Module jakarta.security
Interface JwtClaims
- All Superinterfaces:
Claims
Standard JWT claims. A token typically.
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionThe recipients that the JWT is intended for.Expiration time on or after which the JWT MUST NOT be accepted for processing.The time at which the JWT was issued.The principal that issued the JWTgetJwtId()
Unique identifier for the JWTThe time before which the JWT MUST NOT be accepted for processing.The principal that is the subject of the JWT.default boolean
isBeforeValidity
(Clock clock, boolean required, Duration skew) Check if JWT is before its defined validitydefault boolean
Check if JWT is expireddefault boolean
isValid()
Check JWT validity against current time with 1MIN clock skew.Methods inherited from interface jakarta.security.enterprise.identitystore.openid.Claims
getArrayStringClaim, getDoubleClaim, getIntClaim, getLongClaim, getNested, getNumericDateClaim, getStringClaim
-
Field Details
-
NONE
Singleton instance representing no claims
-
-
Method Details
-
getIssuer
The principal that issued the JWT- Returns:
- value of
iss
claim
-
getSubject
The principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject.- Returns:
- value of
sub
claim
-
getAudience
The recipients that the JWT is intended for. To ease work with the field, audience is always represented as list, also in special cases -- it is singleton list when it was a string in the token, and empty set if it was not present.- Returns:
- non-null set representing the values of
aud
claim
-
getExpirationTime
Expiration time on or after which the JWT MUST NOT be accepted for processing.- Returns:
- value of
exp
claim
-
isExpired
Check if JWT is expired- Parameters:
clock
- Clock representing reference time of checkingrequired
- indication whether the claim is required, i. e. whether token with claim is considered expiredskew
- allowed clock skew to account for drift between provider and us- Returns:
- true when current time is past expiration time, or
exp
claim is not present andrequired
istrue
-
getNotBeforeTime
The time before which the JWT MUST NOT be accepted for processing.- Returns:
-
isBeforeValidity
Check if JWT is before its defined validity- Parameters:
clock
- Clock representing reference time of checkingrequired
- indication, whether the claim is required, i. e. whether token without nbf is considered before validityskew
- allowed clock skew to account for drift between provider and us- Returns:
-
isValid
default boolean isValid()Check JWT validity against current time with 1MIN clock skew.- Returns:
- true if exp token is present and within limits and nbf is within limits when present
-
getIssuedAt
The time at which the JWT was issued.- Returns:
- value of
exp
claim
-
getJwtId
Unique identifier for the JWT- Returns:
- value of
jti
claim
-