Package org.springframework.security.oauth2.jwt

Class JwtTimestampValidator

java.lang.Object

org.springframework.security.oauth2.jwt.JwtTimestampValidator

All Implemented Interfaces:

org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>

public final class JwtTimestampValidator
extends java.lang.Object
implements org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>

An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token

Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window

Since:

5.1

See Also:

Jwt, OAuth2TokenValidator, JSON Web Token (JWT)

Constructor Summary

Constructors

Constructor	Description
JwtTimestampValidator()	A basic instance with no custom verification and the default max clock skew
JwtTimestampValidator(java.time.Duration clockSkew)

Method Summary

Modifier and Type	Method	Description
void	setClock(java.time.Clock clock)	Use this Clock with Instant.now() for assessing timestamp validity
org.springframework.security.oauth2.core.OAuth2TokenValidatorResult	validate(Jwt jwt)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JwtTimestampValidator

public JwtTimestampValidator()

A basic instance with no custom verification and the default max clock skew

JwtTimestampValidator

public JwtTimestampValidator(java.time.Duration clockSkew)

Method Detail

validate

public org.springframework.security.oauth2.core.OAuth2TokenValidatorResult validate(Jwt jwt)

Specified by:

validate in interface org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>

setClock

public void setClock(java.time.Clock clock)

Use this Clock with Instant.now() for assessing timestamp validity

Parameters:

clock -