All Known Implementing Classes:: AbstractTokenBuilder, JdkTokenBuilder

public interface TokenBuilder

Builder for creating simple JWTs.

This is not the most flexible JWT creator, but it many cases it is adequate.

Originally written for test purposes there are some circumstances in which it can be used for providing a simple JWT/JWKS setup.

Author:: jtalbut

Method Summary

Modifier and Type

Method

Description

String

buildToken(JsonWebAlgorithm jwa, String kid, String iss, String sub, List<String> aud, Long nbf, Long exp, Map<String,Object> otherClaims)

Construct a JWT.

TokenBuilder

setHeaderNotJson(boolean headerNotJson)

If set the header will not be valid base 64.

TokenBuilder

setHeaderNotValidBase64(boolean headerNotValidBase64)

If set the header will not be valid base 64.

TokenBuilder

setKidInvalid(boolean kidInvalid)

If set the kid in the token will be set to 'INVALID'.

TokenBuilder

setPayloadNotJson(boolean payloadNotJson)

If set the payload will not be valid base 64.

TokenBuilder

setPayloadNotValidBase64(boolean payloadNotValidBase64)

If set the payload will not be valid base 64.

TokenBuilder

setSignatureNotValidBase64(boolean signatureNotValidBase64)

If set the signature will not be valid base 64.

TokenBuilder

setSignatureNotValidHash(boolean signatureNotValidHash)

If set the signature will not be a valid hash of the contents.

Method Details
- buildToken
  
  String buildToken(JsonWebAlgorithm jwa, String kid, String iss, String sub, List<String> aud, Long nbf, Long exp, Map<String,Object> otherClaims) throws Exception
  
  Construct a JWT. If any of the testing methods are set the resulting token will be invalid.
  
  Parameters:
  
  jwa - The algorithm to use to create the key if the key does not already exist in the cache. If the key is already in ths cache then the jwa is only used to set the "alg" header claim. If it permitted to use the JsonWebAlgorithm.none algorithm to generate the token, but this should only be done for testing and all validators will reject it.
  
  kid - The ID of the key to use to sign the token, may be null if (and only if) the jwa is JsonWebAlgorithm.none.
  
  iss - The issuer to put in the payload claims.
  
  sub - The subject to put in the payload claims.
  
  aud - The audience to put in the payload claims.v
  
  nbf - The not-before to put in the payload claims.
  
  exp - The expiry to put in the payload claims.
  
  otherClaims - Other claims to put in the payload.
  
  Returns:
  
  A fully constructed and signed JWS (that may be broken in various ways if other settings are set).
  
  Throws:
  
  Exception - If the security subsystem is unable to carry out required operations.
- setHeaderNotValidBase64
  
  TokenBuilder setHeaderNotValidBase64(boolean headerNotValidBase64)
  
  If set the header will not be valid base 64.
  
  Parameters:
  
  headerNotValidBase64 - If true the header will not be valid base 64 (it will have one character removed from the end).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setPayloadNotValidBase64
  
  TokenBuilder setPayloadNotValidBase64(boolean payloadNotValidBase64)
  
  If set the payload will not be valid base 64.
  
  Parameters:
  
  payloadNotValidBase64 - If true the payload will not be valid base 64 (it will have one character removed from the end).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setSignatureNotValidBase64
  
  TokenBuilder setSignatureNotValidBase64(boolean signatureNotValidBase64)
  
  If set the signature will not be valid base 64.
  
  Parameters:
  
  signatureNotValidBase64 - If true the signature will not be valid base 64 (it will have one character removed from the end).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setHeaderNotJson
  
  TokenBuilder setHeaderNotJson(boolean headerNotJson)
  
  If set the header will not be valid base 64.
  
  Parameters:
  
  headerNotJson - If true the header will not be valid JSON (strings will have quotes stripped from them).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setPayloadNotJson
  
  TokenBuilder setPayloadNotJson(boolean payloadNotJson)
  
  If set the payload will not be valid base 64.
  
  Parameters:
  
  payloadNotJson - If true the payload will not be valid JSON (strings will have quotes stripped from them).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setSignatureNotValidHash
  
  TokenBuilder setSignatureNotValidHash(boolean signatureNotValidHash)
  
  If set the signature will not be a valid hash of the contents.
  
  Parameters:
  
  signatureNotValidHash - If true signature will not be a valid hash of the contents (the final byte will be stripped).
  
  Returns:
  
  this, so that the method may be used in a fluent manner.
- setKidInvalid
  
  TokenBuilder setKidInvalid(boolean kidInvalid)
  
  If set the kid in the token will be set to 'INVALID'.
  
  Parameters:
  
  kidInvalid - If true the kid in the token will be set to 'INVALID'.
  
  Returns:
  
  this, so that the method may be used in a fluent manner.

Interface TokenBuilder

Method Summary

Method Details

buildToken

setHeaderNotValidBase64

setPayloadNotValidBase64

setSignatureNotValidBase64

setHeaderNotJson

setPayloadNotJson

setSignatureNotValidHash

setKidInvalid