-
Notifications
You must be signed in to change notification settings - Fork 0
Creating a Processor Configuration
Mislav Miličević edited this page Jan 30, 2020
·
3 revisions
When analyzing and verifying a JSON Web Token, the JWT Processor uses an internal configuration to determine the validity of the token that is being processed. When creating a processor instance, users must provide a configuration object.
To create a processor configuration, users can either implement the JWTProcessorConfiguration interface or extend AbstractJWTProcessorConfiguration. The difference between the two is that the abstract class provides some default values.
In this example we'll be using the AbstractJWTProcessorConfiguration as our parent class:
import com.nsoft.api.security.jwt.verifier.AbstractJWTProcessorConfiguration;
import com.nsoft.api.security.jwt.verifier.JWSAlgorithm;
import java.util.Optional;
public class MyProcessorConfiguration extends AbstractJWTProcessorConfiguration {
@Override
public String getJWKSUrl() {
return "http://localhost:18081/.well-known/jwks.json";
}
@Override
public Optional<String> getIssuer() {
return Optional.of("http://localhost:8080");
}
@Override
public JWSAlgorithm getSigningAlgorithm() {
return JWSAlgorithm.RS256;
}
}-
getJWKSUrl()- must return a URL pointing to a JSON Web Key Set -
getIssuer()- must return anOptional<String>either containing anissuerstring or null; if the returnedOptional<String>is not empty, the contents are used to validate the token issuer, otherwise the validation is ignored -
getSigningAlgorithm()- must return an algorithm which is used to validate if the token currently being processed is signed with the correct algorithm