Package io.strimzi.kafka.oauth.jsonpath

Class JsonPathFilterQuery

java.lang.Object

io.strimzi.kafka.oauth.jsonpath.JsonPathFilterQuery

public class JsonPathFilterQuery
extends Object

This class implements the support for JSONPath filter querying as implemented by: https://github.com/json-path/JsonPath Given the following content of the JWT token:

   {
     "aud": ["uma_authorization", "kafka"],
     "iss": "https://auth-server/sso",
     "iat": 0,
     "exp": 600,
     "sub": "username",
     "custom": "custom-value",
     "roles": {
       "client-roles": {
         "kafka": ["kafka-user"]
       }
     },
     "custom-level": 9
   }
 

Some examples of valid queries are:

   @.custom == 'custom-value'
   @.sub && @.custom == 'custom-value'
   @.custom == 'custom-value' || 'kafka' in @.aud
   @.custom == 'custom-value' && @.roles.client-roles.kafka
   @.['custom'] == 'custom-value'
   @.custom in ['custom-value','custom-value2','custom-value3']
   @.custom == 'custom-value' || @.custom == 'custom-value2' || @.custom == 'custom-value2'
   @.custom-level && @.custom-level nin [1,2,3]
   "kafka-user" in @.['roles'].['client-roles'].['kafka']
   @.roles.client-roles.kafka && "kafka-admin" nin @.roles.client-roles.kafka
   @.custom =~ /^CUSTOM-.+$/i
   @.custom == 'custom-value' && ('kafka' in @.aud || 'kafka-user' in @.roles.client-roles.kafka)
   @.custom =~ /^custom-.+/
   @.iss =~ /^https:\/\/auth-server\/.+/
   !@.internal_id
 

See Jayway JsonPath project for full syntax.

This class takes a JSONPath filter expression and rewrites it so it can be applied to the parsed JWT token as a filtering selector.

The query is rewritten into JSONPath as:

   $[*][?(QUERY)]
 

For example: '$[*][?(@.custom == 'custom value')]' The JWT token is wrapped into another JSON object as follows:

   {
       "token": {
         "sub": "username",
         "iss": "https://auth-server/sso",
         "custom": "custom value",
         ...
       }
   }
 

Usage:

   JsonPathFilterQuery query = new JsonPathFilterQuery("@.custom == 'value'");
   boolean match = query.matches(jsonObject);
 

Query is parsed in the first line and any error during parsing results in JsonPathQueryException. Matching is thread safe. The normal usage pattern is to initialise the JsonPathFilterQuery object once, and query it many times concurrently against json objects. In addition to filtering this helper can also be used to apply JsonPath query to extract a result containing the matching keys.

Method Summary

Modifier and Type	Method	Description
boolean	matches(com.fasterxml.jackson.databind.JsonNode jsonObject)	Match the json objects against the filter query.
static JsonPathFilterQuery	parse(String query)	Construct a new JsonPathFilterQuery
String	toString()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

parse

public static JsonPathFilterQuery parse(String query)

Construct a new JsonPathFilterQuery

Parameters:

query - The query using the JSONPath filter syntax

Returns:

New JsonPathFilerQuery instance

matches

public boolean matches(com.fasterxml.jackson.databind.JsonNode jsonObject)

Match the json objects against the filter query.

Parameters:

jsonObject - Jackson DataBind object

Returns:

true if the object matches the filter, false otherwise

toString

public String toString()

Overrides:

toString in class Object