public interface KeyOperationPolicyBuilder extends CollectionMutator<KeyOperation,KeyOperationPolicyBuilder>, Builder<KeyOperationPolicy>
KeyOperationPolicyBuilder produces a KeyOperationPolicy that determines
which KeyOperations may be assigned to a JWK. Custom KeyOperations (such as those created by a
Jwks.OP.builder()) may be added to a policy via the add(KeyOperation) or add(Collection)
methods.Jwks.OP.policy(),
KeyOperationPolicied.operationPolicy(KeyOperationPolicy),
Jwks.OP.builder()| Modifier and Type | Method and Description |
|---|---|
KeyOperationPolicyBuilder |
add(Collection<? extends KeyOperation> ops)
Adds the specified key operations to the policy's total set of supported key operations
used to validate a key's intended usage, replacing any existing ones with identical
ids. |
KeyOperationPolicyBuilder |
add(KeyOperation op)
Adds the specified key operation to the policy's total set of supported key operations
used to validate a key's intended usage, replacing any existing one with an identical (CaSe-SeNsItIvE)
id. |
KeyOperationPolicyBuilder |
unrelated()
Allows a JWK to have unrelated
KeyOperations in its key_ops parameter values. |
clear, removeKeyOperationPolicyBuilder unrelated()
KeyOperations in its key_ops parameter values. Be careful
when calling this method - one should fully understand the security implications of using the same key
with multiple algorithms in your application.
If this method is not called, unrelated key operations are disabled by default per the recommendations in RFC 7517, Section 4.3:
Multiple unrelated key operations SHOULD NOT be specified for a key because of the potential vulnerabilities associated with using the same key with multiple algorithms.
KeyOperationPolicyBuilder add(KeyOperation op)
id.
Standard KeyOperations and Overrides
The RFC standard Jwks.OP key operations are supported by default and do not need
to be added via this method, but beware: If the op argument has a JWK standard
id, it will replace the JJWT standard operation implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations
if necessary (for example, to support legacy or custom behavior).
If a custom KeyOperation is desired, one may be easily created with a Jwks.OP.builder().
add in interface CollectionMutator<KeyOperation,KeyOperationPolicyBuilder>op - a key operation to add to the policy's total set of supported operations, replacing any
existing one with the same exact (CaSe-SeNsItIvE) id.Jwks.OP,
Jwks.OP.builder(),
KeyOperationPolicied.operationPolicy(KeyOperationPolicy),
JwkBuilder.operations()KeyOperationPolicyBuilder add(Collection<? extends KeyOperation> ops)
ids.
There may be only one registered KeyOperation per CaSe-SeNsItIvE id, and the
ops collection is added in iteration order; if a duplicate id is found when iterating the ops
collection, the later operation will evict any existing operation with the same id.
Standard KeyOperations and Overrides
The RFC standard Jwks.OP key operations are supported by default and do not need
to be added via this method, but beware: any operation in the ops argument with a
JWK standard id will replace the JJWT standard operation implementation.
This is to allow application developers to favor their own implementations over JJWT's default implementations
if necessary (for example, to support legacy or custom behavior).
If custom KeyOperations are desired, they may be easily created with a Jwks.OP.builder().
add in interface CollectionMutator<KeyOperation,KeyOperationPolicyBuilder>ops - collection of key operations to add to the policy's total set of supported operations, replacing any
existing ones with the same exact (CaSe-SeNsItIvE) ids.Jwks.OP,
Jwks.OP.builder(),
KeyOperationPolicied.operationPolicy(KeyOperationPolicy),
JwkBuilder.operations()Copyright © 2014–2025 jsonwebtoken.io. All rights reserved.