Class JwtTimestampValidator
java.lang.Object
org.springframework.security.oauth2.jwt.JwtTimestampValidator
- All Implemented Interfaces:
org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
public final class JwtTimestampValidator
extends Object
implements org.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
An implementation of
OAuth2TokenValidator
for verifying claims in a Jwt-based
access token
Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window
- Since:
- 5.1
- See Also:
-
Jwt
OAuth2TokenValidator
- JSON Web Token (JWT)
-
Constructor Summary
ConstructorDescriptionA basic instance with no custom verification and the default max clock skewJwtTimestampValidator
(Duration clockSkew) -
Method Summary
-
Constructor Details
-
JwtTimestampValidator
public JwtTimestampValidator()A basic instance with no custom verification and the default max clock skew -
JwtTimestampValidator
-
-
Method Details
-
validate
- Specified by:
validate
in interfaceorg.springframework.security.oauth2.core.OAuth2TokenValidator<Jwt>
-
setClock
Use thisClock
withInstant.now()
for assessing timestamp validity- Parameters:
clock
-
-