| Modifier and Type | Method and Description |
|---|---|
JwtParserBuilder |
b64Url(Decoder<InputStream,InputStream> base64UrlDecoder)
Perform Base64Url decoding during parsing with the specified
InputStream Decoder. |
JwtParserBuilder |
base64UrlDecodeWith(Decoder<CharSequence,byte[]> base64UrlDecoder)
Deprecated.
since 0.12.0 in favor of
b64Url(Decoder). This method will be removed
before the JJWT 1.0 release. |
JwtParser |
build()
Returns an immutable/thread-safe
JwtParser created from the configuration from this JwtParserBuilder. |
JwtParserBuilder |
clock(Clock clock)
Sets the
Clock that determines the timestamp to use when validating the parsed JWT. |
JwtParserBuilder |
clockSkewSeconds(long seconds)
Sets the amount of clock skew in seconds to tolerate when verifying the local time against the
exp
and nbf claims. |
NestedCollection<String,JwtParserBuilder> |
critical()
Configures the
ProtectedHeader parameter names used in JWT extensions supported by the application. |
JwtParserBuilder |
decryptWith(PrivateKey key)
Sets the decryption PrivateKey used to decrypt all encountered JWEs.
|
JwtParserBuilder |
decryptWith(SecretKey key)
Sets the decryption SecretKey used to decrypt all encountered JWEs.
|
JwtParserBuilder |
deserializeJsonWith(Deserializer<Map<String,?>> deserializer)
Deprecated.
since 0.12.0 in favor of
json(Deserializer).
This method will be removed before the JJWT 1.0 release. |
NestedCollection<AeadAlgorithm,JwtParserBuilder> |
enc()
Configures the parser's supported
AeadAlgorithms used to decrypt JWE payloads. |
JwtParserBuilder |
json(Deserializer<Map<String,?>> deserializer)
Uses the specified JSON
Deserializer to deserialize JSON (UTF-8 byte streams) into Java Map objects. |
NestedCollection<KeyAlgorithm<?,?>,JwtParserBuilder> |
key()
Configures the parser's supported
KeyAlgorithms used to obtain a JWE's decryption key. |
JwtParserBuilder |
keyLocator(Locator<Key> keyLocator)
Sets the
Locator used to acquire any signature verification or decryption key needed during parsing. |
JwtParserBuilder |
provider(Provider provider)
Sets the JCA Provider to use during cryptographic signature and key decryption operations, or
null if the
JCA subsystem preferred provider should be used. |
JwtParserBuilder |
require(String claimName,
Object value)
Ensures that the specified
claimName exists in the parsed JWT. |
JwtParserBuilder |
requireAudience(String audience)
Ensures that the specified
aud exists in the parsed JWT. |
JwtParserBuilder |
requireExpiration(Date expiration)
Ensures that the specified
exp exists in the parsed JWT. |
JwtParserBuilder |
requireId(String id)
Ensures that the specified
jti exists in the parsed JWT. |
JwtParserBuilder |
requireIssuedAt(Date issuedAt)
Ensures that the specified
iat exists in the parsed JWT. |
JwtParserBuilder |
requireIssuer(String issuer)
Ensures that the specified
iss exists in the parsed JWT. |
JwtParserBuilder |
requireNotBefore(Date notBefore)
Ensures that the specified
nbf exists in the parsed JWT. |
JwtParserBuilder |
requireSubject(String subject)
Ensures that the specified
sub exists in the parsed JWT. |
JwtParserBuilder |
setAllowedClockSkewSeconds(long seconds)
Deprecated.
since 0.12.0 in favor of the shorter and more modern builder-style named
clockSkewSeconds(long). This method will be removed before the JJWT 1.0 release. |
JwtParserBuilder |
setClock(Clock clock)
Deprecated.
since 0.12.0 for the more modern builder-style named
clock(Clock) method.
