Module io.inverno.mod.session
Package io.inverno.mod.session.internal.jwt

Class JWTSSessionIdGenerator<A,B>

java.lang.Object
io.inverno.mod.session.internal.jwt.JWTSSessionIdGenerator<A,B>
Type Parameters:
A - the session data type
B - the stateless session data type
All Implemented Interfaces:
JWTSessionIdGenerator<A,B>, SessionIdGenerator<A,JWTSession<A,B>>
public class JWTSSessionIdGenerator<A,B> extends Object

A JWT session id generator that generates JWT as JWS which guarantees the integrity of the stateless session data within the session id.

When specified, the issuer is validated when reading JWT session identifier.

Since:
1.13
Author:
Jeremy Kuhn

  • Field Details

    • jwtService

      protected final JWTService jwtService
      The JWT service.

    • issuer

      protected final String issuer
      The JWT issuer.

  • Constructor Details

    • JWTSSessionIdGenerator

      public JWTSSessionIdGenerator(JWTService jwtService, Consumer<JWSHeaderConfigurator<?>> headerConfigurer)

      Creates a JWS JWT session id generator.

      Parameters:
      jwtService - the JWT service
      headerConfigurer - a JWS header configurer

    • JWTSSessionIdGenerator

      public JWTSSessionIdGenerator(JWTService jwtService, Consumer<JWSHeaderConfigurator<?>> headerConfigurer, String issuer)

      Creates a JWS JWT session id generator.

      Parameters:
      jwtService - the JWT service
      headerConfigurer - a JWS header configurer
      issuer - the issuer

  • Method Details

    • doGenerateJWT

      protected Mono<JWS<JWTClaimsSet>> doGenerateJWT(JWTClaimsSet.Builder<JWTClaimsSet,?> jwtClaimsSetBuilder)

      Generates the JWT from the prefilled JWT claims set builder.

      Parameters:
      jwtClaimsSetBuilder - a prefilled JWT claims set builder
      Returns:
      a mono generating the JWT

    • doReadJWT

      protected Mono<JWS<JWTClaimsSet>> doReadJWT(String sessionId)

      Reads the JWT session id and returns the corresponding JWT object.

      Parameters:
      sessionId - a JWT session id
      Returns:
      a mono emitting the JWT corresponding object

    • getIssuer

      public String getIssuer()

      Returns the JWT issuer.

      Returns:
      the issuer

    • generateJWT

      public Mono<JWS<JWTClaimsSet>> generateJWT(JWTSession<A,B> session)
      Description copied from interface: JWTSessionIdGenerator

      Generates a JWT session identifier for the specified JWT session.

      Implementors should ensure that JWT are generated with unique JWT token identifiers (i.e. JTI) to prevent against replay attack.

      Specified by:
      generateJWT in interface JWTSessionIdGenerator<A,B>
      Parameters:
      session - a JWT session
      Returns:
      a mono generating a JWT

    • readJWT

      public Mono<JWS<JWTClaimsSet>> readJWT(String sessionId)
      Description copied from interface: JWTSessionIdGenerator

      Validates and decrypts the specified JWT session identifier.

      Specified by:
      readJWT in interface JWTSessionIdGenerator<A,B>
      Parameters:
      sessionId - a JWT session identifier
      Returns:
      a mono reading a JWT session identifier