Package org.apache.solr.security.jwt

Class JWTIssuerConfig

java.lang.Object
org.apache.solr.security.jwt.JWTIssuerConfig
public class JWTIssuerConfig extends Object
Holds information about an IdP (issuer), such as issuer ID, JWK url(s), keys etc

  • Field Details

    • ALLOW_OUTBOUND_HTTP

      public static boolean ALLOW_OUTBOUND_HTTP

    • ALLOW_OUTBOUND_HTTP_ERR_MSG

      public static final String ALLOW_OUTBOUND_HTTP_ERR_MSG
      See Also:

  • Constructor Details

    • JWTIssuerConfig

      public JWTIssuerConfig(String name)
      Create config for further configuration with setters, builder style. Once all values are set, call init() before further use
      Parameters:
      name - a unique name for this issuer

    • JWTIssuerConfig

      public JWTIssuerConfig(Map<String,Object> configMap)
      Initialize issuer config from a generic configuration map
      Parameters:
      configMap - map of configuration keys anv values

  • Method Details

    • init

      public void init()
      Call this to validate and initialize an object which is populated with setters. Init will fetch wellKnownUrl if relevant
      Throws:
      org.apache.solr.common.SolrException - if issuer is missing

    • parseConfigMap

      protected void parseConfigMap(Map<String,Object> configMap)
      Parses configuration for one IssuerConfig and sets all variables found
      Throws:
      org.apache.solr.common.SolrException - if unknown parameter names found in config

    • setJsonWebKeySet

      protected void setJsonWebKeySet(Object jwksObject)
      Setter that takes a jwk config object, parses it into a JsonWebKeySet and sets it
      Parameters:
      jwksObject - the config object to parse

    • parseJwkSet

      protected static org.jose4j.jwk.JsonWebKeySet parseJwkSet(Map<String,Object> jwkObj) throws org.jose4j.lang.JoseException
      Throws:
      org.jose4j.lang.JoseException

    • getIss

      public String getIss()

    • setIss

      public JWTIssuerConfig setIss(String iss)

    • getName

      public String getName()

    • setName

      public JWTIssuerConfig setName(String name)

    • getWellKnownUrl

      public String getWellKnownUrl()

    • setWellKnownUrl

      public JWTIssuerConfig setWellKnownUrl(String wellKnownUrl)

    • getJwksUrls

      public List<String> getJwksUrls()

    • setJwksUrl

      public JWTIssuerConfig setJwksUrl(List<String> jwksUrl)

    • setJwksUrl

      public JWTIssuerConfig setJwksUrl(Object jwksUrlListOrString)
      Setter that converts from String or List into a list
      Parameters:
      jwksUrlListOrString - object that should be either string or list
      Returns:
      this for builder pattern
      Throws:
      org.apache.solr.common.SolrException - if wrong type

    • getHttpsJwks

      public List<org.jose4j.jwk.HttpsJwks> getHttpsJwks()

    • setHttpsJwksFactory

      public static void setHttpsJwksFactory(JWTIssuerConfig.HttpsJwksFactory httpsJwksFactory)
      Set the factory to use when creating HttpsJwks objects
      Parameters:
      httpsJwksFactory - factory with custom settings

    • getJsonWebKeySet

      public org.jose4j.jwk.JsonWebKeySet getJsonWebKeySet()

    • setJsonWebKeySet

      public JWTIssuerConfig setJsonWebKeySet(org.jose4j.jwk.JsonWebKeySet jsonWebKeySet)

    • usesHttpsJwk

      public boolean usesHttpsJwk()
      Check if the issuer is backed by HttpsJwk url(s)
      Returns:
      true if keys are fetched over https

    • getWellKnownDiscoveryConfig

      public JWTIssuerConfig.WellKnownDiscoveryConfig getWellKnownDiscoveryConfig()

    • getAud

      public String getAud()

    • setAud

      public JWTIssuerConfig setAud(String aud)

    • getClientId

      public String getClientId()

    • setClientId

      public JWTIssuerConfig setClientId(String clientId)

    • getAuthorizationEndpoint

      public String getAuthorizationEndpoint()

    • setAuthorizationEndpoint

      public JWTIssuerConfig setAuthorizationEndpoint(String authorizationEndpoint)

    • getTokenEndpoint

      public String getTokenEndpoint()

    • setTokenEndpoint

      public JWTIssuerConfig setTokenEndpoint(String tokenEndpoint)

    • getAuthorizationFlow

      public String getAuthorizationFlow()

    • setAuthorizationFlow

      public JWTIssuerConfig setAuthorizationFlow(String authorizationFlow)

    • asConfig

      public Map<String,Object> asConfig()

    • isValid

      public boolean isValid()
      Validates that this config has a name and either jwksUrl, wellkKownUrl or jwk
      Returns:
      true if a configuration is found and is valid, otherwise false
      Throws:
      org.apache.solr.common.SolrException - if configuration is present but wrong

    • setTrustedCerts

      public void setTrustedCerts(Collection<X509Certificate> trustedCerts)

    • getTrustedCerts

      public Collection<X509Certificate> getTrustedCerts()

    • checkAllowOutboundHttpConnections

      public static void checkAllowOutboundHttpConnections(String parameterName, URL url)