Package com.nimbusds.jose.jwk.source
Class JWKSourceBuilder<C extends SecurityContext>
java.lang.Object
com.nimbusds.jose.jwk.source.JWKSourceBuilder<C>
JWKSource builder.
Supports wrapping of a JWK set source, typically a URL, with the following capabilities:
- Version:
- 2025-09-05
- Author:
- Thomas Rørvik Skjølberg, Vladimir Dzhuvinov
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final longThe default refresh timeout of cached JWK sets, in milliseconds.static final longThe default time to live of cached JWK sets, in milliseconds.static final intThe default HTTP connect timeout for JWK set retrieval, in milliseconds.static final intThe default HTTP read timeout for JWK set retrieval, in milliseconds.static final intThe default HTTP entity size limit for JWK set retrieval, in bytes.static final longThe default rate limiting minimum allowed time interval between two JWK set retrievals, in milliseconds.static final longThe default afresh-ahead time of cached JWK sets, in milliseconds. -
Method Summary
Modifier and TypeMethodDescriptionbuild()Builds the finalJWKSource.cache(boolean enable) Toggles caching of the JWK set.cache(long timeToLive, long cacheRefreshTimeout) Enables caching of the retrieved JWK set.cache(long timeToLive, long cacheRefreshTimeout, EventListener<CachingJWKSetSource<C>, C> eventListener) Enables caching of the retrieved JWK set.Enables caching of the JWK set forever (no expiration).static <C extends SecurityContext>
JWKSourceBuilder<C>create(JWKSetSource<C> source) Creates a new JWK source builder wrapping an existing source.static <C extends SecurityContext>
JWKSourceBuilder<C>Creates a new JWK source builder using the specified JWK set URL and DefaultResourceRetriever with default timeouts.static <C extends SecurityContext>
JWKSourceBuilder<C>create(URL jwkSetURL, ResourceRetriever retriever) Creates a new JWK source builder using the specified JWK set URL and resource retriever.Sets a failover JWK source.Sets a health report listener.outageTolerant(boolean enable) Toggles outage tolerance by serving a cached JWK set in case of outage.outageTolerant(long timeToLive) Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.outageTolerant(long timeToLive, EventListener<OutageTolerantJWKSetSource<C>, C> eventListener) Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.rateLimited(boolean enable) Toggles rate limiting of the JWK set retrieval.rateLimited(long minTimeInterval) Enables rate limiting of the JWK set retrieval.rateLimited(long minTimeInterval, EventListener<RateLimitedJWKSetSource<C>, C> eventListener) Enables rate limiting of the JWK set retrieval.refreshAheadCache(boolean enable) Toggles refresh-ahead caching of the JWK set.refreshAheadCache(long refreshAheadTime, boolean scheduled) Enables refresh-ahead caching of the JWK set.refreshAheadCache(long refreshAheadTime, boolean scheduled, EventListener<CachingJWKSetSource<C>, C> eventListener) Enables refresh-ahead caching of the JWK set.refreshAheadCache(long refreshAheadTime, EventListener<CachingJWKSetSource<C>, C> eventListener, ExecutorService executorService, boolean shutdownExecutorOnClose, ScheduledExecutorService scheduledExecutorService, boolean shutdownScheduledExecutorOnClose) Enables refresh-ahead caching of the JWK set.retrying(boolean enable) Enables single retrial to retrieve the JWK set to work around transient network issues.retrying(EventListener<RetryingJWKSetSource<C>, C> eventListener) Enables single retrial to retrieve the JWK set to work around transient network issues.
-
Field Details
-
DEFAULT_HTTP_CONNECT_TIMEOUT
The default HTTP connect timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.- See Also:
-
DEFAULT_HTTP_READ_TIMEOUT
The default HTTP read timeout for JWK set retrieval, in milliseconds. Set to 500 milliseconds.- See Also:
-
DEFAULT_HTTP_SIZE_LIMIT
The default HTTP entity size limit for JWK set retrieval, in bytes. Set to 50 KBytes.- See Also:
-
DEFAULT_CACHE_TIME_TO_LIVE
The default time to live of cached JWK sets, in milliseconds. Set to 5 minutes.- See Also:
-
DEFAULT_CACHE_REFRESH_TIMEOUT
The default refresh timeout of cached JWK sets, in milliseconds. Set to 15 seconds.- See Also:
-
DEFAULT_REFRESH_AHEAD_TIME
The default afresh-ahead time of cached JWK sets, in milliseconds. Set to 30 seconds.- See Also:
-
DEFAULT_RATE_LIMIT_MIN_INTERVAL
The default rate limiting minimum allowed time interval between two JWK set retrievals, in milliseconds.- See Also:
-
failover
-
-
Method Details
-
create
Creates a new JWK source builder using the specified JWK set URL and DefaultResourceRetriever with default timeouts.- Parameters:
jwkSetURL- The JWK set URL. Must not benull.
-
create
public static <C extends SecurityContext> JWKSourceBuilder<C> create(URL jwkSetURL, ResourceRetriever retriever) Creates a new JWK source builder using the specified JWK set URL and resource retriever.- Parameters:
jwkSetURL- The JWK set URL. Must not benull.retriever- The resource retriever. Must not benull.
