feat: Add withValidatorCustomizer to AbstractTokenAuthenticator#1988
Closed
NiklasHerrmann21 wants to merge 1 commit into
Closed
feat: Add withValidatorCustomizer to AbstractTokenAuthenticator#1988NiklasHerrmann21 wants to merge 1 commit into
NiklasHerrmann21 wants to merge 1 commit into
Conversation
Lets callers register a Consumer<JwtValidatorBuilder> that receives the internally assembled builder just before build() is invoked. Mirrors the existing withValidationListener pattern (list semantics, applied in registration order). The motivation is to let stakeholders opt out of individual default checks (e.g. JwtValidatorBuilder#disableTenantIdCheck) without having to replicate the rest of the default validator setup. Replicating the defaults externally is brittle: it would drift as the internal defaults evolve, and those changes are hard to notice for downstream consumers. Three unit tests cover the new method: customizer is invoked, multiple customizers run in registration order, null is rejected.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Lets callers register a
Consumer<JwtValidatorBuilder>that receives the internally assembled builder just beforebuild()is invoked. Mirrors the existingwithValidationListenerpattern (list semantics, applied in registration order).Why
A stakeholder needs to disable the tenant id check (
JwtValidatorBuilder#disableTenantIdCheck) for their setup. Today the only way to do that is to construct their ownValidator<Token>entirely from scratch, which forces them to replicate the rest of the default validator setup and to track every future change to it — adjustments that internal-only refactors would happily make without anyone downstream noticing.The customizer-callback approach lets the library keep ownership of the default validator setup while giving callers a narrow, targeted hook to opt out of individual defaults.
Usage
Design notes
Consumer<JwtValidatorBuilder>over a custom interface — standard Java functional interface, no new abstraction, lambda/method-reference at the call site.withValidationListener, allows composition (e.g. a library layer and the app layer can each register their own customizer without overwriting each other).validationListenershave been registered on the builder, so a customizer can also remove/reorder listeners if it really needs to. In practice the expected use is one or twodisableX()calls.Test plan
mvn -pl java-security -am clean test— green;IasTokenAuthenticatorTestgoes from 6 → 9 testsmvn install -DskipTests(full repo compile) — greenFollow-up
A separate PR will mirror this change onto
main-3.x.