Package io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3

Class JwtRequirement.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>
io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, JwtRequirementOrBuilder, Cloneable
Enclosing class:
JwtRequirement
public static final class JwtRequirement.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder> implements JwtRequirementOrBuilder
 This message specifies a Jwt requirement. An empty message means JWT verification is not
 required. Here are some config examples:

 .. code-block:: yaml

  # Example 1: not required with an empty message

  # Example 2: require A
  provider_name: provider-A

  # Example 3: require A or B
  requires_any:
    requirements:
      - provider_name: provider-A
      - provider_name: provider-B

  # Example 4: require A and B
  requires_all:
    requirements:
      - provider_name: provider-A
      - provider_name: provider-B

  # Example 5: require A and (B or C)
  requires_all:
    requirements:
      - provider_name: provider-A
      - requires_any:
        requirements:
          - provider_name: provider-B
          - provider_name: provider-C

  # Example 6: require A or (B and C)
  requires_any:
    requirements:
      - provider_name: provider-A
      - requires_all:
        requirements:
          - provider_name: provider-B
          - provider_name: provider-C

  # Example 7: A is optional (if token from A is provided, it must be valid, but also allows
  missing token.)
  requires_any:
    requirements:
    - provider_name: provider-A
    - allow_missing: {}

  # Example 8: A is optional and B is required.
  requires_all:
    requirements:
    - requires_any:
        requirements:
        - provider_name: provider-A
        - allow_missing: {}
    - provider_name: provider-B

 [#next-free-field: 8]
Protobuf type envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • clear

      public JwtRequirement.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • getDefaultInstanceForType

      public JwtRequirement getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public JwtRequirement build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public JwtRequirement buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public JwtRequirement.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • setField

      public JwtRequirement.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • clearField

      public JwtRequirement.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • clearOneof

      public JwtRequirement.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • setRepeatedField

      public JwtRequirement.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • addRepeatedField

      public JwtRequirement.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • mergeFrom

      public JwtRequirement.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtRequirement.Builder>

    • mergeFrom

      public JwtRequirement.Builder mergeFrom(JwtRequirement other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • mergeFrom

      public JwtRequirement.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtRequirement.Builder>
      Throws:
      IOException

    • getRequiresTypeCase

      public JwtRequirement.RequiresTypeCase getRequiresTypeCase()
      Specified by:
      getRequiresTypeCase in interface JwtRequirementOrBuilder

    • clearRequiresType

      public JwtRequirement.Builder clearRequiresType()

    • hasProviderName

      public boolean hasProviderName()
       Specify a required provider name.
      string provider_name = 1;
      Specified by:
      hasProviderName in interface JwtRequirementOrBuilder
      Returns:
      Whether the providerName field is set.

    • getProviderName

      public String getProviderName()
       Specify a required provider name.
      string provider_name = 1;
      Specified by:
      getProviderName in interface JwtRequirementOrBuilder
      Returns:
      The providerName.

    • getProviderNameBytes

      public com.google.protobuf.ByteString getProviderNameBytes()
       Specify a required provider name.
      string provider_name = 1;
      Specified by:
      getProviderNameBytes in interface JwtRequirementOrBuilder
      Returns:
      The bytes for providerName.

    • setProviderName

      public JwtRequirement.Builder setProviderName(String value)
       Specify a required provider name.
      string provider_name = 1;
      Parameters:
      value - The providerName to set.
      Returns:
      This builder for chaining.

    • clearProviderName

      public JwtRequirement.Builder clearProviderName()
       Specify a required provider name.
      string provider_name = 1;
      Returns:
      This builder for chaining.

    • setProviderNameBytes

      public JwtRequirement.Builder setProviderNameBytes(com.google.protobuf.ByteString value)
       Specify a required provider name.
      string provider_name = 1;
      Parameters:
      value - The bytes for providerName to set.
      Returns:
      This builder for chaining.

    • hasProviderAndAudiences

      public boolean hasProviderAndAudiences()
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;
      Specified by:
      hasProviderAndAudiences in interface JwtRequirementOrBuilder
      Returns:
      Whether the providerAndAudiences field is set.

    • getProviderAndAudiences

      public ProviderWithAudiences getProviderAndAudiences()
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;
      Specified by:
      getProviderAndAudiences in interface JwtRequirementOrBuilder
      Returns:
      The providerAndAudiences.

