Class SpireJwtTokenLoginValidator
java.lang.Object
io.confluent.kafka.clients.plugins.auth.oauth.internals.SpireJwtTokenLoginValidator
- All Implemented Interfaces:
org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator
public class SpireJwtTokenLoginValidator
extends Object
implements org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator
A
AccessTokenValidator that does basic validation of the JWT retrieved from the Spire Agent.
It validates following: 1. `exp` claim is valid (i.e. a non-negative number that is not already expired) 2. `iat` claim is valid (i.e. a non-negative number that is less than current time) 3. `sub` claim is valid (i.e. a non-null, non-empty string starting with 'spiffe')
-
Field Summary
FieldsFields inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator
IAT_CLAIM_REQUIRED, JTI_CLAIM_REQUIRED -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
EXPIRATION_CLAIM_NAME
- See Also:
-
ISSUED_AT_CLAIM_NAME
- See Also:
-
SUBJECT_CLAIM_NAME
- See Also:
-
-
Constructor Details
-
SpireJwtTokenLoginValidator
public SpireJwtTokenLoginValidator()
-
-
Method Details
-
validate
public org.apache.kafka.common.security.oauthbearer.OAuthBearerToken validate(String accessToken) throws org.apache.kafka.common.security.oauthbearer.internals.secured.ValidateException - Specified by:
validatein interfaceorg.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator- Throws:
org.apache.kafka.common.security.oauthbearer.internals.secured.ValidateException
-