io.jsonwebtoken.impl

Class DefaultJwtParser

java.lang.Object

io.jsonwebtoken.impl.DefaultJwtParser

All Implemented Interfaces:

JwtParser

public class DefaultJwtParser
extends Object
implements JwtParser

Field Summary

Fields inherited from interface io.jsonwebtoken.JwtParser

SEPARATOR_CHAR

Constructor Summary

Constructors

Constructor and Description
DefaultJwtParser()

Method Summary

Modifier and Type	Method and Description
boolean	isSigned(String jwt) Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.
Jwt	parse(String jwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.
<T> T	parse(String compact, JwtHandler<T> handler) Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.
Jws<Claims>	parseClaimsJws(String claimsJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.
Jwt<Header,Claims>	parseClaimsJwt(String claimsJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
Jws<String>	parsePlaintextJws(String plaintextJws) Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.
Jwt<Header,String>	parsePlaintextJwt(String plaintextJwt) Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.
protected Map<String,Object>	readValue(String val)
JwtParser	setSigningKey(byte[] key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(Key key) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKey(String base64EncodedKeyBytes) Sets the signing key used to verify any discovered JWS digital signature.
JwtParser	setSigningKeyResolver(SigningKeyResolver signingKeyResolver) Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultJwtParser

public DefaultJwtParser()

Method Detail

setSigningKey

public JwtParser setSigningKey(byte[] key)

Description copied from interface: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

Specified by:

setSigningKey in interface JwtParser

Parameters:

key - the algorithm-specific signature verification key used to validate any discovered JWS digital signature.

Returns:

the parser for method chaining.

setSigningKey

public JwtParser setSigningKey(String base64EncodedKeyBytes)

Description copied from interface: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting byte array is used to invoke JwtParser.setSigningKey(byte[]).

Specified by:

setSigningKey in interface JwtParser

Parameters:

base64EncodedKeyBytes - the BASE64-encoded algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

Returns:

the parser for method chaining.

setSigningKey

public JwtParser setSigningKey(Key key)

Description copied from interface: JwtParser

Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.

Note that this key MUST be a valid key for the signature algorithm found in the JWT header (as the alg header parameter).

This method overwrites any previously set key.

This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting byte array is used to invoke JwtParser.setSigningKey(byte[]).

Specified by:

setSigningKey in interface JwtParser

Parameters:

key - the algorithm-specific signature verification key to use to validate any discovered JWS digital signature.

Returns:

the parser for method chaining.

setSigningKeyResolver

public JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver)

Description copied from interface: JwtParser

Sets the SigningKeyResolver used to acquire the signing key that should be used to verify a JWS's signature. If the parsed String is not a JWS (no signature), this resolver is not used.

Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing the JWT and the JWT header or payload (plaintext body or Claims) must be inspected first to determine how to look up the signing key. Once returned by the resolver, the JwtParser will then verify the JWS signature with the returned key. For example:

 Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
         @Override
         public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
             //inspect the header or claims, lookup and return the signing key
             return getSigningKey(header, claims); //implement me
         }})
     .parseClaimsJws(compact);
 

A SigningKeyResolver is invoked once during parsing before the signature is verified.

This method should only be used if a signing key is not provided by the other setSigningKey* builder methods.

Specified by:

setSigningKeyResolver in interface JwtParser

Parameters:

signingKeyResolver - the signing key resolver used to retrieve the signing key.

Returns:

the parser for method chaining.

isSigned

public boolean isSigned(String jwt)

Description copied from interface: JwtParser

Returns true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

Note that if you are reasonably sure that the token is signed, it is more efficient to attempt to parse the token (and catching exceptions if necessary) instead of calling this method first before parsing.

Specified by:

isSigned in interface JwtParser

Parameters:

jwt - the compact serialized JWT to check

Returns:

true if the specified JWT compact string represents a signed JWT (aka a 'JWS'), false otherwise.

parse

public Jwt parse(String jwt)
          throws ExpiredJwtException,
                 MalformedJwtException,
                 SignatureException

Description copied from interface: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting JWT or JWS instance.

This method returns a JWT or JWS based on the parsed string. Because it may be cumbersome to determine if it is a JWT or JWS, or if the body/payload is a Claims or String with instanceof checks, the parse(String,JwtHandler) method allows for a type-safe callback approach that may help reduce code or instanceof checks.

Specified by:

parse in interface JwtParser

Parameters:

jwt - the compact serialized JWT to parse

Returns:

the specified compact serialized JWT string based on the builder's current configuration state.

