public final class Constraints extends Object
Constraints
are defined for JWT validation.Modifier and Type | Field and Description |
---|---|
static Duration |
SKEW_ALLOWANCE
Based on the EXP claim concept from rfc7519: The amount of time allowance between JWT expiring and current time
when using EXP claim.
|
Modifier and Type | Method and Description |
---|---|
static <T> JwtClaimConstraint<Collection<T>> |
contains(T expected)
Returns
empty if the list contains the expected value. |
static <T> JwtClaimConstraint<Collection<T>> |
containsOnly(T expected)
Returns
empty if the list contains only the expected value. |
static JwtConstraint |
hasClaims()
Returns
empty if the JWT does contain claims. |
static JwtConstraint |
hasValidSignature(SigningHandler signingHandler)
Validates the signature of this
SignedJwt . |
static JwtClaimConstraint<Instant> |
isAfter(Clock clock)
Returns
empty if the timestamp is after the given date. |
static JwtClaimConstraint<Instant> |
isAfter(Clock clock,
TemporalAmount skewAllowance)
Returns
empty if the timestamp is after the given date. |
static JwtClaimConstraint<Instant> |
isBefore(Clock clock)
Returns
empty if the timestamp is before the given date. |
static JwtClaimConstraint<Instant> |
isBefore(Clock clock,
TemporalAmount skewAllowance)
Returns
empty if the timestamp is before the given date. |
static <T> JwtClaimConstraint<T> |
isEqualTo(T expected)
Returns
empty if the value is equal to the one expected and fulfill the Violation with the custom
error message. |
static JwtClaimConstraint<JsonValue> |
isNotNull()
Returns
empty if the value is present. |
public static final Duration SKEW_ALLOWANCE
public static <T> JwtClaimConstraint<T> isEqualTo(T expected)
empty
if the value is equal to the one expected and fulfill the Violation
with the custom
error message.T
- The type on which the constraint applies.expected
- The expected value.empty
if the value is equal to the one expected or a Violation
corresponding to this
constraint.public static <T> JwtClaimConstraint<Collection<T>> contains(T expected)
empty
if the list contains the expected value.T
- The type on which the constraint applies.expected
- The expected value.empty
if the value is contained in the list or a Violation
corresponding to this
constraint.public static <T> JwtClaimConstraint<Collection<T>> containsOnly(T expected)
empty
if the list contains only the expected value.T
- The type on which the constraint applies.expected
- The expected value.empty
if the value is contained in the singletonlist or a Violation
corresponding to this
constraint.public static JwtClaimConstraint<Instant> isAfter(Clock clock)
empty
if the timestamp is after the given date.
This method uses the default SKEW_ALLOWANCE
.clock
- The current clock.empty
if the timestamp is not after or a Violation
corresponding to this constraint.public static JwtClaimConstraint<Instant> isAfter(Clock clock, TemporalAmount skewAllowance)
empty
if the timestamp is after the given date.clock
- The current clock.skewAllowance
- The clock skew to apply.empty
if the timestamp is not after or a Violation
corresponding to this constraint.public static JwtClaimConstraint<Instant> isBefore(Clock clock)
empty
if the timestamp is before the given date.
This method uses the default SKEW_ALLOWANCE
.clock
- The current clock.empty
if the timestamp is not before or a Violation
corresponding to this constraint.public static JwtClaimConstraint<Instant> isBefore(Clock clock, TemporalAmount skewAllowance)
empty
if the timestamp is before the given date.
If the timestamp is equal to clock + skew, the timestamp is considered to be before the current clock.
(Upper limit included).clock
- The current clock.skewAllowance
- The clock skew to apply.empty
if the timestamp is not before or a Violation
corresponding to this constraint.public static JwtClaimConstraint<JsonValue> isNotNull()
empty
if the value is present.empty
if the value is present in the list or a Violation
corresponding to this
constraint.public static JwtConstraint hasClaims()
empty
if the JWT does contain claims.empty
if the JWT does contain claims or a Violation
corresponding to this constraint.public static JwtConstraint hasValidSignature(SigningHandler signingHandler)
SignedJwt
.signingHandler
- The signing handler used to verify the signature.empty
if the JWT has a valid signature or a Violation
corresponding to this constraint.Copyright 2011-2017 ForgeRock AS.