This method will be removed before the JJWT 1.0 release. |
JwtParserBuilder |
setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver)
Deprecated.
since 0.12.0 in favor of
zip(). This method will be removed before the
1.0 release. |
JwtParserBuilder |
setSigningKey(byte[] key)
Deprecated.
since 0.12.0 in favor of
verifyWith(SecretKey) for type safety and name
congruence with the decryptWith(SecretKey) method. |
JwtParserBuilder |
setSigningKey(Key key)
Deprecated.
since 0.12.0 in favor of
verifyWith(SecretKey) for naming congruence with the
decryptWith(SecretKey) method. |
JwtParserBuilder |
setSigningKey(String base64EncodedSecretKey)
Deprecated.
in favor of
verifyWith(SecretKey) as explained in the above Deprecation Notice,
and will be removed in 1.0.0. |
JwtParserBuilder |
setSigningKeyResolver(SigningKeyResolver signingKeyResolver)
Deprecated.
since 0.12.0 in favor of
keyLocator(Locator) |
NestedCollection<SecureDigestAlgorithm<?,?>,JwtParserBuilder> |
sig()
Configures the parser's supported
SignatureAlgorithm and
MacAlgorithms used to verify JWS signatures. |
JwtParserBuilder |
unsecured()
Enables parsing of Unsecured JWTs (JWTs with an 'alg' (Algorithm) header value of
'none' or missing the 'alg' header entirely).
|
JwtParserBuilder |
unsecuredDecompression()
If the parser is
unsecured(), calling this method additionally enables
payload decompression of Unsecured JWTs (JWTs with an 'alg' (Algorithm) header value of 'none') that also have
a 'zip' (Compression) header. |
JwtParserBuilder |
verifyWith(PublicKey key)
Sets the signature verification PublicKey used to verify all encountered JWS signatures.
|
JwtParserBuilder |
verifyWith(SecretKey key)
Sets the signature verification SecretKey used to verify all encountered JWS signatures.
|
NestedCollection<CompressionAlgorithm,JwtParserBuilder> |
zip()
Configures the parser's supported
CompressionAlgorithms used to decompress JWT payloads. |
JwtParserBuilder unsecured()
If this method is not called, Unsecured JWTs are disabled by default as mandated by RFC 7518, Section 3.6.
Jwts.SIG.NONE,
unsecuredDecompression()JwtParserBuilder unsecuredDecompression()
unsecured(), calling this method additionally enables
payload decompression of Unsecured JWTs (JWTs with an 'alg' (Algorithm) header value of 'none') that also have
a 'zip' (Compression) header. This behavior is disabled by default because using compression
algorithms with data from unverified (unauthenticated) parties can be susceptible to Denial of Service attacks
and other data integrity problems as described in
In the
Compression Hornet’s Nest: A Security Study of Data Compression in Network Services.
Because this behavior is only relevant if the parser is unsecured,
calling this method without also calling unsecured() will result in a build exception, as the
incongruent state could reflect a misunderstanding of both behaviors which should be remedied by the
application developer.
unsecured(), be careful when calling this method - one should fully
understand
Unsecured JWS Security Considerations
before enabling this feature.Jwts.SIG.NONE,
unsecured()NestedCollection<String,JwtParserBuilder> critical()
ProtectedHeader parameter names used in JWT extensions supported by the application. If
the parser encounters a Protected JWT that requires extensions, and
those extensions' header names are not specified via this method, the parser will reject that JWT.
Extension Behavior
The critical collection only identifies header parameter names that are used in extensions supported
by the application. Application developers, not JJWT, MUST perform the associated extension behavior
using the parsed JWT.
