Skip to content

Commit 95395fc

Browse files
author
Valentin Brückel
committed
provide single-key accessor instead of whole Map
1 parent 5f9b7d6 commit 95395fc

2 files changed

Lines changed: 3 additions & 5 deletions

File tree

core/src/main/java/com/predic8/membrane/core/interceptor/jwt/Jwks.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -114,8 +114,8 @@ public Jwks setJwksUris(String jwksUris) {
114114
return this;
115115
}
116116

117-
public HashMap<String, RsaJsonWebKey> getKeysByKid() {
118-
return keysByKid;
117+
public Optional<RsaJsonWebKey> getKeyByKid(String kid) {
118+
return Optional.ofNullable(keysByKid.get(kid));
119119
}
120120

121121
private HashMap<String, RsaJsonWebKey> buildKeyMap(List<Jwk> jwks) {

core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
package com.predic8.membrane.core.interceptor.jwt;
1414

1515
import com.fasterxml.jackson.core.*;
16-
import com.fasterxml.jackson.databind.*;
1716
import com.predic8.membrane.annot.*;
1817
import com.predic8.membrane.core.exceptions.ProblemDetails;
1918
import com.predic8.membrane.core.exchange.*;
@@ -129,8 +128,7 @@ public Outcome handleJwt(Exchange exc, String jwt) throws JWTException, JsonProc
129128

130129
// we could make it possible that every key is checked instead of having the "kid" field mandatory
131130
// this would then need up to n checks per incoming JWT - could be a performance problem
132-
RsaJsonWebKey key = Optional.ofNullable(jwks.getKeysByKid().get(kid))
133-
.orElseThrow(() -> new JWTException(ERROR_UNKNOWN_KEY, ERROR_UNKNOWN_KEY_ID));
131+
RsaJsonWebKey key = jwks.getKeyByKid(kid).orElseThrow(() -> new JWTException(ERROR_UNKNOWN_KEY, ERROR_UNKNOWN_KEY_ID));
134132

135133
Map<String, Object> jwtClaims = createValidator(key).processToClaims(jwt).getClaimsMap();
136134

0 commit comments

Comments
 (0)