Package org.mockserver.model
Class Jwt
Expectation criteria for matching a JSON Web Token (JWT) carried in a request header.
The token is read from the header named by header (default
authorization), the scheme prefix (default Bearer) is stripped, and
the token's header.payload segments are decoded with base64url + JSON. No
signature verification is performed — this is request matching for test routing,
not authentication. Control-plane JWT authentication (the authentication/ stack) is a
separate concern and is unaffected by this matcher.
A request is matched when every configured criterion matches the decoded token:
claims— each entry asserts the value of a claim in the JWT payload. The value is aNottableStringso exact, regex and!negation forms are all supported (e.g.{"sub":"user-1","scope":".*admin.*"}). A positive criterion whose claim is absent from the token never matches; a negated criterion (e.g.!admin) against an absent claim matches vacuously — there is no value to contradict it. The same holds for theissuer,audienceandalgorithmconvenience criteria.issuer— convenience criterion for theissclaim.audience— convenience criterion for theaudclaim (which may be a single string or an array; a match against any array element is a match).algorithm— convenience criterion for the JOSE headeralgfield.
Jwt criterion (and never surfaces an
exception to the caller).- Author:
- jamesdbloom
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionclone()booleaninthashCode()static Jwtjwt()withAlgorithm(String algorithm) withAlgorithm(NottableString algorithm) withAudience(String audience) withAudience(NottableString audience) Add a single claim-value criterion.withClaim(String name, NottableString value) withClaims(Map<String, NottableString> claims) withHeader(String header) The name of the request header carrying the JWT (defaultauthorization).withIssuer(String issuer) withIssuer(NottableString issuer) withScheme(String scheme) The authentication scheme prefix stripped from the header value before decoding (defaultBearer).Methods inherited from class org.mockserver.model.ObjectWithJsonToString
toStringMethods inherited from class org.mockserver.model.ObjectWithReflectiveEqualsHashCodeToString
fieldsExcludedFromEqualsAndHashCode
-
Field Details
-
DEFAULT_HEADER
- See Also:
-
DEFAULT_SCHEME
- See Also:
-
-
Constructor Details
-
Jwt
public Jwt()
-
-
Method Details
-
jwt
-
getHeader
-
withHeader
The name of the request header carrying the JWT (defaultauthorization). -
getScheme
-
withScheme
The authentication scheme prefix stripped from the header value before decoding (defaultBearer). Matched case-insensitively; a blank scheme means the header value is treated as the raw token. -
getClaims
-
withClaims
-
withClaim
Add a single claim-value criterion. The value is parsed as aNottableStringso a regex or!-negated form is honoured. -
withClaim
-
getIssuer
-
withIssuer
-
withIssuer
-
getAudience
-
withAudience
-
withAudience
-
getAlgorithm
-
withAlgorithm
-
withAlgorithm
-
clone
-
equals
- Overrides:
equalsin classObjectWithReflectiveEqualsHashCodeToString
-
hashCode
public int hashCode()- Overrides:
hashCodein classObjectWithReflectiveEqualsHashCodeToString
-