-
create
Creates a new JWK source builder wrapping an existing source.- Parameters:
source- The JWK source to wrap. Must not benull.
-
cache
Toggles caching of the JWK set.- Parameters:
enable-trueto cache the JWK set.- Returns:
- This builder.
-
cache
Enables caching of the retrieved JWK set.- Parameters:
timeToLive- The time to live of the cached JWK set, in milliseconds.cacheRefreshTimeout- The cache refresh timeout, in milliseconds.- Returns:
- This builder.
-
cache
public JWKSourceBuilder<C> cache(long timeToLive, long cacheRefreshTimeout, EventListener<CachingJWKSetSource<C>, C> eventListener) Enables caching of the retrieved JWK set.- Parameters:
timeToLive- The time to live of the cached JWK set, in milliseconds.cacheRefreshTimeout- The cache refresh timeout, in milliseconds.eventListener- The event listener,nullif not specified.- Returns:
- This builder.
-
cacheForever
Enables caching of the JWK set forever (no expiration).- Returns:
- This builder.
-
refreshAheadCache
Toggles refresh-ahead caching of the JWK set.- Parameters:
enable-trueto enable refresh-ahead caching of the JWK set.- Returns:
- This builder.
-
refreshAheadCache
Enables refresh-ahead caching of the JWK set.- Parameters:
refreshAheadTime- The refresh ahead time, in milliseconds.scheduled-trueto refresh in a scheduled manner, regardless of requests.- Returns:
- This builder.
-
refreshAheadCache
public JWKSourceBuilder<C> refreshAheadCache(long refreshAheadTime, boolean scheduled, EventListener<CachingJWKSetSource<C>, C> eventListener) Enables refresh-ahead caching of the JWK set.- Parameters:
refreshAheadTime- The refresh ahead time, in milliseconds.scheduled-trueto refresh in a scheduled manner, regardless of requests.eventListener- The event listener,nullif not specified.- Returns:
- This builder.
-
refreshAheadCache
public JWKSourceBuilder<C> refreshAheadCache(long refreshAheadTime, EventListener<CachingJWKSetSource<C>, C> eventListener, ExecutorService executorService, boolean shutdownExecutorOnClose, ScheduledExecutorService scheduledExecutorService, boolean shutdownScheduledExecutorOnClose) Enables refresh-ahead caching of the JWK set.- Parameters:
refreshAheadTime- The refresh ahead time, in milliseconds.eventListener- The event listener,nullif not specified.executorService- The executor service to use for the cache refresh.shutdownExecutorOnClose- Iftruethe executor service will be shut down upon closing the source.scheduledExecutorService- TheScheduledExecutorServiceto schedule the updates in the background. Ifnullno updates will be scheduledshutdownScheduledExecutorOnClose- Iftruethen theScheduledExecutorServicewill be shut down upon closing the source.- Returns:
- This builder.
-
rateLimited
Toggles rate limiting of the JWK set retrieval.- Parameters:
enable-trueto rate limit the JWK set retrieval.- Returns:
- This builder.
-
rateLimited
Enables rate limiting of the JWK set retrieval.- Parameters:
minTimeInterval- The minimum allowed time interval between two JWK set retrievals, in milliseconds.- Returns:
- This builder.
-
rateLimited
public JWKSourceBuilder<C> rateLimited(long minTimeInterval, EventListener<RateLimitedJWKSetSource<C>, C> eventListener) Enables rate limiting of the JWK set retrieval.- Parameters:
minTimeInterval- The minimum allowed time interval between two JWK set retrievals, in milliseconds.eventListener- The event listener,nullif not specified.- Returns:
- This builder.
-
failover
Sets a failover JWK source.- Parameters:
failover- The failover JWK source,nullif none.- Returns:
- This builder.
-
retrying
Enables single retrial to retrieve the JWK set to work around transient network issues.- Parameters:
enable-trueto enable single retrial.- Returns:
- This builder.
-
retrying
Enables single retrial to retrieve the JWK set to work around transient network issues.- Parameters:
eventListener- The event listener,nullif not specified.- Returns:
- This builder.
-
healthReporting
public JWKSourceBuilder<C> healthReporting(HealthReportListener<JWKSetSourceWithHealthStatusReporting<C>, C> listener) Sets a health report listener.- Parameters:
listener- The health report listener,nullif not specified.- Returns:
- This builder.
-
outageTolerant
Toggles outage tolerance by serving a cached JWK set in case of outage.- Parameters:
enable-trueto enable the outage cache.- Returns:
- This builder.
-
outageTolerantForever
Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.- Returns:
- This builder.
-
outageTolerant
Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.- Parameters:
timeToLive- The time to live of the cached JWK set to cover outages, in milliseconds.- Returns:
- This builder.
-
outageTolerant
public JWKSourceBuilder<C> outageTolerant(long timeToLive, EventListener<OutageTolerantJWKSetSource<C>, C> eventListener) Enables outage tolerance by serving a non-expiring cached JWK set in case of outage.- Parameters:
timeToLive- The time to live of the cached JWK set to cover outages, in milliseconds.eventListener- The event listener,nullif not specified.- Returns:
- This builder.
-
build
Builds the finalJWKSource.- Returns:
- The final
JWKSource.
-