NestedCollection to use for crit configuration.ProtectedHeader.getCritical()JwtParserBuilder provider(Provider provider)
null if the
JCA subsystem preferred provider should be used.provider - the JCA Provider to use during cryptographic signature and decryption operations, or null
if the JCA subsystem preferred provider should be used.JwtParserBuilder requireId(String id)
jti exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.id - the required value of the jti header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireSubject(String subject)
sub exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.subject - the required value of the sub header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireAudience(String audience)
aud exists in the parsed JWT. If missing or if the parsed
value does not contain the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.audience - the required value of the aud header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireIssuer(String issuer)
iss exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.issuer - the required value of the iss header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireIssuedAt(Date issuedAt)
iat exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.issuedAt - the required value of the iat header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireExpiration(Date expiration)
exp exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.expiration - the required value of the exp header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder requireNotBefore(Date notBefore)
nbf exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.notBefore - the required value of the npf header parameter.MissingClaimException,
IncorrectClaimExceptionJwtParserBuilder require(String claimName, Object value)
claimName exists in the parsed JWT. If missing or if the parsed
value does not equal the specified value, an exception will be thrown indicating that the
JWT is invalid and may not be used.claimName - the name of a claim that must existvalue - the required value of the specified claimNameMissingClaimException,
IncorrectClaimException@Deprecated JwtParserBuilder setClock(Clock clock)
clock(Clock) method.
This method will be removed before the JJWT 1.0 release.Clock that determines the timestamp to use when validating the parsed JWT.
The parser uses a default Clock implementation that simply returns new Date() when called.clock - a Clock object to return the timestamp to use when validating the parsed JWT.JwtParserBuilder clock(Clock clock)
Clock that determines the timestamp to use when validating the parsed JWT.
The parser uses a default Clock implementation that simply returns new Date() when called.clock - a Clock object to return the timestamp to use when validating the parsed JWT.@Deprecated JwtParserBuilder setAllowedClockSkewSeconds(long seconds) throws IllegalArgumentException
clockSkewSeconds(long). This method will be removed before the JJWT 1.0 release.exp
and nbf claims.seconds - the number of seconds to tolerate for clock skew when verifying exp or nbf claims.IllegalArgumentException - if seconds is a value greater than Long.MAX_VALUE / 1000 as
any such value would cause numeric overflow when multiplying by 1000 to obtain
a millisecond value.JwtParserBuilder clockSkewSeconds(long seconds) throws IllegalArgumentException
exp
and nbf claims.seconds - the number of seconds to tolerate for clock skew when verifying exp or nbf claims.IllegalArgumentException - if seconds is a value greater than Long.MAX_VALUE / 1000 as
any such value would cause numeric overflow when multiplying by 1000 to obtain
a millisecond value.@Deprecated JwtParserBuilder setSigningKey(byte[] key)
verifyWith(SecretKey) for type safety and name
congruence with the decryptWith(SecretKey) method.Deprecation Notice
This method has been deprecated since 0.12.0 and will be removed before 1.0. It was not
readily obvious to many JJWT users that this method was for bytes that pertained only to HMAC
SecretKeys, and could be confused with keys of other types. It is better to obtain a type-safe
SecretKey instance and call verifyWith(SecretKey) instead.
Previous Documentation
Sets the signing key used to verify any discovered JWS digital signature. If the specified JWT string is not a JWS (no signature), this key is not used.
Note that this key MUST be a valid key for the signature algorithm found in the JWT header
(as the alg header parameter).
This method overwrites any previously set key.
key - the algorithm-specific signature verification key used to validate any discovered JWS digital
signature.@Deprecated JwtParserBuilder setSigningKey(String base64EncodedSecretKey)
verifyWith(SecretKey) as explained in the above Deprecation Notice,
and will be removed in 1.0.0.Deprecation Notice: Deprecated as of 0.10.0, will be removed in 1.0.0
This method has been deprecated because the key argument for this method can be confusing: keys for
cryptographic operations are always binary (byte arrays), and many people were confused as to how bytes were
obtained from the String argument.
This method always expected a String argument that was effectively the same as the result of the following (pseudocode):
String base64EncodedSecretKey = base64Encode(secretKeyBytes);
However, a non-trivial number of JJWT users were confused by the method signature and attempted to
use raw password strings as the key argument - for example setSigningKey(myPassword) - which is
almost always incorrect for cryptographic hashes and can produce erroneous or insecure results.
