jwt); // Resolve Json Web Key Set URI by the issuer String issuer = jwtContext.getJwtClaims().getIssuer(); if (issuer.endsWith("/")) { issuer = issuer.substring(0, issuer.length() - 1); } return URI.create(issuer); }
/** * The jwtConsumer class which will be used to verify and parse the JWT token from ping federate. * * @param jwtPublicKey The public key used to verify the signature on the JWT token. * @param pingFederateValidator The validator to add to the validation chain specifically for Ping Federate * @return The consumer to use */ @Bean public JwtConsumer jwtConsumer( @Qualifier("jwtPublicKey") final PublicKey jwtPublicKey, final PingFederateValidator pingFederateValidator ) { return new JwtConsumerBuilder() .setVerificationKey(jwtPublicKey) .setRequireExpirationTime() .registerValidator(pingFederateValidator) .build(); }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(new HmacKey(secret.getBytes())) .setRelaxVerificationKeyValidation() // allow shorter HMAC keys when used w/ HSxxx algs .build();
public JsonWebTokenVerificationBuilder requiringExpirationTime() { builder.setRequireExpirationTime(); return this; }
protected JsonWebToken verify(JwtConsumerBuilder builder, String jwt) { try { JwtClaims claims = builder.build().processToClaims(jwt); return new JsonWebToken(claims); } catch (InvalidJwtException e) { throw new SecurityException(e); } } }
/** * Indicates the expected value of the issuer ("iss") claim and that the claim is required. * Equivalent to calling {@link #setExpectedIssuer(boolean, String)} with {@code true} as the first argument. * @param expectedIssuer the value that the issuer claim must have to pass validation, {@code null} means that any value is acceptable * @return the same JwtConsumerBuilder */ public JwtConsumerBuilder setExpectedIssuer(String expectedIssuer) { return setExpectedIssuer(true, expectedIssuer); }
/** * Require that a subject ("sub") claim be present in the JWT and that its value * match that of the provided subject. * The subject ("sub") claim is defined in <a href="http://tools.ietf.org/html/rfc7519#section-4.1.2">Section 4.1.2 of RFC 7519</a>. * * @param subject the required value of the subject claim. * @return the same JwtConsumerBuilder */ public JwtConsumerBuilder setExpectedSubject(String subject) { this.expectedSubject = subject; return setRequireSubject(); }
public JsonWebTokenVerificationBuilder allowingClockSkewInSeconds(int seconds) { builder.setAllowedClockSkewInSeconds(seconds); return this; }
public JsonWebTokenVerificationBuilder expectingAudience(String audience) { builder.setExpectedAudience(audience); return this; }
public JsonWebTokenVerificationBuilder withVerificationKey(JsonKey key) { if (key instanceof JsonKeyPair) { builder.setVerificationKey(((JsonKeyPair) key).getPrivateKey()); } else { builder.setVerificationKey(key.getKey()); } return this; }
/** * Set the key to be used for JWS signature/MAC verification. * @param verificationKey the verification key. * @return the same JwtConsumerBuilder */ public JwtConsumerBuilder setVerificationKey(Key verificationKey) { return setVerificationKeyResolver(new SimpleKeyResolver(verificationKey)); }