Package org.apache.cxf.sts.token.provider.jwt

Class DefaultJWTClaimsProvider

  • All Implemented Interfaces:
    JWTClaimsProvider
    public class DefaultJWTClaimsProvider
extends Object
implements JWTClaimsProvider
    A default implementation to create a JWTClaims object. The Subject name is the name of the current principal.

    • Constructor Detail

      • DefaultJWTClaimsProvider

        public DefaultJWTClaimsProvider()

    • Method Detail

      • getPrincipal

        protected Principal getPrincipal​(JWTClaimsProviderParameters jwtClaimsProviderParameters)
        Get the Principal (which is used as the Subject). By default, we check the following (in order): - A valid OnBehalfOf principal - A valid principal associated with a token received as ValidateTarget - The principal associated with the request. We don't need to check to see if it is "valid" here, as it is not parsed by the STS (but rather the WS-Security layer).

      • handleAudienceRestriction

        protected void handleAudienceRestriction​(JWTClaimsProviderParameters jwtClaimsProviderParameters,
                                         JwtClaims claims)
        Set the audience restriction claim. The Audiences are from an AppliesTo address, and the wst:Participants (if either exist).

      • isUseX500CN

        public boolean isUseX500CN()

      • setUseX500CN

        public void setUseX500CN​(boolean useX500CN)

      • getFutureTimeToLive

        public long getFutureTimeToLive()
        Get how long (in seconds) a client-supplied Created Element is allowed to be in the future. The default is 60 seconds to avoid common problems relating to clock skew.

      • setFutureTimeToLive

        public void setFutureTimeToLive​(long futureTimeToLive)
        Set how long (in seconds) a client-supplied Created Element is allowed to be in the future. The default is 60 seconds to avoid common problems relating to clock skew.

      • setLifetime

        public void setLifetime​(long lifetime)
        Set the default lifetime in seconds for issued JWT tokens
        Parameters:
        lifetime - default lifetime in seconds

      • getLifetime

        public long getLifetime()
        Get the default lifetime in seconds for issued JWT token where requestor doesn't specify a lifetime element
        Returns:
        the lifetime in seconds

      • setMaxLifetime

        public void setMaxLifetime​(long maxLifetime)
        Set the maximum lifetime in seconds for issued JWT tokens
        Parameters:
        maxLifetime - maximum lifetime in seconds

      • getMaxLifetime

        public long getMaxLifetime()
        Get the maximum lifetime in seconds for issued JWT token if requestor specifies lifetime element
        Returns:
        the maximum lifetime in seconds

      • isAcceptClientLifetime

        public boolean isAcceptClientLifetime()
        Is client lifetime element accepted Default: false

      • setAcceptClientLifetime

        public void setAcceptClientLifetime​(boolean acceptClientLifetime)
        Set whether client lifetime is accepted

      • isFailLifetimeExceedance

        public boolean isFailLifetimeExceedance()
        If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetime

      • setFailLifetimeExceedance

        public void setFailLifetimeExceedance​(boolean failLifetimeExceedance)
        If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetime

      • setClaimTypeMap

        public void setClaimTypeMap​(Map<String,​String> claimTypeMap)
        Specify a way to map ClaimType URIs to custom ClaimTypes
        Parameters:
        claimTypeMap -