    • setProviderAndAudiences

      public JwtRequirement.Builder setProviderAndAudiences(ProviderWithAudiences value)
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;

    • setProviderAndAudiences

      public JwtRequirement.Builder setProviderAndAudiences(ProviderWithAudiences.Builder builderForValue)
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;

    • mergeProviderAndAudiences

      public JwtRequirement.Builder mergeProviderAndAudiences(ProviderWithAudiences value)
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;

    • clearProviderAndAudiences

      public JwtRequirement.Builder clearProviderAndAudiences()
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;

    • getProviderAndAudiencesBuilder

      public ProviderWithAudiences.Builder getProviderAndAudiencesBuilder()
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;

    • getProviderAndAudiencesOrBuilder

      public ProviderWithAudiencesOrBuilder getProviderAndAudiencesOrBuilder()
       Specify a required provider with audiences.
      .envoy.extensions.filters.http.jwt_authn.v3.ProviderWithAudiences provider_and_audiences = 2;
      Specified by:
      getProviderAndAudiencesOrBuilder in interface JwtRequirementOrBuilder

    • hasRequiresAny

      public boolean hasRequiresAny()
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;
      Specified by:
      hasRequiresAny in interface JwtRequirementOrBuilder
      Returns:
      Whether the requiresAny field is set.

    • getRequiresAny

      public JwtRequirementOrList getRequiresAny()
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;
      Specified by:
      getRequiresAny in interface JwtRequirementOrBuilder
      Returns:
      The requiresAny.

    • setRequiresAny

      public JwtRequirement.Builder setRequiresAny(JwtRequirementOrList value)
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;

    • setRequiresAny

      public JwtRequirement.Builder setRequiresAny(JwtRequirementOrList.Builder builderForValue)
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;

    • mergeRequiresAny

      public JwtRequirement.Builder mergeRequiresAny(JwtRequirementOrList value)
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;

    • clearRequiresAny

      public JwtRequirement.Builder clearRequiresAny()
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;

    • getRequiresAnyBuilder

      public JwtRequirementOrList.Builder getRequiresAnyBuilder()
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;

    • getRequiresAnyOrBuilder

      public JwtRequirementOrListOrBuilder getRequiresAnyOrBuilder()
       Specify list of JwtRequirement. Their results are OR-ed.
 If any one of them passes, the result is passed.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementOrList requires_any = 3;
      Specified by:
      getRequiresAnyOrBuilder in interface JwtRequirementOrBuilder

    • hasRequiresAll

      public boolean hasRequiresAll()
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;
      Specified by:
      hasRequiresAll in interface JwtRequirementOrBuilder
      Returns:
      Whether the requiresAll field is set.

    • getRequiresAll

      public JwtRequirementAndList getRequiresAll()
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;
      Specified by:
      getRequiresAll in interface JwtRequirementOrBuilder
      Returns:
      The requiresAll.

    • setRequiresAll

      public JwtRequirement.Builder setRequiresAll(JwtRequirementAndList value)
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;

    • setRequiresAll

      public JwtRequirement.Builder setRequiresAll(JwtRequirementAndList.Builder builderForValue)
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;

    • mergeRequiresAll

      public JwtRequirement.Builder mergeRequiresAll(JwtRequirementAndList value)
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;

    • clearRequiresAll

      public JwtRequirement.Builder clearRequiresAll()
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;

    • getRequiresAllBuilder

      public JwtRequirementAndList.Builder getRequiresAllBuilder()
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;

    • getRequiresAllOrBuilder

      public JwtRequirementAndListOrBuilder getRequiresAllOrBuilder()
       Specify list of JwtRequirement. Their results are AND-ed.
 All of them must pass, if one of them fails or missing, it fails.
      .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirementAndList requires_all = 4;
      Specified by:
      getRequiresAllOrBuilder in interface JwtRequirementOrBuilder

    • hasAllowMissingOrFailed

      public boolean hasAllowMissingOrFailed()
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;
      Specified by:
      hasAllowMissingOrFailed in interface JwtRequirementOrBuilder
      Returns:
      Whether the allowMissingOrFailed field is set.

    • getAllowMissingOrFailed

      public com.google.protobuf.Empty getAllowMissingOrFailed()
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;
      Specified by:
      getAllowMissingOrFailed in interface JwtRequirementOrBuilder
      Returns:
      The allowMissingOrFailed.

    • setAllowMissingOrFailed

      public JwtRequirement.Builder setAllowMissingOrFailed(com.google.protobuf.Empty value)
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;

    • setAllowMissingOrFailed

      public JwtRequirement.Builder setAllowMissingOrFailed(com.google.protobuf.Empty.Builder builderForValue)
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;

    • mergeAllowMissingOrFailed

      public JwtRequirement.Builder mergeAllowMissingOrFailed(com.google.protobuf.Empty value)
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;

    • clearAllowMissingOrFailed

      public JwtRequirement.Builder clearAllowMissingOrFailed()
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;

    • getAllowMissingOrFailedBuilder

      public com.google.protobuf.Empty.Builder getAllowMissingOrFailedBuilder()
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;

    • getAllowMissingOrFailedOrBuilder

      public com.google.protobuf.EmptyOrBuilder getAllowMissingOrFailedOrBuilder()
       The requirement is always satisfied even if JWT is missing or the JWT
 verification fails. A typical usage is: this filter is used to only verify
 JWTs and pass the verified JWT payloads to another filter, the other filter
 will make decision. In this mode, all JWTs will be verified.
      .google.protobuf.Empty allow_missing_or_failed = 5;
      Specified by:
      getAllowMissingOrFailedOrBuilder in interface JwtRequirementOrBuilder

    • hasAllowMissing

      public boolean hasAllowMissing()
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;
      Specified by:
      hasAllowMissing in interface JwtRequirementOrBuilder
      Returns:
      Whether the allowMissing field is set.

