Package dev.relism.flash.ext.oidc

Class ClaimsHolder

java.lang.Object

dev.relism.flash.ext.oidc.ClaimsHolder

public final class ClaimsHolder
extends Object

Thread-local store for JWT claims, populated by the OIDC middleware before the handler runs and cleared in the finally block afterward.

Safe with virtual threads: each request gets its own virtual thread, so ThreadLocal values are naturally isolated per request.

 // Inside any handler protected by @Authenticated or @RolesAllowed:

 // Preferred — typed wrapper:
 OidcUser user = ClaimsHolder.user();
 String email  = user.email();
 List<String> roles = user.roles("realm_access.roles");

 // Raw escape hatch:
 Map<String, Object> all = ClaimsHolder.get();
 

Method Summary

Modifier and Type	Method	Description
static String	claim(String key)	Returns the value of a single claim as a String, or null if the claim is absent or the request is not authenticated.
static Map<String,Object>	get()	Returns the raw claims map for the current request, or null if the route is not protected by OIDC middleware.
static OidcUser	user()	Returns a type-safe OidcUser view of the current request's claims, or null if the route is not protected by OIDC middleware.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

user

public static OidcUser user()

Returns a type-safe OidcUser view of the current request's claims, or null if the route is not protected by OIDC middleware.

This is the preferred entry point for both lambda and class-based handlers.

get

public static Map<String,Object> get()

Returns the raw claims map for the current request, or null if the route is not protected by OIDC middleware.

See Also:

• for the preferred type-safe accessor

claim

public static String claim(String key)

Returns the value of a single claim as a String, or null if the claim is absent or the request is not authenticated.