Package com.sap.cloud.security.token.validation.validators

Class JwtValidatorBuilder

java.lang.Object

com.sap.cloud.security.token.validation.validators.JwtValidatorBuilder

public class JwtValidatorBuilder
extends Object

Class used to build a token validator for a oauth service configuration OAuth2ServiceConfiguration.
Custom validators can be added via with(Validator) method.

Method Summary

Modifier and Type	Method	Description
CombiningValidator<Token>	build()	Builds the validators with the applied parameters.
JwtValidatorBuilder	configureAnotherServiceInstance(OAuth2ServiceConfiguration otherConfiguration)	Allows to provide another service configuration, e.g.
JwtValidatorBuilder	disableTenantIdCheck()	Disables tenant id check for JwtSignatureValidator.
static JwtValidatorBuilder	getInstance(OAuth2ServiceConfiguration configuration)	Creates a builder instance that can be configured further.
JwtValidatorBuilder	with(Validator<Token> validator)	Adds a custom validator to the validation chain.
JwtValidatorBuilder	withAudienceValidator(Validator<Token> audienceValidator)	Sets / overwrites the default audience validator.
JwtValidatorBuilder	withCacheConfiguration(CacheConfiguration tokenKeyCacheConfiguration)	Use to configure the token key cache.
JwtValidatorBuilder	withHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)	In case you want to configure the OidcConfigurationService and the OAuth2TokenKeyService with your own Rest client.
JwtValidatorBuilder	withOAuth2TokenKeyService(OAuth2TokenKeyService tokenKeyService)	Deprecated. for internal use only
JwtValidatorBuilder	withOidcConfigurationService(OidcConfigurationService oidcConfigurationService)	Deprecated. for internal use only
JwtValidatorBuilder	withValidatorListener(ValidationListener validationListener)	Adds the validation listener to the jwt validator that is being built.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static JwtValidatorBuilder getInstance(OAuth2ServiceConfiguration configuration)

Creates a builder instance that can be configured further.

Parameters:

configuration - the identity service configuration

Returns:

the builder

with

public JwtValidatorBuilder with(Validator<Token> validator)

Adds a custom validator to the validation chain.

Parameters:

validator - the validator used for validation.

Returns:

this builder.

withCacheConfiguration

public JwtValidatorBuilder withCacheConfiguration(CacheConfiguration tokenKeyCacheConfiguration)

Use to configure the token key cache.

Parameters:

tokenKeyCacheConfiguration - the cache configuration

Returns:

this builder

withAudienceValidator

public JwtValidatorBuilder withAudienceValidator(Validator<Token> audienceValidator)

Sets / overwrites the default audience validator.

Parameters:

audienceValidator - the validator used for validation.

Returns:

this builder.

withOAuth2TokenKeyService

@Deprecated
public JwtValidatorBuilder withOAuth2TokenKeyService(OAuth2TokenKeyService tokenKeyService)

Deprecated.

for internal use only

Overwrite in case you want to configure your own OAuth2TokenKeyService instance.

Parameters:

tokenKeyService - your token key service

Returns:

this builder

withOidcConfigurationService

@Deprecated
public JwtValidatorBuilder withOidcConfigurationService(OidcConfigurationService oidcConfigurationService)

Deprecated.

for internal use only

Overwrite in case you want to configure your own OAuth2TokenKeyService instance.

Parameters:

oidcConfigurationService - your token key service

Returns:

this builder

withHttpClient

public JwtValidatorBuilder withHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)

In case you want to configure the OidcConfigurationService and the OAuth2TokenKeyService with your own Rest client.

Parameters:

httpClient - your own http client

Returns:

this builder

configureAnotherServiceInstance

public JwtValidatorBuilder configureAnotherServiceInstance(@Nullable
                                                           OAuth2ServiceConfiguration otherConfiguration)

Allows to provide another service configuration, e.g. in case you have multiple Xsuaa identity service instances and you like to accept tokens issued for them as well.

Parameters:

otherConfiguration - the configuration of the other service instance, e.g. the broker

Returns:

this builder

withValidatorListener

public JwtValidatorBuilder withValidatorListener(ValidationListener validationListener)

Adds the validation listener to the jwt validator that is being built.

Parameters:

validationListener - the listener to be added to the validator.

Returns:

this builder

disableTenantIdCheck

public JwtValidatorBuilder disableTenantIdCheck()

Disables tenant id check for JwtSignatureValidator. In case Jwt issuer claim doesn't match with the url attribute from OAuth2ServiceConfiguration tenant id (zid) claim needs to be present in token to ensure that the tenant belongs to this issuer. This method disables the tenant id check. Use with caution as it relaxes the validation rules! It is not recommended to disable this check for standard Identity service setup.

Returns:

this builder

build

public CombiningValidator<Token> build()

Builds the validators with the applied parameters.

Returns:

the combined validators.