Class JwtTimestampValidator
- java.lang.Object
-
- org.springframework.security.oauth2.jwt.JwtTimestampValidator
-
- All Implemented Interfaces:
org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
public final class JwtTimestampValidator extends java.lang.Object implements org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
An implementation ofOAuth2TokenValidator
for verifying claims in a Jwt-based access tokenBecause clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window
- Since:
- 5.1
- See Also:
Jwt
,OAuth2TokenValidator
, JSON Web Token (JWT)
-
-
Constructor Summary
Constructors Constructor Description JwtTimestampValidator()
A basic instance with no custom verification and the default max clock skewJwtTimestampValidator(java.time.Duration clockSkew)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
setClock(java.time.Clock clock)
Use thisClock
withInstant.now()
for assessing timestamp validityorg.springframework.security.oauth2.core.OAuth2TokenValidatorResult
validate(Jwt jwt)
-
-
-
Method Detail
-
validate
public org.springframework.security.oauth2.core.OAuth2TokenValidatorResult validate(Jwt jwt)
- Specified by:
validate
in interfaceorg.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
-
setClock
public void setClock(java.time.Clock clock)
Use thisClock
withInstant.now()
for assessing timestamp validity- Parameters:
clock
-
-
-