public class JwtBuilderFilter extends Object implements Filter
The produced JWT can be unsecure(=unsigned), signed or signed then encrypted.
{
"type": "JwtBuilderFilter",
"config": {
"template" : map/expression [REQUIRED]
"signature" : { object [OPTIONAL but if set, inner attributes MAY BE
REQUIRED]
"secretId" : expression [REQUIRED - secret ID of the key used for
signing]
"algorithm" : expression [OPTIONAL - default to RS256*.]
"encryption" : { object [OPTIONAL but if set, inner attributes MAY BE
REQUIRED]
"secretId" : expression [REQUIRED - secret ID of the key used for
encryption]
"algorithm" : expression [REQUIRED - encryption algorithm **]
"method" : expression [REQUIRED - The encryption method ***]
}
}
}
}
* List of JWS Algorithms ** List of JWE Algorithms *** List of Encryption Methods
Example of use:
{
"type": "JwtBuilderFilter",
"config": {
"template": {
"mail": "${contexts.userProfile.rawInfo.mail[0]}",
"employeeNumber": "${contexts.userProfile.rawInfo.employeeNumber[0]}"
}
}
}
Example for signing a JWT:
{
"type": "JwtBuilderFilter",
"config": {
"template": "${attributes.userProfile}"
"signature" {
"secretId": "my.signature.key",
"algorithm": "HS384"
}
}
}
Example for signing then encrypting a JWT:
{
"type": "JwtBuilderFilter",
"config": {
"template": {
"mail": "${contexts.userProfile.rawInfo.mail[0]}",
"employeeNumber": "${contexts.userProfile.rawInfo.employeeNumber[0]}"
}
"signature" {
"secretId": "my.signature.key",
"algorithm": "HS256"
"encryption": {
"secretId": "my.encryption.key",
"algorithm": "dir",
"method": "A128CBC-HS256"
}
}
}
}
Note: Encryption must be configured with Commons Secrets API.Modifier and Type | Class and Description |
---|---|
static class |
JwtBuilderFilter.Heaplet
Creates and initializes an JwtBuilderFilter in a heap environment.
|
Constructor and Description |
---|
JwtBuilderFilter(JsonValue template,
JwtFactory jwtFactory)
Creates a new
JwtBuilderFilter which will create a JWT based on the given JSON template
and place it into the context JwtBuilderContext. |
Modifier and Type | Method and Description |
---|---|
Promise<Response,NeverThrowsException> |
filter(Context context,
Request request,
Handler next)
Filters the request and/or response of an exchange.
|
public JwtBuilderFilter(JsonValue template, JwtFactory jwtFactory)
JwtBuilderFilter
which will create a JWT based on the given JSON template
and place it into the context JwtBuilderContext.template
- The template representing the name-value pairs, not null
, as JsonValue
.
It must be a Map or a String, ie: "template" : { "value": "pair"} or
"template" : "${attributes.template}.jwtFactory
- The JwtFactory
used to create the JWT, not null
.public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright 2011-2017 ForgeRock AS.