See this StackOverflow answer explaining why raw (non-base64-encoded) strings are almost always incorrect for signature operations.
Finally, please use the verifyWith(SecretKey) method instead, as this method (and likely
setSigningKey(byte[])) will be removed before the 1.0.0 release.
Previous JavaDoc
This is a convenience method that equates to the following:
byte[] bytes = Decoders.BASE64.decode(base64EncodedSecretKey); Key key = Keys.hmacShaKeyFor(bytes); returnverifyWith(key);
base64EncodedSecretKey - BASE64-encoded HMAC-SHA key bytes used to create a Key which will be used to
verify all encountered JWS digital signatures.@Deprecated JwtParserBuilder setSigningKey(Key key)
verifyWith(SecretKey) for naming congruence with the
decryptWith(SecretKey) method.Deprecation Notice
This method is being renamed to accurately reflect its purpose - the key is not technically a signing key,
it is a signature verification key, and the two concepts can be different, especially with asymmetric key
cryptography. The method has been deprecated since 0.12.0 in favor of
verifyWith(SecretKey) for type safety, to reflect accurate naming of the concept, and for name
congruence with the decryptWith(SecretKey) method.
This method merely delegates directly to verifyWith(SecretKey) or verifyWith(PublicKey)}.
key - the algorithm-specific signature verification key to use to verify all encountered JWS digital
signatures.JwtParserBuilder verifyWith(SecretKey key)
This is a convenience method to use in a specific scenario: when the parser will only ever encounter
JWSs with signatures that can always be verified by a single SecretKey. This also implies that this key
MUST be a valid key for the signature algorithm (alg header) used for the JWS.
If there is any chance that the parser will also encounter JWEs, or JWSs that need different signature
verification keys based on the JWS being parsed, it is strongly recommended to configure your own
keyLocator instead of calling this method.
Calling this method overrides any previously set signature verification key.
key - the signature verification key to use to verify all encountered JWS digital signatures.verifyWith(PublicKey)JwtParserBuilder verifyWith(PublicKey key)
This is a convenience method to use in a specific scenario: when the parser will only ever encounter
JWSs with signatures that can always be verified by a single PublicKey. This also implies that this key
MUST be a valid key for the signature algorithm (alg header) used for the JWS.
If there is any chance that the parser will also encounter JWEs, or JWSs that need different signature
verification keys based on the JWS being parsed, it is strongly recommended to configure your own
keyLocator instead of calling this method.
Calling this method overrides any previously set signature verification key.
key - the signature verification key to use to verify all encountered JWS digital signatures.verifyWith(SecretKey)JwtParserBuilder decryptWith(SecretKey key)
This is a convenience method to use in specific circumstances: when the parser will only ever encounter
JWEs that can always be decrypted by a single SecretKey. This also implies that this key MUST be a valid
key for both the key management algorithm (alg header) and the content encryption algorithm
(enc header) used for the JWE.
If there is any chance that the parser will also encounter JWSs, or JWEs that need different decryption
keys based on the JWE being parsed, it is strongly recommended to configure your own
keyLocator instead of calling this method.
Calling this method overrides any previously set decryption key.
key - the algorithm-specific decryption key to use to decrypt all encountered JWEs.decryptWith(PrivateKey)JwtParserBuilder decryptWith(PrivateKey key)
This is a convenience method to use in specific circumstances: when the parser will only ever encounter JWEs
that can always be decrypted by a single PrivateKey. This also implies that this key MUST be a valid
key for the JWE's key management algorithm (alg header).
If there is any chance that the parser will also encounter JWSs, or JWEs that need different decryption
keys based on the JWE being parsed, it is strongly recommended to configure your own
keyLocator instead of calling this method.
Calling this method overrides any previously set decryption key.
key - the algorithm-specific decryption key to use to decrypt all encountered JWEs.decryptWith(SecretKey)JwtParserBuilder keyLocator(Locator<Key> keyLocator)
Locator used to acquire any signature verification or decryption key needed during parsing.
