Class JwtTimestampValidator
java.lang.Object
org.springframework.security.oauth2.jwt.JwtTimestampValidator
- All Implemented Interfaces:
OAuth2TokenValidator<Jwt>
An implementation of
OAuth2TokenValidator for verifying claims in a Jwt-based
access token
Because clocks can differ between the Jwt source, say the Authorization Server, and its destination, say the Resource Server, there is a default clock leeway exercised when deciding if the current time is within the Jwt's specified operating window
- Since:
- 5.1
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionA basic instance with no custom verification and the default max clock skewJwtTimestampValidator(Duration clockSkew) -
Method Summary
Modifier and TypeMethodDescriptionvoidUse thisClockwithInstant.now()for assessing timestamp validityVerify the validity and/or constraints of the provided OAuth 2.0 Token.
-
Constructor Details
-
JwtTimestampValidator
public JwtTimestampValidator()A basic instance with no custom verification and the default max clock skew -
JwtTimestampValidator
-
-
Method Details
-
validate
Description copied from interface:OAuth2TokenValidatorVerify the validity and/or constraints of the provided OAuth 2.0 Token.- Specified by:
validatein interfaceOAuth2TokenValidator<Jwt>- Parameters:
jwt- an OAuth 2.0 token- Returns:
- OAuth2TokenValidationResult the success or failure detail of the validation
-
setClock
Use thisClockwithInstant.now()for assessing timestamp validity- Parameters:
clock-
-