Package io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3

Class JwtAuthentication

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, JwtAuthenticationOrBuilder, Serializable
    public final class JwtAuthentication
extends com.google.protobuf.GeneratedMessageV3
implements JwtAuthenticationOrBuilder
     This is the Envoy HTTP filter config for JWT authentication.
 For example:
 .. code-block:: yaml
   providers:
      provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: issuer2
        local_jwks:
          inline_string: jwks_string
   rules:
      # Not jwt verification is required for /health path
      - match:
          prefix: /health
      # Jwt verification for provider1 is required for path prefixed with "prefix"
      - match:
          prefix: /prefix
        requires:
          provider_name: provider1
      # Jwt verification for either provider1 or provider2 is required for all other requests.
      - match:
          prefix: /
        requires:
          requires_any:
            requirements:
              - provider_name: provider1
              - provider_name: provider2
 [#next-free-field: 6]
    Protobuf type envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
    See Also:
    Serialized Form

    • Field Detail

      • FILTER_STATE_RULES_FIELD_NUMBER

        public static final int FILTER_STATE_RULES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • BYPASS_CORS_PREFLIGHT_FIELD_NUMBER

        public static final int BYPASS_CORS_PREFLIGHT_FIELD_NUMBER
        See Also:
        Constant Field Values

      • REQUIREMENT_MAP_FIELD_NUMBER

        public static final int REQUIREMENT_MAP_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetMapField

        protected com.google.protobuf.MapField internalGetMapField​(int number)
        Overrides:
        internalGetMapField in class com.google.protobuf.GeneratedMessageV3

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getProvidersCount

        public int getProvidersCount()
        Description copied from interface: JwtAuthenticationOrBuilder
         Map of provider names to JwtProviders.
 .. code-block:: yaml
   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;
        Specified by:
        getProvidersCount in interface JwtAuthenticationOrBuilder

      • containsProviders

        public boolean containsProviders​(String key)
         Map of provider names to JwtProviders.
 .. code-block:: yaml
   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;
        Specified by:
        containsProviders in interface JwtAuthenticationOrBuilder

      • getProvidersMap

        public Map<String,​JwtProvider> getProvidersMap()
         Map of provider names to JwtProviders.
 .. code-block:: yaml
   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;
        Specified by:
        getProvidersMap in interface JwtAuthenticationOrBuilder

      • getProvidersOrDefault

        public JwtProvider getProvidersOrDefault​(String key,
                                         JwtProvider defaultValue)
         Map of provider names to JwtProviders.
 .. code-block:: yaml
   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;
        Specified by:
        getProvidersOrDefault in interface JwtAuthenticationOrBuilder

      • getProvidersOrThrow

        public JwtProvider getProvidersOrThrow​(String key)
         Map of provider names to JwtProviders.
 .. code-block:: yaml
   providers:
     provider1:
        issuer: issuer1
        audiences:
        - audience1
        - audience2
        remote_jwks:
          http_uri:
            uri: https://example.com/.well-known/jwks.json
            cluster: example_jwks_cluster
            timeout: 1s
      provider2:
        issuer: provider2
        local_jwks:
          inline_string: jwks_string
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtProvider> providers = 1;
        Specified by:
        getProvidersOrThrow in interface JwtAuthenticationOrBuilder

      • getRulesList

        public List<RequirementRule> getRulesList()
         Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.
 Examples
 .. code-block:: yaml
   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
        repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;
        Specified by:
        getRulesList in interface JwtAuthenticationOrBuilder

      • getRulesOrBuilderList

        public List<? extends RequirementRuleOrBuilder> getRulesOrBuilderList()
         Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.
 Examples
 .. code-block:: yaml
   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
        repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;
        Specified by:
        getRulesOrBuilderList in interface JwtAuthenticationOrBuilder

      • getRulesCount

        public int getRulesCount()
         Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.
 Examples
 .. code-block:: yaml
   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
        repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;
        Specified by:
        getRulesCount in interface JwtAuthenticationOrBuilder

      • getRules

        public RequirementRule getRules​(int index)
         Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.
 Examples
 .. code-block:: yaml
   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
        repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;
        Specified by:
        getRules in interface JwtAuthenticationOrBuilder

