org.imixs.security.oidc.BearerTokenValidator

@RequestScoped public class BearerTokenValidator extends Object

The BearerTokenValidator provides static utility methods to validate and decode Bearer JWT tokens. It supports RS256 signed tokens based on the public keys (JWKS) fetched from a trusted* OpenID Connect (OIDC) provider. The class verifies the token signature and expiration. It also allows extracting standard claims like username and roles from the token. In addition the BearerTokenValidator supports fetching additional claims from the UserInfo endpoint when needed.

Constructor Summary

Constructors

Constructor

Description

BearerTokenValidator()
Method Summary

Modifier and Type

Method

Description

jakarta.security.enterprise.AuthenticationStatus

handle(jakarta.servlet.http.HttpServletRequest request, jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext context)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- BearerTokenValidator
  
  public BearerTokenValidator()
Method Details
- handle
  
  public jakarta.security.enterprise.AuthenticationStatus handle(jakarta.servlet.http.HttpServletRequest request, jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext context)

Class BearerTokenValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

BearerTokenValidator

Method Details

handle