Class DefaultJWTClaimsProvider
java.lang.Object
org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider
- All Implemented Interfaces:
JWTClaimsProvider
A default implementation to create a JWTClaims object. The Subject name is the name
of the current principal.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionlongGet how long (in seconds) a client-supplied Created Element is allowed to be in the future.getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) Get a JwtClaims object.longGet the default lifetime in seconds for issued JWT token where requestor doesn't specify a lifetime elementlongGet the maximum lifetime in seconds for issued JWT token if requestor specifies lifetime elementprotected PrincipalgetPrincipal(JWTClaimsProviderParameters jwtClaimsProviderParameters) Get the Principal (which is used as the Subject).protected StringgetSubjectName(JWTClaimsProviderParameters jwtClaimsProviderParameters) protected voidhandleActAs(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) protected voidhandleAudienceRestriction(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) Set the audience restriction claim.protected voidhandleConditions(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) protected voidhandleWSTrustClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) booleanIs client lifetime element accepted Default: falsebooleanIf requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetimebooleanvoidsetAcceptClientLifetime(boolean acceptClientLifetime) Set whether client lifetime is acceptedvoidsetClaimTypeMap(Map<String, String> claimTypeMap) Specify a way to map ClaimType URIs to custom ClaimTypesvoidsetFailLifetimeExceedance(boolean failLifetimeExceedance) If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetimevoidsetFutureTimeToLive(long futureTimeToLive) Set how long (in seconds) a client-supplied Created Element is allowed to be in the future.voidsetLifetime(long lifetime) Set the default lifetime in seconds for issued JWT tokensvoidsetMaxLifetime(long maxLifetime) Set the maximum lifetime in seconds for issued JWT tokensvoidsetUseX500CN(boolean useX500CN)
-
Field Details
-
DEFAULT_MAX_LIFETIME
public static final long DEFAULT_MAX_LIFETIME- See Also:
-
-
Constructor Details
-
DefaultJWTClaimsProvider
public DefaultJWTClaimsProvider()
-
-
Method Details
-
getJwtClaims
Get a JwtClaims object.- Specified by:
getJwtClaimsin interfaceJWTClaimsProvider
-
getSubjectName
-
getPrincipal
Get the Principal (which is used as the Subject). By default, we check the following (in order): - A valid OnBehalfOf principal - A valid principal associated with a token received as ValidateTarget - The principal associated with the request. We don't need to check to see if it is "valid" here, as it is not parsed by the STS (but rather the WS-Security layer). -
handleWSTrustClaims
protected void handleWSTrustClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) -
handleConditions
protected void handleConditions(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) -
handleAudienceRestriction
protected void handleAudienceRestriction(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) Set the audience restriction claim. The Audiences are from an AppliesTo address, and the wst:Participants (if either exist). -
handleActAs
protected void handleActAs(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) -
isUseX500CN
public boolean isUseX500CN() -
setUseX500CN
public void setUseX500CN(boolean useX500CN) -
getFutureTimeToLive
public long getFutureTimeToLive()Get how long (in seconds) a client-supplied Created Element is allowed to be in the future. The default is 60 seconds to avoid common problems relating to clock skew. -
setFutureTimeToLive
public void setFutureTimeToLive(long futureTimeToLive) Set how long (in seconds) a client-supplied Created Element is allowed to be in the future. The default is 60 seconds to avoid common problems relating to clock skew. -
setLifetime
public void setLifetime(long lifetime) Set the default lifetime in seconds for issued JWT tokens- Parameters:
lifetime- default lifetime in seconds
-
getLifetime
public long getLifetime()Get the default lifetime in seconds for issued JWT token where requestor doesn't specify a lifetime element- Returns:
- the lifetime in seconds
-
setMaxLifetime
public void setMaxLifetime(long maxLifetime) Set the maximum lifetime in seconds for issued JWT tokens- Parameters:
maxLifetime- maximum lifetime in seconds
-
getMaxLifetime
public long getMaxLifetime()Get the maximum lifetime in seconds for issued JWT token if requestor specifies lifetime element- Returns:
- the maximum lifetime in seconds
-
isAcceptClientLifetime
public boolean isAcceptClientLifetime()Is client lifetime element accepted Default: false -
setAcceptClientLifetime
public void setAcceptClientLifetime(boolean acceptClientLifetime) Set whether client lifetime is accepted -
isFailLifetimeExceedance
public boolean isFailLifetimeExceedance()If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetime -
setFailLifetimeExceedance
public void setFailLifetimeExceedance(boolean failLifetimeExceedance) If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetime -
getClaimTypeMap
-
setClaimTypeMap
Specify a way to map ClaimType URIs to custom ClaimTypes- Parameters:
claimTypeMap-
-