Module io.inverno.mod.security.jose
Package io.inverno.mod.security.jose.jwt

Class JWTSAuthenticator<A extends JWTClaimsSet>

java.lang.Object
io.inverno.mod.security.jose.jwt.JWTSAuthenticator<A>
Type Parameters:
A - the JWT claims set type
All Implemented Interfaces:
Authenticator<TokenCredentials,JWTSAuthentication<A>>
public class JWTSAuthenticator<A extends JWTClaimsSet> extends Object implements Authenticator<TokenCredentials,JWTSAuthentication<A>>

An authenticator implementation that authenticates JWTS token credentials.

The expected token must be a valid JWTS compact string which is not using NoAlgorithm.NONE algorithm.

Since:
1.5
Author:
Jeremy Kuhn

  • Constructor Details

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService)

      Creates a JWTS authenticator with the specified JWT service.

      Parameters:
      jwtService - the JWT service

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Publisher<? extends JWK> keys)

      Creates a JWTS authenticator with the specified JWT service and keys.

      Parameters:
      jwtService - the JWT service
      keys - the keys to consider to verify the JWTS

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service and processed parameters.

      Parameters:
      jwtService - the JWT service
      processedParameters - the parameters processed by the application

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Publisher<? extends JWK> keys, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service, keys and processed parameters.

      Parameters:
      jwtService - the JWT service
      keys - the keys to consider to verify the JWTS
      processedParameters - the parameters processed by the application

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Class<A> type)

      Creates a JWTS authenticator with the specified JWT service and JWT claims set type.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Type type)

      Creates a JWTS authenticator with the specified JWT service and JWT claims set type.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Class<A> type, Publisher<? extends JWK> keys)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type and keys.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      keys - the keys to consider to verify the JWTS

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Type type, Publisher<? extends JWK> keys)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type and keys.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      keys - the keys to consider to verify the JWTS

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Class<A> type, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type and processed parameters.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      processedParameters - the parameters processed by the application

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Type type, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type and processed parameters.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      processedParameters - the parameters processed by the application

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Class<A> type, Publisher<? extends JWK> keys, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type, keys and processed parameters.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      keys - the keys to consider to verify the JWTS
      processedParameters - the parameters processed by the application

    • JWTSAuthenticator

      public JWTSAuthenticator(JWTService jwtService, Type type, Publisher<? extends JWK> keys, String... processedParameters)

      Creates a JWTS authenticator with the specified JWT service, JWT claims set type, keys and processed parameters.

      Parameters:
      jwtService - the JWT service
      type - the JWT claims set type
      keys - the keys to consider to verify the JWTS
      processedParameters - the parameters processed by the application

  • Method Details

    • validate

      public JWTSAuthenticator validate(JWTClaimsSetValidator validator)

      Adds the specified validator to the JWT claims set.

      Parameters:
      validator - the validator to add
      Returns:
      the JWTS authenticator

    • setValidators

      public void setValidators(List<JWTClaimsSetValidator> validators)

      Sets the JWT claims set validators.

      Parameters:
      validators - a list of validators or null to clear the validators

    • getValidators

      public final List<JWTClaimsSetValidator> getValidators()

      Returns the list of JWT claims set validators.

      Returns:
      the JWT claims set validators

    • authenticate

      public Mono<JWTSAuthentication<A>> authenticate(TokenCredentials credentials)
      Description copied from interface: Authenticator

      Authenticates the specified credentials and returns an authentication.

      Implementations can return an empty mono to indicate that they were unable to authenticate the credentials. This does not mean credentials are invalid, this simply mean that a particular authenticator does not manage them and therefore can's possibly determine whether they are valid. For example, when considering login credentials composed of a user and a password, an authenticator which does not manage that particular user can return an empty mono.

      Implementations must return denied authentications with AuthenticationException when they were able to authenticate credentials which turned out to be invalid. For example, a login credentials authenticator must return a denied authentication exception when it does manage a particular username but the provided password was invalid.

      A denied authentication can also bre reported by throwing an AuthenticationException when returning an actual authentication instance is not practical.

      Specified by:
      authenticate in interface Authenticator<TokenCredentials,JWTSAuthentication<A extends JWTClaimsSet>>
      Parameters:
      credentials - the credentials to authenticate
      Returns:
      a mono emitting an authentication, an error mono or an empty mono if the authenticator could not authenticate the credentials