tessl/maven-io-jsonwebtoken--jjwt-impl
JJWT Implementation module providing concrete implementations of JSON Web Token (JWT) creation, parsing, verification, and cryptographic operations for Java and Android applications.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-io-jsonwebtoken--jjwt-impl@0.12.0index.mddocs/
JJWT Implementation Module
The JJWT Implementation module (io.jsonwebtoken:jjwt-impl) provides concrete implementations of JSON Web Token (JWT) creation, parsing, verification, and cryptographic operations for Java and Android applications. This module works in conjunction with the JJWT API module to deliver a complete JWT/JWS/JWE solution.
Package Information
| Property | Value |
|---|---|
| Package Name | io.jsonwebtoken:jjwt-impl |
| Type | Maven Dependency |
| Language | Java |
| Version | 0.12.6 |
| License | Apache 2.0 |
| JDK Support | Java 8+ |
Core Imports
Maven Dependency
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.12.6</version>
<scope>runtime</scope>
</dependency>
<!-- Also include the API module -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.12.6</version>
</dependency>Java Imports
// Core JWT Operations
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
// Token Types
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwe;
import io.jsonwebtoken.Claims;
// Security
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecureDigestAlgorithm;
import io.jsonwebtoken.security.AeadAlgorithm;
import io.jsonwebtoken.security.KeyAlgorithm;
// JWK Support
import io.jsonwebtoken.security.Jwk;
import io.jsonwebtoken.security.JwkSet;
// Standard Java
import javax.crypto.SecretKey;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;Basic Usage
Creating JWTs
// Create a secret key for HMAC signing
SecretKey key = Jwts.SIG.HS256.key().build();
// Create a simple JWT with claims
String jwt = Jwts.builder()
.subject("john.doe")
.issuer("my-app")
.issuedAt(new Date())
.expiration(new Date(System.currentTimeMillis() + 3600000)) // 1 hour
.signWith(key)
.compact();
// Create a JWT with custom claims
String customJwt = Jwts.builder()
.claims()
.subject("user123")
.add("role", "admin")
.add("permissions", Arrays.asList("read", "write"))
.and()
.signWith(key)
.compact();Parsing JWTs
// Parse and verify a signed JWT
JwtParser parser = Jwts.parser()
.verifyWith(key)
.build();
Jws<Claims> jws = parser.parseSignedClaims(jwt);
Claims claims = jws.getPayload();
String subject = claims.getSubject();
String issuer = claims.getIssuer();
Date expiration = claims.getExpiration();
// Access custom claims
String role = claims.get("role", String.class);
List<String> permissions = claims.get("permissions", List.class);Algorithm Usage
// Use different signature algorithms
SecretKey hmacKey = Jwts.SIG.HS512.key().build();
KeyPair rsaKeyPair = Jwts.SIG.RS256.keyPair().build();
KeyPair ecKeyPair = Jwts.SIG.ES256.keyPair().build();
// Create JWS with different algorithms
String hmacJwt = Jwts.builder()
.subject("user")
.signWith(hmacKey, Jwts.SIG.HS512)
.compact();
String rsaJwt = Jwts.builder()
.subject("user")
.signWith(rsaKeyPair.getPrivate(), Jwts.SIG.RS256)
.compact();
// Parse with corresponding verification keys
Jws<Claims> hmacClaims = Jwts.parser()
.verifyWith(hmacKey)
.build()
.parseSignedClaims(hmacJwt);
Jws<Claims> rsaClaims = Jwts.parser()
.verifyWith(rsaKeyPair.getPublic())
.build()
.parseSignedClaims(rsaJwt);Architecture
The JJWT Implementation module is organized into several key packages:
Core Implementation (io.jsonwebtoken.impl)
- DefaultJwtBuilder: Main JWT/JWS/JWE creation factory
- DefaultJwtParserBuilder: Parser configuration factory
- DefaultJwtParser: JWT/JWS/JWE parsing engine
- Token Models: DefaultJwt, DefaultJws, DefaultJwe implementations
- Header/Claims Builders: Type-safe construction utilities
Security Package (io.jsonwebtoken.impl.security)
- Algorithm Registries: Signature, encryption, key management algorithms
- JWK Implementation: JSON Web Key parsing, building, operations
- Key Generation: Symmetric and asymmetric key creation utilities
- Cryptographic Support: JCA provider abstractions and security utilities
Compression Package (io.jsonwebtoken.impl.compression)
- DEFLATE Algorithm: RFC 1951 standard compression
- GZIP Algorithm: Common extension compression format
- Abstract Base: Extensible compression algorithm framework
I/O and Utilities
- Base64URL Codec: RFC 4648 compliant encoding/decoding
- Stream Processing: Memory-efficient payload handling
- Service Discovery: Plugin architecture support
- Parameter Validation: Type-safe configuration utilities
Capabilities
JWT Building
Comprehensive JWT, JWS, and JWE token creation with the DefaultJwtBuilder class.
