public abstract class AbstractTokenValidator extends Object implements TokenValidator
TokenValidator.Policy| Modifier | Constructor and Description |
|---|---|
protected |
AbstractTokenValidator(AsapConfiguration config) |
| Modifier and Type | Method and Description |
|---|---|
protected Set<String> |
acceptableAudienceValues() |
TokenValidator |
audience(Iterable<String> additionalAudienceValues)
|
protected Set<String> |
authorizedIssuers() |
protected Set<String> |
authorizedSubjects() |
protected Set<String> |
impersonationAuthorizedIssuers() |
TokenValidator |
impersonationIssuer(Iterable<String> impersonationIssuers)
|
TokenValidator |
issuer(Iterable<String> authorizedIssuers)
As for
TokenValidator.issuer(String...). |
protected TokenValidator.Policy |
policy() |
TokenValidator |
policy(TokenValidator.Policy policy)
Specifies the validation policy for this validator.
|
TokenValidator |
subject(Iterable<String> authorizedSubjects)
|
protected boolean |
subjectImpersonation() |
TokenValidator |
subjectImpersonation(boolean subjectImpersonation)
Deprecated.
move/copy issuers that are allowed to impersonate users from the 'issuer' to the 'impersonationIssuer' list
|
String |
toString() |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitaudience, impersonationIssuer, issuer, subject, validateprotected AbstractTokenValidator(AsapConfiguration config)
public TokenValidator issuer(Iterable<String> authorizedIssuers)
TokenValidatorTokenValidator.issuer(String...).issuer in interface TokenValidatorauthorizedIssuers - as for TokenValidator.issuer(String...)thispublic TokenValidator impersonationIssuer(Iterable<String> impersonationIssuers)
TokenValidatorimpersonationIssuer in interface TokenValidatorimpersonationIssuers - as for TokenValidator.impersonationIssuer(String...)this@Deprecated public TokenValidator subjectImpersonation(boolean subjectImpersonation)
TokenValidator
The subject is ignored by default. If subject impersonation is enabled, then the subject is understood
to identify a user known to the application, or anonymous access when the subject is not specified. If
subject impersonation is enabled, then the issuer whitelist MUST
be provided, or all tokens will be rejected.
The validation service only approves the request for subject impersonation. The actual implementation is left up to the surrounding framework.
subjectImpersonation in interface TokenValidatorsubjectImpersonation - true to use subject impersonationthispublic TokenValidator subject(Iterable<String> authorizedSubjects)
TokenValidatorsubject in interface TokenValidatorauthorizedSubjects - as for TokenValidator.subject(String...)thispublic TokenValidator audience(Iterable<String> additionalAudienceValues)
TokenValidatoraudience in interface TokenValidatoradditionalAudienceValues - as for TokenValidator.audience(String...)thispublic TokenValidator policy(TokenValidator.Policy policy)
TokenValidator
By default, the validator will use TokenValidator.Policy.REQUIRE. If those are not the desired authentication
semantics, then this method can be used to specify one of the other policies, instead.
The most useful ones are probably TokenValidator.Policy.IGNORE (to disable ASAP authentication when it might
otherwise have been inherited from a superclass or the surrounding context) and TokenValidator.Policy.OPTIONAL,
to allow ASAP authentication to be validated when it is attempted, but without mandating its use.
policy in interface TokenValidatorpolicy - the enforcement policy to usethisprotected boolean subjectImpersonation()
protected TokenValidator.Policy policy()
Copyright © 2017 Atlassian. All rights reserved.