private boolean validateSignature(JWSToken token) {
JWS jws = token.getJws();
JWSBuilder builder = new JWSBuilder();
List<String> roles = token.getRoles();
// List<String> groups = token.getGroups();
// List<String> permissions = token.getPermissions();
builder
.id(jws.getId())
.rsa256(privateKey)
.issuer(jws.getIssuer())
.issuedAt(jws.getIssuedAt())
.subject(jws.getSubject())
.expiration(jws.getExpiration())
.notBefore(jws.getNotBefore())
// .claim("group", groups.toArray(new String[groups.size()]))
.claim("role", roles.toArray(new String[roles.size()]));
// .claim("permission", permissions.toArray(new String[permissions.size()]));
JWSToken compareToken = new JWSToken(builder.build().encode());
return token.getToken().equals(compareToken.getToken());
}
protected Set<String> extractRoles(JWSToken token) {
return new LinkedHashSet<>(token.getRoles());
}
