JwtConsumer consumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() consumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(315360000) // use seconds of 10 years to skip expiration validation as we need skip it in some cases.
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setMaxFutureValidityInMinutes(confService.getMaxTokenValidity())
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(new HmacKey(secret.getBytes())) .setRelaxVerificationKeyValidation() // allow shorter HMAC keys when used w/ HSxxx algs .build();
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(new HmacKey(secret.getBytes())) .setRelaxVerificationKeyValidation() // allow shorter HMAC keys when used w/ HSxxx algs .build();
String jwt = "eyJhbGciOiJIUzI1NiJ9" + ".eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjoxNDUzODE0NjA0LCJuYW1lIjoiSm9obiBEb2UifQ" + ".IXcDDLXEpGN9Po5C-Mz88jUCNYrHxu6TVJLavf0NgT8"; JwtConsumer consumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); JwtClaims claims = consumer.processToClaims(jwt); NumericDate expirationTime = claims.getExpirationTime(); if (NumericDate.now().isAfter(expirationTime)) { System.out.println("Token expired at " + expirationTime); } else { System.out.println("Token is still good until " + expirationTime); }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(pk) .setRequireExpirationTime() .setExpectedAudience("https://citrixp.com:8443/") .setExpectedIssuer("https://sts.windows.net/dd9b6a3e-29d1-4254-a746-e02941444517/") .build(); JwtClaims claims = jwtConsumer.processToClaims(data + "." + signedData); System.out.println("Subject: " + claims.getSubject()); System.out.println("UPN: " + claims.getStringClaimValue("upn")); // or whatever, etc....
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setVerificationKey(publicKey)
/** * The jwtConsumer class which will be used to verify and parse the JWT token from ping federate. * * @param jwtPublicKey The public key used to verify the signature on the JWT token. * @param pingFederateValidator The validator to add to the validation chain specifically for Ping Federate * @return The consumer to use */ @Bean public JwtConsumer jwtConsumer( @Qualifier("jwtPublicKey") final PublicKey jwtPublicKey, final PingFederateValidator pingFederateValidator ) { return new JwtConsumerBuilder() .setVerificationKey(jwtPublicKey) .setRequireExpirationTime() .registerValidator(pingFederateValidator) .build(); }
private static URI extractIssuer(final String jwt) throws InvalidJwtException, MalformedClaimException { // Parse JWT without validation final JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); final JwtContext jwtContext = jwtConsumer.process(jwt); // Resolve Json Web Key Set URI by the issuer String issuer = jwtContext.getJwtClaims().getIssuer(); if (issuer.endsWith("/")) { issuer = issuer.substring(0, issuer.length() - 1); } return URI.create(issuer); }
public JWTVerifier(final String secret, final String issuer, final String audience) { final JwtConsumerBuilder builder = new JwtConsumerBuilder(); if (StringUtils.isNotBlank(audience)) builder.setExpectedAudience(audience); if (StringUtils.isNotBlank(issuer)) builder.setExpectedIssuer(issuer); builder.setVerificationKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8))); builder.setAllowedClockSkewInSeconds(60); builder.setRelaxVerificationKeyValidation(); // Allow HMAC keys < 256 bits consumer = builder.build(); }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setVerificationKey(publicKey)
oidcConfig = new OIDCConfig("Hobson", "/login", "/token", "/userInfo", ".well-known/jwks.json", rsaJsonWebKey); jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(30)
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException { Map<String, Object> user = null; X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate); x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(issuer) .setExpectedAudience(audience) .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates .build(); // create the JwtConsumer instance // Validate the JWT and process it to the Claims JwtClaims claims = jwtConsumer.processToClaims(jwt); if(claims != null) { user = new HashMap<String, Object>(); user.put("userId", claims.getClaimValue("userId")); user.put("clientId", claims.getClaimValue("clientId")); List roles = claims.getStringListClaimValue("roles"); user.put("roles", roles); Object host = claims.getClaimValue("host"); if(host != null) user.put("host", host); } return user; } }
public Processor(final URI jwksUri, String[] audiences, String[] expectedIssuers) { final HttpsJwksVerificationKeyResolver resolver = new HttpsJwksVerificationKeyResolver(new HttpsJwks(jwksUri.toString())); this.consumer = new JwtConsumerBuilder() .setVerificationKeyResolver(resolver) // Set resolver key .setRequireIssuedAt() // Set require reserved claim: iat .setRequireExpirationTime() // Set require reserved claim: exp .setRequireSubject() // // Set require reserved claim: sub .setExpectedIssuers(true, expectedIssuers) .setExpectedAudience(audiences) .build(); }
public static JwtClaims getJwtClaims(String token) JwtConsumer jwtConsumer = new JwtConsumerBuilder()
public static boolean validateToken(String token) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(ISSUER) // whom the JWT needs to have been issued by .setExpectedAudience(AUDIENCE) // to whom the JWT is intended for .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key .build(); // create the JwtConsumer instance try { // Validate the JWT and process it to the Claims JwtClaims jwtClaims = jwtConsumer.processToClaims(token); //过期时间 //用户名和ID return true; } catch (InvalidJwtException e) { // InvalidJwtException will be thrown, if the JWT failed processing or validation in anyway. // Hopefully with meaningful explanations(s) about what went wrong. System.out.println("Invalid JWT! " + e); return false; } catch (Exception ex) { ex.printStackTrace(); return false; } }
System.out.println(jwt); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(30)
try { JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature()
final JwtConsumerBuilder builder = new JwtConsumerBuilder() .setRequireExpirationTime() .setRequireSubject()
final FeedParser parser = new FeedParser(articleDao, processor); final JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setAllowedClockSkewInSeconds(30) .setRequireExpirationTime()