// Quick example - full JWT creation with encryption
SecretKey encKey = Jwts.ENC.A256GCM.key().build();
SecretKey kekKey = Jwts.KEY.A256KW.key().build();
String jwe = Jwts.builder()
.subject("sensitive-user")
.claim("ssn", "123-45-6789")
.encryptWith(kekKey, Jwts.KEY.A256KW, Jwts.ENC.A256GCM)
.compact();JWT Parsing
Flexible JWT, JWS, and JWE token parsing and validation with DefaultJwtParser.
// Quick example - parsing with clock skew tolerance
JwtParser parser = Jwts.parser()
.decryptWith(kekKey)
.clockSkewSeconds(30) // Allow 30 seconds clock skew
.build();
Jwe<Claims> jwe = parser.parseEncryptedClaims(encryptedJwt);Security Algorithms
Complete JWA-compliant algorithm implementations for signatures, encryption, and key management.
// Quick example - algorithm discovery and key generation
SecureDigestAlgorithm<?, ?> signAlg = Jwts.SIG.get().forKey(someKey);
SecretKey newKey = signAlg.key().build();JWK Support
Full JSON Web Key (JWK) and JWK Set functionality with RFC 7517 compliance.
// Quick example - JWK creation and parsing
Jwk<SecretKey> jwk = Jwts.JWK.builder(secretKey)
.id("my-key-1")
.operations().add("sign").add("verify").and()
.build();
String jwkJson = jwk.toJson();Compression
Payload compression support with DEFLATE and GZIP algorithms.
// Quick example - compressed JWT
String compressed = Jwts.builder()
.subject("user")
.claim("data", largeDataString)
.compressWith(Jwts.ZIP.DEF)
.signWith(key)
.compact();Utilities
Essential utilities including cryptographic key management, Base64URL encoding, stream processing, and service discovery.
// Quick example - secure key generation
SecretKey hmacKey = Keys.hmacShaKeyFor(secureRandomBytes);
Password password = Keys.password("secret".toCharArray());
// Base64URL operations
Base64UrlCodec codec = new Base64UrlCodec();
String encoded = codec.encode("Hello World");
byte[] decoded = codec.decode(encoded);Implementation Features
Key Characteristics
- Production Ready: Battle-tested implementation used by thousands of applications
- JCA Integration: Full Java Cryptography Architecture support with provider flexibility
- Memory Efficient: Stream-based processing for large payloads
- Extensible: Service provider interface for custom algorithms and components
- Type Safe: Generic type system prevents runtime class cast exceptions
- Secure by Default: Automatic key validation and algorithm selection
Performance Optimizations
- Algorithm Registries: Fast O(1) algorithm lookup by identifier
- Service Caching: Cached service discovery with lazy initialization
- Stream Processing: Avoids loading entire payloads into memory
- Base64URL: Optimized encoding/decoding without intermediate String creation
Security Features
- Key Strength Validation: Automatic validation of key lengths per algorithm
- Critical Header Parameters: Validation of critical extension parameters
- Clock Skew Tolerance: Configurable time-based claim validation
- JCA Provider Support: Pluggable cryptographic provider architecture
This implementation module provides the complete runtime functionality for JWT operations while maintaining clean separation from the API definitions, enabling flexible deployment and testing scenarios.