import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
/**
* getYourMicroserviceClaimsVerifier
* Obtains our Standard Claims Verifier.
*
* @return JWTClaimsVerifier Claims Verifier to be performed against a Claims Set.
*/
protected JWTClaimsVerifier getYourMicroserviceClaimsVerifier() {
/**
* Default JWT claims verifier. This class is thread-safe.
*
* Performs the following checks:
*
* + If an expiration time (exp) claim is present, makes sure it is ahead of the current time, else the JWT claims set is rejected.
* + If a not-before-time (nbf) claim is present, makes sure it is before the current time, else the JWT claims set is rejected.
* This class may be extended to perform additional checks.
*/
return new DefaultJWTClaimsVerifier() {
@Override
public void verify(JWTClaimsSet claimsSet)
throws BadJWTException {
/**
* Verify the Expiration of the Token and Not Before Use.
*/
super.verify(claimsSet);
/**
* Ensure Correct Issuer is from our own Eco-System.
*/
String issuer = claimsSet.getIssuer();
if (issuer == null || !issuer.equals(YourMicroserviceToken.YOUR_ORGANIZATION_ISSUER)) {
throw new BadJWTException("Invalid Token issuer");
}
/**
* Ensure Subject Specified.
*/
String subject = claimsSet.getSubject();
if (subject == null || subject.isEmpty()) {
throw new BadJWTException("Invalid Token Subject");
}
/**
* Ensure Subject Specified.
*/
String jti = claimsSet.getJWTID();
if (!isUUIDValid(jti)) {
throw new BadJWTException("Invalid Token Identifier");
}
/**
* Validate Audience, we need at least Once Specified.
*/
if (claimsSet.getAudience() == null || claimsSet.getAudience().isEmpty()) {
throw new BadJWTException("Invalid Audience");
}
/**
* Ensure Your Microservice was Specified.
*/
JSONObject yms = (JSONObject) claimsSet.getClaim(CLAIM_NAME_YOUR_MICROSERVICE);
if (yms == null || yms.isEmpty()) {
throw new BadJWTException("Invalid Your Microservice Claim");
}
/**
* Add Additional Claims Verification Here if and when Applicable...
*/
}
};
}