Jwt validation rework

Signed-off-by: David Kral <[email protected]>

security/jwt/src/main/java/io/helidon/security/jwt/Jwt.java

@@ -515,7 +515,6 @@ public static void addAudienceValidator(Collection<Validator<Jwt>> validators, S
      * @param validators collection of validators
      * @param audience   audience expected to be in the token
      * @param mandatory  whether the audience field is mandatory in the token
-     * @param scope      jwt scope
      */
     public static void addAudienceClaimValidator(Collection<ClaimValidator> validators, Set<String> audience, boolean mandatory) {
         validators.add(new AudienceValidator(audience, mandatory));
@@ -1014,16 +1013,16 @@ public JsonObject payloadJson() {
 
     /**
      * Validate this JWT against provided validators.
-     *
-     * This method does not work properly upon validation of the crit JWT header.
+     * <p>
+     * This method does not work properly upon validation of the {@code crit} JWT header.
      *
      * @param validators Validators to validate with. Obtain them through (e.g.) {@link #defaultTimeValidators()}
      *                   , {@link #addAudienceValidator(Collection, String, boolean)}
      *                   , {@link #addIssuerValidator(Collection, String, boolean)}
      * @return errors instance to check if valid and access error messages
      * @deprecated use {{@link #validateClaims(List)}} method instead
      */
-    @Deprecated(since = "4.0.11")
+    @Deprecated(since = "4.1.0", forRemoval = true)
     public Errors validate(List<Validator<Jwt>> validators) {
         Errors.Collector collector = Errors.collector();
         validators.forEach(it -> it.validate(this, collector));
@@ -2251,29 +2250,29 @@ public void validate(Jwt jwt, Errors.Collector collector, List<ClaimValidator> v
 
     private record AudienceValidator(Set<String> expectedAudience, boolean mandatory) implements ClaimValidator {
 
-            @Override
-            public JwtScope jwtScope() {
-                return JwtScope.PAYLOAD;
-            }
+        @Override
+        public JwtScope jwtScope() {
+            return JwtScope.PAYLOAD;
+        }
 
-            @Override
-            public Set<String> claims() {
-                return Set.of(AUDIENCE);
-            }
+        @Override
+        public Set<String> claims() {
+            return Set.of(AUDIENCE);
+        }
 
-            @Override
-            public void validate(Jwt jwt, Errors.Collector collector, List<ClaimValidator> validators) {
-                Optional<List<String>> jwtAudiences = jwt.audience();
-                if (jwtAudiences.isPresent()) {
-                    if (expectedAudience.stream().anyMatch(jwtAudiences.get()::contains)) {
-                        return;
-                    }
-                    collector.fatal(jwt, "Audience must contain " + expectedAudience + ", yet it is: " + jwtAudiences);
-                } else {
-                    if (mandatory) {
-                        collector.fatal(jwt, "Audience is expected to be: " + expectedAudience + ", yet no audience in JWT");
-                    }
+        @Override
+        public void validate(Jwt jwt, Errors.Collector collector, List<ClaimValidator> validators) {
+            Optional<List<String>> jwtAudiences = jwt.audience();
+            if (jwtAudiences.isPresent()) {
+                if (expectedAudience.stream().anyMatch(jwtAudiences.get()::contains)) {
+                    return;
+                }
+                collector.fatal(jwt, "Audience must contain " + expectedAudience + ", yet it is: " + jwtAudiences);
+            } else {
+                if (mandatory) {
+                    collector.fatal(jwt, "Audience is expected to be: " + expectedAudience + ", yet no audience in JWT");
                 }
             }
         }
+    }
 }