Package com.sap.cloud.security.token.validation.validators

Class JwtValidatorBuilder

java.lang.Object
com.sap.cloud.security.token.validation.validators.JwtValidatorBuilder
public class JwtValidatorBuilder extends Object
Class used to build a token validator for an OAuth service configuration OAuth2ServiceConfiguration.
Custom validators can be added via with(Validator) method.

  • Method Details

    • getInstance

      public static JwtValidatorBuilder getInstance(OAuth2ServiceConfiguration configuration)
      Creates a builder instance that can be configured further.
      Parameters:
      configuration - the identity service configuration
      Returns:
      the builder

    • with

      public JwtValidatorBuilder with(Validator<Token> validator)
      Adds a custom validator to the validation chain.
      Parameters:
      validator - the validator used for validation.
      Returns:
      this builder.

    • withCacheConfiguration

      public JwtValidatorBuilder withCacheConfiguration(CacheConfiguration tokenKeyCacheConfiguration)
      Use to configure the token key cache.
      Parameters:
      tokenKeyCacheConfiguration - the cache configuration
      Returns:
      this builder

    • withAudienceValidator

      public JwtValidatorBuilder withAudienceValidator(Validator<Token> audienceValidator)
      Sets / overwrites the default audience validator.
      Parameters:
      audienceValidator - the validator used for validation.
      Returns:
      this builder.

    • withOAuth2TokenKeyService

      @Deprecated public JwtValidatorBuilder withOAuth2TokenKeyService(OAuth2TokenKeyService tokenKeyService)
      Deprecated.
      for internal use only
      Overwrite in case you want to configure your own OAuth2TokenKeyService instance.
      Parameters:
      tokenKeyService - your token key service
      Returns:
      this builder

    • withOidcConfigurationService

      @Deprecated public JwtValidatorBuilder withOidcConfigurationService(OidcConfigurationService oidcConfigurationService)
      Deprecated.
      for internal use only
      Overwrite in case you want to configure your own OAuth2TokenKeyService instance.
      Parameters:
      oidcConfigurationService - your token key service
      Returns:
      this builder

    • withHttpClient

      public JwtValidatorBuilder withHttpClient(org.apache.http.impl.client.CloseableHttpClient httpClient)
      In case you want to configure the OidcConfigurationService and the OAuth2TokenKeyService with your own Rest client.
      Parameters:
      httpClient - your own http client
      Returns:
      this builder

    • configureAnotherServiceInstance

      public JwtValidatorBuilder configureAnotherServiceInstance(@Nullable OAuth2ServiceConfiguration otherConfiguration)
      Allows to provide another service configuration, e.g. in case you have multiple Xsuaa identity service instances and you like to accept tokens issued for them as well.
      Parameters:
      otherConfiguration - the configuration of the other service instance, e.g. the broker
      Returns:
      this builder

    • withValidatorListener

      public JwtValidatorBuilder withValidatorListener(ValidationListener validationListener)
      Adds the validation listener to the jwt validator that is being built.
      Parameters:
      validationListener - the listener to be added to the validator.
      Returns:
      this builder

    • disableTenantIdCheck

      public JwtValidatorBuilder disableTenantIdCheck()
      Disables tenant id check for JwtSignatureValidator. In case Jwt issuer claim doesn't match with the url attribute from OAuth2ServiceConfiguration tenant id (zid) claim needs to be present in token to ensure that the tenant belongs to this issuer. This method disables the tenant id check. Use with caution as it relaxes the validation rules! It is not recommended to disable this check for standard Identity service setup.
      Returns:
      this builder

    • build

      public CombiningValidator<Token> build()
      Builds the validators with the applied parameters.
      Returns:
      the combined validators.