Locator will be called to find the appropriate key
necessary to verify the JWS signature.A key Locator is necessary when the signature verification or decryption key is not
already known before parsing the JWT and the JWT header must be inspected first to determine how to
look up the verification or decryption key. Once returned by the locator, the JwtParser will then either
verify the JWS signature or decrypt the JWE payload with the returned key. For example:
Jws<Claims> jws = Jwts.parser().keyLocator(new Locator<Key>() {
@Override
public Key locate(Header<?> header) {
if (header instanceof JwsHeader) {
return getSignatureVerificationKey((JwsHeader)header); // implement me
} else {
return getDecryptionKey((JweHeader)header); // implement me
}
}})
.build()
.parseSignedClaims(compact);
A Key Locator is invoked once during parsing before performing decryption or signature verification.
Provider-constrained Keys
If any verification or decryption key returned from a Key Locator must be used with a specific
security Provider (such as for PKCS11 or Hardware Security Module (HSM) keys), you must make that
Provider available for JWT parsing in one of 3 ways, listed in order of recommendation and simplicity:
java.security file or by
registering the Provider dynamically via
Security.addProvider(Provider). This is the
recommended approach so you do not need to modify code anywhere that may need to parse JWTs.Provider as the JwtParser default via provider(Provider). This will
ensure the provider is used by default with all located keys unless overridden by a
key-specific Provider. This is only recommended when you are confident that all JWTs encountered by the
parser instance will use keys attributed to the same Provider, unless overridden by a specific
key.Provider with a specific key so it is used for that key only. This option
is useful if some located keys require a specific provider, while other located keys can assume a
default provider.If you need to use option #3, you associate a key for the JwtParser's needs by using a
key builder before returning the key as the Locator return value. For example:
public Key locate(Header<?> header) {
PrivateKey key = findKey(header); // or SecretKey
Provider keySpecificProvider = getKeyProvider(key); // implement me
// associate the key with its required provider:
return Keys.builder(key).provider(keySpecificProvider).build();
}keyLocator - the locator used to retrieve decryption or signature verification keys.@Deprecated JwtParserBuilder setSigningKeyResolver(SigningKeyResolver signingKeyResolver)
keyLocator(Locator)Deprecation Notice
This method has been deprecated as of JJWT version 0.12.0 because it only supports key location
for JWSs (signed JWTs) instead of both signed (JWS) and encrypted (JWE) scenarios. Use the
keyLocator method instead to ensure a locator that can work for both JWS and
JWE inputs. This method will be removed for the 1.0 release.
Previous Documentation
Sets the SigningKeyResolver used to acquire the signing key that should be used to verify
a JWS's signature. If the parsed String is not a JWS (no signature), this resolver is not used.
Specifying a SigningKeyResolver is necessary when the signing key is not already known before parsing
the JWT and the JWT header or payload (content byte array or Claims) must be inspected first to determine how to
look up the signing key. Once returned by the resolver, the JwtParser will then verify the JWS signature with the
returned key. For example:
Jws<Claims> jws = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
//inspect the header or claims, lookup and return the signing key
return getSigningKey(header, claims); //implement me
}})
.build().parseSignedClaims(compact);
A SigningKeyResolver is invoked once during parsing before the signature is verified.
signingKeyResolver - the signing key resolver used to retrieve the signing key.NestedCollection<AeadAlgorithm,JwtParserBuilder> enc()
AeadAlgorithms used to decrypt JWE payloads. If the parser
encounters a JWE enc header value that equals an
AEAD algorithm's id, that algorithm will be used to decrypt the JWT
payload.
The collection's and() method returns to the builder for continued parser
configuration, for example:
parserBuilder.enc().add(anAeadAlgorithm).and()// etc...
Standard Algorithms and Overrides
All JWA-standard AEAD encryption algorithms in the Jwts.ENC registry are supported by default and
do not need to be added. The collection may be useful however for removing some algorithms (for example,
any algorithms not used by the application, or those not compatible with application security requirements),
or for adding custom implementations.
