RSA and OpenID Connect support

This is a major release with new features and breaking changes:

New features

Along with HMAC signed tokens, now you can:

• verify RSA signed tokens, validated against a keystore containing a valid public key.
• verify OpenID Connect ID Tokens, validated against public keys downloaded from a valid JWKS uri.

Breaking changes

• upgrade Java version to 8
• JwtTokenVerifier: changed package and removed some methods in favour of JwtAdapter
• JwtTokenBuilder: removed some methods
• JwtTokenValve: now is abstract. You can choose between two implementations: HmacJwtTokenValve (compatible with previous version) and RsaJwtTokenValve, depending on your signing method

Dependency upgrade and refactoring

• Java JWT library upgraded to 3.8.2: please note that this upgrade doesn't include its dependencies inside jar like version 2.x used to do; see readme for java-jwt dependencies
• Deprecated several methods in JwtTokenBuilder class due to possible misleading behaviour

1.1.0

Upgrades and new feature

• Upgraded java-jwt dependency to 2.1.0
• Added parameter "updateExpire" on Valve to send expire time updated token on each request

Authentication via cookie

Thanks to pull request of @ssblanco, now Tomcat Valve can handle authentication via cookie. See readme for further details.

This version updates dependency of java-jwt library to 2.3.0

Bugfix

Fixed 'nbf' claim evaluation on updating token for Tomcat 8

Bugfix

Fixed 'nbf' claim evaluation on updating token for Tomcat 7

Tomcat 8 now supported

Tomcat 8 moved SecurityConstraint package: this major release support the latest version of Tomcat. This new version is not compatible with Tomcat 7.