    • getAllowMissing

      public com.google.protobuf.Empty getAllowMissing()
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;
      Specified by:
      getAllowMissing in interface JwtRequirementOrBuilder
      Returns:
      The allowMissing.

    • setAllowMissing

      public JwtRequirement.Builder setAllowMissing(com.google.protobuf.Empty value)
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;

    • setAllowMissing

      public JwtRequirement.Builder setAllowMissing(com.google.protobuf.Empty.Builder builderForValue)
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;

    • mergeAllowMissing

      public JwtRequirement.Builder mergeAllowMissing(com.google.protobuf.Empty value)
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;

    • clearAllowMissing

      public JwtRequirement.Builder clearAllowMissing()
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;

    • getAllowMissingBuilder

      public com.google.protobuf.Empty.Builder getAllowMissingBuilder()
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;

    • getAllowMissingOrBuilder

      public com.google.protobuf.EmptyOrBuilder getAllowMissingOrBuilder()
       The requirement is satisfied if JWT is missing, but failed if JWT is
 presented but invalid. Similar to allow_missing_or_failed, this is used
 to only verify JWTs and pass the verified payload to another filter. The
 different is this mode will reject requests with invalid tokens.
      .google.protobuf.Empty allow_missing = 6;
      Specified by:
      getAllowMissingOrBuilder in interface JwtRequirementOrBuilder

    • hasExtractOnlyWithoutValidation

      public boolean hasExtractOnlyWithoutValidation()
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;
      Specified by:
      hasExtractOnlyWithoutValidation in interface JwtRequirementOrBuilder
      Returns:
      Whether the extractOnlyWithoutValidation field is set.

    • getExtractOnlyWithoutValidation

      public ExtractOnlyWithoutValidation getExtractOnlyWithoutValidation()
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;
      Specified by:
      getExtractOnlyWithoutValidation in interface JwtRequirementOrBuilder
      Returns:
      The extractOnlyWithoutValidation.

    • setExtractOnlyWithoutValidation

      public JwtRequirement.Builder setExtractOnlyWithoutValidation(ExtractOnlyWithoutValidation value)
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;

    • setExtractOnlyWithoutValidation

      public JwtRequirement.Builder setExtractOnlyWithoutValidation(ExtractOnlyWithoutValidation.Builder builderForValue)
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;

    • mergeExtractOnlyWithoutValidation

      public JwtRequirement.Builder mergeExtractOnlyWithoutValidation(ExtractOnlyWithoutValidation value)
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;

    • clearExtractOnlyWithoutValidation

      public JwtRequirement.Builder clearExtractOnlyWithoutValidation()
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;

    • getExtractOnlyWithoutValidationBuilder

      public ExtractOnlyWithoutValidation.Builder getExtractOnlyWithoutValidationBuilder()
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;

    • getExtractOnlyWithoutValidationOrBuilder

      public ExtractOnlyWithoutValidationOrBuilder getExtractOnlyWithoutValidationOrBuilder()
       Extract JWT claims without performing signature validation.
 This mode will decode the JWT, extract claims, and forward them as
 configured (via claim_to_headers, forward_payload_header, etc.) but
 will NOT verify the JWT signature against JWKS.

 .. warning::

    This mode does not verify JWT authenticity. Use only in scenarios where:

    - JWTs come from a trusted source (e.g., internal service mesh)
    - Signature verification is performed elsewhere in the request path
    - You are in a testing period and the token issuer doesn't support JWKS yet

 This mode will:

 * Decode the JWT header and payload
 * Extract claims and forward them as headers
 * Always return success (Status::Ok) regardless of JWT validity
 * Log when extraction occurs

 This mode will NOT:

 * Verify the JWT signature
 * Validate the (issuer) claim
 * Validate the (audience) claim
 * Check not-before time (nbf claim)
      .envoy.extensions.filters.http.jwt_authn.v3.ExtractOnlyWithoutValidation extract_only_without_validation = 7;
      Specified by:
      getExtractOnlyWithoutValidationOrBuilder in interface JwtRequirementOrBuilder

    • setUnknownFields

      public final JwtRequirement.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>

    • mergeUnknownFields

      public final JwtRequirement.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtRequirement.Builder>