Package io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3

Interface JwtAuthenticationOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
JwtAuthentication, JwtAuthentication.Builder
public interface JwtAuthenticationOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    containsProviders(String key)
    Map of provider names to JwtProviders. .. code-block:: yaml providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: provider2 local_jwks: inline_string: jwks_string
    boolean
    containsRequirementMap(String key)
    A map of unique requirement_names to JwtRequirements.
    boolean
    getBypassCorsPreflight()
    When set to true, bypass the `CORS preflight request <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT requirements specified in the rules.
    FilterStateRule
    getFilterStateRules()
    This message specifies Jwt requirements based on stream_info.filterState.
    FilterStateRuleOrBuilder
    getFilterStateRulesOrBuilder()
    This message specifies Jwt requirements based on stream_info.filterState.
    Map<String,JwtProvider>
    getProviders()
    Deprecated.
    int
    getProvidersCount()
    Map of provider names to JwtProviders. .. code-block:: yaml providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: provider2 local_jwks: inline_string: jwks_string
    Map<String,JwtProvider>
    getProvidersMap()
    Map of provider names to JwtProviders. .. code-block:: yaml providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: provider2 local_jwks: inline_string: jwks_string
    JwtProvider
    getProvidersOrDefault(String key, JwtProvider defaultValue)
    Map of provider names to JwtProviders. .. code-block:: yaml providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: provider2 local_jwks: inline_string: jwks_string
    JwtProvider
    getProvidersOrThrow(String key)
    Map of provider names to JwtProviders. .. code-block:: yaml providers: provider1: issuer: issuer1 audiences: - audience1 - audience2 remote_jwks: http_uri: uri: https://example.com/.well-known/jwks.json cluster: example_jwks_cluster timeout: 1s provider2: issuer: provider2 local_jwks: inline_string: jwks_string
    Map<String,JwtRequirement>
    getRequirementMap()
    Deprecated.
    int
    getRequirementMapCount()
    A map of unique requirement_names to JwtRequirements.
    Map<String,JwtRequirement>
    getRequirementMapMap()
    A map of unique requirement_names to JwtRequirements.
    JwtRequirement
    getRequirementMapOrDefault(String key, JwtRequirement defaultValue)
    A map of unique requirement_names to JwtRequirements.
    JwtRequirement
    getRequirementMapOrThrow(String key)
    A map of unique requirement_names to JwtRequirements.
    RequirementRule
    getRules(int index)
    Specifies requirements based on the route matches.
    int
    getRulesCount()
    Specifies requirements based on the route matches.
    List<RequirementRule>
    getRulesList()
    Specifies requirements based on the route matches.
    RequirementRuleOrBuilder
    getRulesOrBuilder(int index)
    Specifies requirements based on the route matches.
    List<? extends RequirementRuleOrBuilder>
    getRulesOrBuilderList()
    Specifies requirements based on the route matches.
    String
    getStatPrefix()
    Optional additional prefix to use when emitting statistics.
    com.google.protobuf.ByteString
    getStatPrefixBytes()
    Optional additional prefix to use when emitting statistics.
    boolean
    getStripFailureResponse()
    A request failing the verification process will receive a 401 downstream with the failure response details in the body along with WWWAuthenticate header value set with "invalid token".
    boolean
    hasFilterStateRules()
    This message specifies Jwt requirements based on stream_info.filterState.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • getProvidersCount

      int getProvidersCount()
       Map of provider names to JwtProviders.

 .. code-block:: yaml

   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;

    • containsProviders

      boolean containsProviders(String key)
       Map of provider names to JwtProviders.

 .. code-block:: yaml

   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;

    • getProviders

      @Deprecated Map<String,JwtProvider> getProviders()
      Deprecated.
      Use getProvidersMap() instead.

    • getProvidersMap

      Map<String,JwtProvider> getProvidersMap()
       Map of provider names to JwtProviders.

 .. code-block:: yaml

   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;

    • getProvidersOrDefault

      JwtProvider getProvidersOrDefault(String key, JwtProvider defaultValue)
       Map of provider names to JwtProviders.

 .. code-block:: yaml

   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;

    • getProvidersOrThrow

      JwtProvider getProvidersOrThrow(String key)
       Map of provider names to JwtProviders.

 .. code-block:: yaml

   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;

    • getRulesList

      List<RequirementRule> getRulesList()
       Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.

 Examples

 .. code-block:: yaml

   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
      repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;

    • getRules

      RequirementRule getRules(int index)
       Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.

 Examples

 .. code-block:: yaml

   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
      repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;

    • getRulesCount

      int getRulesCount()
       Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.

 Examples

 .. code-block:: yaml

   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
      repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;

    • getRulesOrBuilderList

      List<? extends RequirementRuleOrBuilder> getRulesOrBuilderList()
       Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.

 Examples

 .. code-block:: yaml

   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
      repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;

    • getRulesOrBuilder

      RequirementRuleOrBuilder getRulesOrBuilder(int index)
       Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.

 Examples

 .. code-block:: yaml

   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
      repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;

    • hasFilterStateRules

      boolean hasFilterStateRules()
       This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
      .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;
      Returns:
      Whether the filterStateRules field is set.

    • getFilterStateRules

      FilterStateRule getFilterStateRules()
       This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
      .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;
      Returns:
      The filterStateRules.

    • getFilterStateRulesOrBuilder

      FilterStateRuleOrBuilder getFilterStateRulesOrBuilder()
       This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
      .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;

    • getBypassCorsPreflight

      boolean getBypassCorsPreflight()
       When set to true, bypass the `CORS preflight request
 <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT
 requirements specified in the rules.
      bool bypass_cors_preflight = 4;
      Returns:
      The bypassCorsPreflight.

    • getRequirementMapCount

      int getRequirementMapCount()
       A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;

    • containsRequirementMap

      boolean containsRequirementMap(String key)
       A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;

    • getRequirementMap

      @Deprecated Map<String,JwtRequirement> getRequirementMap()
      Deprecated.
      Use getRequirementMapMap() instead.

    • getRequirementMapMap

      Map<String,JwtRequirement> getRequirementMapMap()
       A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;

    • getRequirementMapOrDefault

      JwtRequirement getRequirementMapOrDefault(String key, JwtRequirement defaultValue)
       A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;

    • getRequirementMapOrThrow

      JwtRequirement getRequirementMapOrThrow(String key)
       A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
      map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;

    • getStripFailureResponse

      boolean getStripFailureResponse()
       A request failing the verification process will receive a 401 downstream with the failure response details
 in the body along with WWWAuthenticate header value set with "invalid token". If this value is set to true,
 the response details will be stripped and only a 401 response code will be returned. Default value is false
      bool strip_failure_response = 6;
      Returns:
      The stripFailureResponse.

    • getStatPrefix

      String getStatPrefix()
       Optional additional prefix to use when emitting statistics.
      string stat_prefix = 7;
      Returns:
      The statPrefix.

    • getStatPrefixBytes

      com.google.protobuf.ByteString getStatPrefixBytes()
       Optional additional prefix to use when emitting statistics.
      string stat_prefix = 7;
      Returns:
      The bytes for statPrefix.