com.nimbusds.jwt.proc

Class DefaultJWTClaimsVerifier<C extends SecurityContext>

java.lang.Object

com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier<C>

All Implemented Interfaces:

ClockSkewAware, JWTClaimsSetVerifier<C>, JWTClaimsVerifier

@ThreadSafe
public class DefaultJWTClaimsVerifier<C extends SecurityContext>
extends Object
implements JWTClaimsSetVerifier<C>, JWTClaimsVerifier, ClockSkewAware

Default JWT claims verifier. This class is thread-safe.

Performs the following checks:

1. If an expiration time (exp) claim is present, makes sure it is ahead of the current time, else the JWT claims set is rejected.
2. If a not-before-time (nbf) claim is present, makes sure it is before the current time, else the JWT claims set is rejected.

This class may be extended to perform additional checks.

Version:

2016-07-25

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_MAX_CLOCK_SKEW_SECONDS The default maximum acceptable clock skew, in seconds (60).

Constructor Summary

Constructors

Constructor and Description
DefaultJWTClaimsVerifier()

Method Summary

Modifier and Type	Method and Description
int	getMaxClockSkew() Gets the maximum acceptable clock skew.
void	setMaxClockSkew(int maxClockSkewSeconds) Sets the maximum acceptable clock skew.
void	verify(JWTClaimsSet claimsSet) Performs verification of selected or all claims in the specified JWT claims set.
void	verify(JWTClaimsSet claimsSet, C context) Verifies selected or all claims from the specified JWT claims set.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_MAX_CLOCK_SKEW_SECONDS

public static final int DEFAULT_MAX_CLOCK_SKEW_SECONDS

The default maximum acceptable clock skew, in seconds (60).

See Also:

Constant Field Values

Constructor Detail

DefaultJWTClaimsVerifier

public DefaultJWTClaimsVerifier()

Method Detail

getMaxClockSkew

public int getMaxClockSkew()

Description copied from interface: ClockSkewAware

Gets the maximum acceptable clock skew.

Specified by:

getMaxClockSkew in interface ClockSkewAware

Returns:

The maximum acceptable clock skew, in seconds. Zero if none.

setMaxClockSkew

public void setMaxClockSkew(int maxClockSkewSeconds)

Description copied from interface: ClockSkewAware

Sets the maximum acceptable clock skew.

Specified by:

setMaxClockSkew in interface ClockSkewAware

Parameters:

maxClockSkewSeconds - The maximum acceptable clock skew, in seconds. Zero if none.

verify

public void verify(JWTClaimsSet claimsSet)
            throws BadJWTException

Description copied from interface: JWTClaimsVerifier

Performs verification of selected or all claims in the specified JWT claims set.

Specified by:

verify in interface JWTClaimsVerifier

Parameters:

claimsSet - The JWT claims set. Not null.

Throws:

BadJWTException - If the JWT claims set is rejected.

verify

public void verify(JWTClaimsSet claimsSet,
                   C context)
            throws BadJWTException

Description copied from interface: JWTClaimsSetVerifier

Verifies selected or all claims from the specified JWT claims set.

Specified by:

verify in interface JWTClaimsSetVerifier<C extends SecurityContext>

Parameters:

claimsSet - The JWT claims set. Not null.

context - Optional context, null if not required.

Throws:

BadJWTException - If the JWT claims set is rejected.