      • getRulesOrBuilder

        public RequirementRuleOrBuilder getRulesOrBuilder​(int index)
         Specifies requirements based on the route matches. The first matched requirement will be
 applied. If there are overlapped match conditions, please put the most specific match first.
 Examples
 .. code-block:: yaml
   rules:
     - match:
         prefix: /healthz
     - match:
         prefix: /baz
       requires:
         provider_name: provider1
     - match:
         prefix: /foo
       requires:
         requires_any:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
     - match:
         prefix: /bar
       requires:
         requires_all:
           requirements:
             - provider_name: provider1
             - provider_name: provider2
        repeated .envoy.extensions.filters.http.jwt_authn.v3.RequirementRule rules = 2;
        Specified by:
        getRulesOrBuilder in interface JwtAuthenticationOrBuilder

      • hasFilterStateRules

        public boolean hasFilterStateRules()
         This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
        .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;
        Specified by:
        hasFilterStateRules in interface JwtAuthenticationOrBuilder
        Returns:
        Whether the filterStateRules field is set.

      • getFilterStateRules

        public FilterStateRule getFilterStateRules()
         This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
        .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;
        Specified by:
        getFilterStateRules in interface JwtAuthenticationOrBuilder
        Returns:
        The filterStateRules.

      • getFilterStateRulesOrBuilder

        public FilterStateRuleOrBuilder getFilterStateRulesOrBuilder()
         This message specifies Jwt requirements based on stream_info.filterState.
 Other HTTP filters can use it to specify Jwt requirements dynamically.
 The ``rules`` field above is checked first, if it could not find any matches,
 check this one.
        .envoy.extensions.filters.http.jwt_authn.v3.FilterStateRule filter_state_rules = 3;
        Specified by:
        getFilterStateRulesOrBuilder in interface JwtAuthenticationOrBuilder

      • getBypassCorsPreflight

        public boolean getBypassCorsPreflight()
         When set to true, bypass the `CORS preflight request
 <http://www.w3.org/TR/cors/#cross-origin-request-with-preflight>`_ regardless of JWT
 requirements specified in the rules.
        bool bypass_cors_preflight = 4;
        Specified by:
        getBypassCorsPreflight in interface JwtAuthenticationOrBuilder
        Returns:
        The bypassCorsPreflight.

      • getRequirementMapCount

        public int getRequirementMapCount()
        Description copied from interface: JwtAuthenticationOrBuilder
         A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;
        Specified by:
        getRequirementMapCount in interface JwtAuthenticationOrBuilder

      • containsRequirementMap

        public boolean containsRequirementMap​(String key)
         A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;
        Specified by:
        containsRequirementMap in interface JwtAuthenticationOrBuilder

      • getRequirementMapMap

        public Map<String,​JwtRequirement> getRequirementMapMap()
         A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;
        Specified by:
        getRequirementMapMap in interface JwtAuthenticationOrBuilder

      • getRequirementMapOrDefault

        public JwtRequirement getRequirementMapOrDefault​(String key,
                                                 JwtRequirement defaultValue)
         A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;
        Specified by:
        getRequirementMapOrDefault in interface JwtAuthenticationOrBuilder

      • getRequirementMapOrThrow

        public JwtRequirement getRequirementMapOrThrow​(String key)
         A map of unique requirement_names to JwtRequirements.
 :ref:`requirement_name <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.PerRouteConfig.requirement_name>`
 in ``PerRouteConfig`` uses this map to specify a JwtRequirement.
        map<string, .envoy.extensions.filters.http.jwt_authn.v3.JwtRequirement> requirement_map = 5;
        Specified by:
        getRequirementMapOrThrow in interface JwtAuthenticationOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static JwtAuthentication parseFrom​(ByteBuffer data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(ByteBuffer data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(com.google.protobuf.ByteString data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(com.google.protobuf.ByteString data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(byte[] data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(byte[] data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static JwtAuthentication parseFrom​(com.google.protobuf.CodedInputStream input,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws IOException
        Throws:
        IOException

      • newBuilderForType

        public JwtAuthentication.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public JwtAuthentication.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected JwtAuthentication.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<JwtAuthentication> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public JwtAuthentication getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder