Package kalix.javasdk.annotations
Annotation Interface JWT.StaticClaim
- Enclosing class:
JWT
public static @interface JWT.StaticClaim
A static claim is a claim that is required to be present on the token, and have a particular
value. This can be used to ensure that the token has a particular role, for example.
If the claim is not present, or does not have the expected value, then the request will be rejected with a 403 Forbidden response.
If the claim is present, but does not have the expected value, then the request will be rejected with a 403 Forbidden response.
If the claim is present, and has the expected value, then the request will be allowed to proceed. Each static claim can be configured either with a 'value' or a 'pattern' that will be matched against the value of the claim, but not both.
-
Required Element Summary
-
Optional Element Summary
-
Element Details
-
claim
String claimThe claim name needs to be a hardcoded literal (e.g. "role") -
value
String[] valueThe value can be set as: a hardcoded literal (e.g. "admin"), an ENV variable (e.g "${ENV_VAR}") or a combination of both (e.g. "${ENV_VAR}-admin"). When declaring multiple values, ALL of those will be required when validating the claim.- Default:
{}
-
pattern
String patternThis receives a regex expression (Java flavor) used to match on the incoming claim value. Cannot be used in conjunction with `value` field above. It's one or the other.NOTE: when signing, a static claim defined with a pattern will not be included in the token.
Usage examples:
- claim value is not empty: "\\S+"
- claim value has one of 2 possible values: "^(admin|manager)$"
- Default:
""
-