Custom Implementations
There may be only one registered AeadAlgorithm per algorithm id, and any algorithm
instances that are added to this collection with a
duplicate ID will evict any existing or previously-added algorithm with the same id. But beware:
Any algorithm instance added to this collection with a JWA-standard id will
replace (override) the JJWT standard algorithm implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations if necessary (for example, to support legacy or custom behavior).
NestedCollection to use to configure the AEAD encryption algorithms available when parsing.JwtBuilder.encryptWith(Key, KeyAlgorithm, AeadAlgorithm),
Jwts.ENC,
"enc" (Encryption Algorithm) Header Parameter,
Encryption Algorithm Name (id) requirementsNestedCollection<KeyAlgorithm<?,?>,JwtParserBuilder> key()
KeyAlgorithms used to obtain a JWE's decryption key. If the
parser encounters a JWE Header.getAlgorithm() alg} header value that equals a KeyAlgorithm's
id, that key algorithm will be used to obtain the JWE's decryption key.
The collection's and() method returns to the builder for continued parser
configuration, for example:
parserBuilder.key().add(aKeyAlgorithm).and()// etc...
Standard Algorithms and Overrides
All JWA-standard key encryption algorithms in the Jwts.KEY registry are supported by default and
do not need to be added. The collection may be useful however for removing some algorithms (for example,
any algorithms not used by the application, or those not compatible with application security requirements),
or for adding custom implementations.
Custom Implementations
There may be only one registered KeyAlgorithm per algorithm id, and any algorithm
instances that are added to this collection with a
duplicate ID will evict any existing or previously-added algorithm with the same id. But beware:
Any algorithm instance added to this collection with a JWA-standard id will
replace (override) the JJWT standard algorithm implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations if necessary (for example, to support legacy or custom behavior).
NestedCollection to use to configure the key algorithms available when parsing.JwtBuilder.encryptWith(Key, KeyAlgorithm, AeadAlgorithm),
Jwts.KEY,
JWE "alg" (Algorithm) Header Parameter,
Key Algorithm Name (id) requirementsNestedCollection<SecureDigestAlgorithm<?,?>,JwtParserBuilder> sig()
SignatureAlgorithm and
MacAlgorithms used to verify JWS signatures. If the parser
encounters a JWS alg header value that equals a signature or MAC
algorithm's id, that algorithm will be used to verify the JWS signature.
The collection's and() method returns to the builder for continued parser
configuration, for example:
parserBuilder.sig().add(aSignatureAlgorithm).and()// etc...
Standard Algorithms and Overrides
All JWA-standard signature and MAC algorithms in the Jwts.SIG registry are supported by default and
do not need to be added. The collection may be useful however for removing some algorithms (for example,
any algorithms not used by the application, or those not compatible with application security requirements), or
for adding custom implementations.
Custom Implementations
There may be only one registered SecureDigestAlgorithm per algorithm id, and any algorithm
instances that are added to this collection with a
duplicate ID will evict any existing or previously-added algorithm with the same id. But beware:
Any algorithm instance added to this collection with a JWA-standard id will
replace (override) the JJWT standard algorithm implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations if necessary (for example, to support legacy or custom behavior).
NestedCollection to use to configure the signature and MAC algorithms available when parsing.JwtBuilder.signWith(Key, SecureDigestAlgorithm),
Jwts.SIG,
JWS "alg" (Algorithm) Header Parameter,
Algorithm Name (id) requirementsNestedCollection<CompressionAlgorithm,JwtParserBuilder> zip()
CompressionAlgorithms used to decompress JWT payloads. If the parser
encounters a JWT zip header value that equals a
compression algorithm's id, that algorithm will be used to decompress the JWT
payload.
The collection's and() method returns to the builder for continued parser
configuration, for example:
parserBuilder.zip().add(aCompressionAlgorithm).and()// etc...
Standard Algorithms and Overrides
All JWA-standard compression algorithms in the Jwts.ZIP registry are supported by default and
do not need to be added. The collection may be useful however for removing some algorithms (for example,
any algorithms not used by the application), or for adding custom implementations.
