Package uk.co.spudsoft.jwtvalidatorvertx

Interface IssuerAcceptabilityHandler

All Known Implementing Classes:
IssuerAcceptabilityHandlerImpl
public interface IssuerAcceptabilityHandler
Simple interface to encapsulate the handling of issuers. If a JWT is generated by an issue not approved of by the IssuerAcceptabilityHandler then it should be rejected. Acceptability should be controlled by an operator, it is not something that can be generically solved algorithmically. For OpenId, which this library is primarily aimed at, the issuer must be a URL that will be used to download keys that will be used to validate the token.
Author:
yaytay

  • Method Summary

    Modifier and Type
    Method
    Description
    static IssuerAcceptabilityHandler
    create(List<String> acceptableIssuerRegexes, String acceptableIssuersFile, Duration pollPeriod)
    Construct an instance of the implementation class.
    boolean
    isAcceptable(String issuer)
    Confirm that the issuer matches at least one of the configured acceptable issuer regular expressions or is found in the acceptableIssuersFile.
    void
    validate()
    Validate the configuration.

  • Method Details

    • create

      static IssuerAcceptabilityHandler create(List<String> acceptableIssuerRegexes, String acceptableIssuersFile, Duration pollPeriod)
      Construct an instance of the implementation class.
      Parameters:
      acceptableIssuerRegexes - The List of regular expressions (as Strings) that are acceptable.
      acceptableIssuersFile - The path to a file that contains valid issuers, one per line.
      pollPeriod - The time period between file checks (the check just looks at the last modified time, so make this about a minute). It is vital for the security of any system using OpenID Connect Discovery that it is only used with trusted issuers (otherwise any key that has an RFC compliant discovery endpoint will be accepted). Equally the acceptable issuers must be accessed via https for the environment to offer any security.
      Returns:
      a newly created instance of the implementation class.

    • validate

      void validate() throws IllegalArgumentException
      Validate the configuration.
      Throws:
      IllegalArgumentException - if the configuration is not usable, or is not configured with usable values.

    • isAcceptable

      boolean isAcceptable(String issuer)
      Confirm that the issuer matches at least one of the configured acceptable issuer regular expressions or is found in the acceptableIssuersFile.
      Parameters:
      issuer - the issuer to confirm.
      Returns:
      true if the issuer is acceptable.