Throws:

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

See Also:

JwtParser.parse(String, JwtHandler), JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String)

parse

public <T> T parse(String compact,
                   JwtHandler<T> handler)
            throws ExpiredJwtException,
                   MalformedJwtException,
                   SignatureException

Description copied from interface: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and invokes the specified handler with the resulting JWT or JWS instance.

If you are confident of the format of the JWT before parsing, you can create an anonymous subclass using the JwtHandlerAdapter and override only the methods you know are relevant for your use case(s), for example:

 String compactJwt = request.getParameter("jwt"); //we are confident this is a signed JWS

 String subject = Jwts.parser().setSigningKey(key).parse(compactJwt, new JwtHandlerAdapter<String>() {
     @Override
     public String onClaimsJws(Jws<Claims> jws) {
         return jws.getBody().getSubject();
     }
 });
 

If you know the JWT string can be only one type of JWT, then it is even easier to invoke one of the following convenience methods instead of this one:

• JwtParser.parsePlaintextJwt(String)
• JwtParser.parseClaimsJwt(String)
• JwtParser.parsePlaintextJws(String)
• JwtParser.parseClaimsJws(String)

Specified by:

parse in interface JwtParser

Parameters:

compact - the compact serialized JWT to parse

Returns:

the result returned by the JwtHandler

Throws:

ExpiredJwtException - if the specified JWT is a Claims JWT and the Claims has an expiration time before the time this method is invoked.

MalformedJwtException - if the specified JWT was incorrectly constructed (and therefore invalid). Invalid JWTs should not be trusted and should be discarded.

SignatureException - if a JWS signature was discovered, but could not be verified. JWTs that fail signature validation should not be trusted and should be discarded.

See Also:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String)

parsePlaintextJwt

public Jwt<Header,String> parsePlaintextJwt(String plaintextJwt)

Description copied from interface: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned plaintext JWT. An unsigned plaintext JWT has a String (non-JSON) body payload and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned plaintext JWT with non-JSON string body, an UnsupportedJwtException will be thrown.

Specified by:

parsePlaintextJwt in interface JwtParser

Parameters:

plaintextJwt - a compact serialized unsigned plaintext JWT string.

Returns:

the Jwt instance that reflects the specified compact JWT string.

See Also:

JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parseClaimsJwt

public Jwt<Header,Claims> parseClaimsJwt(String claimsJwt)

Description copied from interface: JwtParser

Parses the specified compact serialized JWT string based on the builder's current configuration state and returns the resulting unsigned plaintext JWT instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects an unsigned Claims JWT. An unsigned Claims JWT has a Claims body and it is not cryptographically signed.

If the compact string presented does not reflect an unsigned Claims JWT, an UnsupportedJwtException will be thrown.

Specified by:

parseClaimsJwt in interface JwtParser

Parameters:

claimsJwt - a compact serialized unsigned Claims JWT string.

Returns:

the Jwt instance that reflects the specified compact JWT string.

See Also:

JwtParser.parsePlaintextJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parsePlaintextJws

public Jws<String> parsePlaintextJws(String plaintextJws)

Description copied from interface: JwtParser

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting plaintext JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a plaintext JWS. A plaintext JWS is a JWT with a String (non-JSON) body (payload) that has been cryptographically signed.

If the compact string presented does not reflect a plaintext JWS, an UnsupportedJwtException will be thrown.

Specified by:

parsePlaintextJws in interface JwtParser

Parameters:

plaintextJws - a compact serialized JWS string.

Returns:

the Jws instance that reflects the specified compact JWS string.

See Also:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parseClaimsJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

parseClaimsJws

public Jws<Claims> parseClaimsJws(String claimsJws)

Description copied from interface: JwtParser

Parses the specified compact serialized JWS string based on the builder's current configuration state and returns the resulting Claims JWS instance.

This is a convenience method that is usable if you are confident that the compact string argument reflects a Claims JWS. A Claims JWS is a JWT with a Claims body that has been cryptographically signed.

If the compact string presented does not reflect a Claims JWS, an UnsupportedJwtException will be thrown.

Specified by:

parseClaimsJws in interface JwtParser

Parameters:

claimsJws - a compact serialized Claims JWS string.

Returns:

the Jws instance that reflects the specified compact Claims JWS string.

See Also:

JwtParser.parsePlaintextJwt(String), JwtParser.parseClaimsJwt(String), JwtParser.parsePlaintextJws(String), JwtParser.parse(String, JwtHandler), JwtParser.parse(String)

readValue

protected Map<String,Object> readValue(String val)