Custom Implementations
There may be only one registered CompressionAlgorithm per algorithm id, and any algorithm
instances that are added to this collection with a
duplicate ID will evict any existing or previously-added algorithm with the same id. But beware:
Any algorithm instance added to this collection with a JWA-standard id will
replace (override) the JJWT standard algorithm implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations if necessary (for example, to support legacy or custom behavior).
NestedCollection to use to configure the compression algorithms available when parsing.JwtBuilder.compressWith(CompressionAlgorithm),
Jwts.ZIP,
"zip" (Compression Algorithm) Header Parameter,
Compression Algorithm Name (id) requirements@Deprecated JwtParserBuilder setCompressionCodecResolver(CompressionCodecResolver compressionCodecResolver)
zip(). This method will be removed before the
1.0 release.Deprecated as of JJWT 0.12.0. This method will be removed before the 1.0 release.
This method has been deprecated as of JJWT version 0.12.0 because it imposed unnecessary
implementation requirements on application developers when simply adding to a compression algorithm collection
would suffice. Use the zip() method instead to add
any custom algorithm implementations without needing to also implement a Locator implementation.
Previous Documentation
Sets the CompressionCodecResolver used to acquire the CompressionCodec that should be used to
decompress the JWT body. If the parsed JWT is not compressed, this resolver is not used.
WARNING: Compression is not defined by the JWS Specification - only the JWE Specification - and it is not expected that other libraries (including JJWT versions < 0.6.0) are able to consume a compressed JWS body correctly.
Default Support
JJWT's default JwtParser implementation supports both the DEF
and GZIP algorithms by default - you do not need to
specify a CompressionCodecResolver in these cases.
compressionCodecResolver - the compression codec resolver used to decompress the JWT body.@Deprecated JwtParserBuilder base64UrlDecodeWith(Decoder<CharSequence,byte[]> base64UrlDecoder)
b64Url(Decoder). This method will be removed
before the JJWT 1.0 release.JJWT uses a spec-compliant decoder that works on all supported JDK versions, but you may call this method to specify a different decoder if you desire.
base64UrlDecoder - the decoder to use when Base64Url-decodingJwtParserBuilder b64Url(Decoder<InputStream,InputStream> base64UrlDecoder)
InputStream Decoder.
The Decoder's decode method will be given a source InputStream to
wrap, and the resulting (wrapping) InputStream will be used for reading , ensuring automatic
Base64URL-decoding during read operations.
JJWT uses a spec-compliant decoder that works on all supported JDK versions, but you may call this method to specify a different stream decoder if desired.
base64UrlDecoder - the stream decoder to use when Base64Url-decoding@Deprecated JwtParserBuilder deserializeJsonWith(Deserializer<Map<String,?>> deserializer)
json(Deserializer).
This method will be removed before the JJWT 1.0 release.If this method is not called, JJWT will use whatever deserializer it can find at runtime, checking for the
presence of well-known implementations such Jackson, Gson, and org.json. If one of these is not found
in the runtime classpath, an exception will be thrown when one of the various parse* methods is
invoked.
deserializer - the deserializer to use when converting JSON Strings (UTF-8 byte arrays) into Map objects.JwtParserBuilder json(Deserializer<Map<String,?>> deserializer)
Deserializer to deserialize JSON (UTF-8 byte streams) into Java Map objects.
This is used by the parser after Base64Url-decoding to convert JWT/JWS/JWT headers and Claims into Java Map
instances.
If this method is not called, JJWT will use whatever Deserializer it can find at runtime, checking for the
presence of well-known implementations such Jackson, Gson, and org.json. If one of these is not found
in the runtime classpath, an exception will be thrown when one of the various parse* methods is
invoked.
deserializer - the deserializer to use to deserialize JSON (UTF-8 byte streams) into Map instances.Copyright © 2014–2023 jsonwebtoken.io. All rights reserved.