@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
RawAccessJwtToken rawAccessToken = (RawAccessJwtToken) authentication.getCredentials();
Jws<Claims> jwsClaims = rawAccessToken.parseClaims(jwtSettings.getTokenSigningKey());
String orgId = jwsClaims.getBody().getSubject();
String tenantId = jwsClaims.getBody().get("tenant", String.class);
List<String> scopes = jwsClaims.getBody().get("scopes", List.class);
List<GrantedAuthority> authorities = scopes.stream()
.map(authority -> new SimpleGrantedAuthority(authority))
.collect(Collectors.toList());
UserContext context = UserContext.create(tenantId, orgId, authorities);
return new JwtAuthenticationToken(context, context.getAuthorities());
}
java类io.jsonwebtoken.Jws的实例源码
JwtAuthenticationProvider.java 文件源码
项目:OpenLRW
阅读 29
收藏 0
点赞 0
评论 0
JwtService.java 文件源码
项目:nifi-registry
阅读 42
收藏 0
点赞 0
评论 0
public String getAuthenticationFromToken(final String base64EncodedToken) throws JwtException {
// The library representations of the JWT should be kept internal to this service.
try {
final Jws<Claims> jws = parseTokenFromBase64EncodedString(base64EncodedToken);
if (jws == null) {
throw new JwtException("Unable to parse token");
}
// Additional validation that subject is present
if (StringUtils.isEmpty(jws.getBody().getSubject())) {
throw new JwtException("No subject available in token");
}
// TODO: Validate issuer against active IdentityProvider?
if (StringUtils.isEmpty(jws.getBody().getIssuer())) {
throw new JwtException("No issuer available in token");
}
return jws.getBody().getSubject();
} catch (JwtException e) {
logger.debug("The Base64 encoded JWT: " + base64EncodedToken);
final String errorMessage = "There was an error validating the JWT";
logger.error(errorMessage, e);
throw e;
}
}
JwtService.java 文件源码
项目:nifi-registry
阅读 34
收藏 0
点赞 0
评论 0
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final String keyId = claims.get(KEY_ID_CLAIM, String.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
JwtTokenFactory.java 文件源码
项目:iotplatform
阅读 26
收藏 0
点赞 0
评论 0
public SecurityUser parseRefreshToken(RawAccessJwtToken rawAccessToken) {
Jws<Claims> jwsClaims = rawAccessToken.parseClaims(settings.getTokenSigningKey());
Claims claims = jwsClaims.getBody();
String subject = claims.getSubject();
List<String> scopes = claims.get(SCOPES, List.class);
if (scopes == null || scopes.isEmpty()) {
throw new IllegalArgumentException("Refresh Token doesn't have any scopes");
}
if (!scopes.get(0).equals(Authority.REFRESH_TOKEN.name())) {
throw new IllegalArgumentException("Invalid Refresh Token scope");
}
boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME,
subject);
SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
securityUser.setUserPrincipal(principal);
return securityUser;
}
LoginControllerIT.java 文件源码
项目:kanbanboard
阅读 21
收藏 0
点赞 0
评论 0
@Test
public void loginSuccessfullAdmin() throws Exception {
final UserLoginDto user = new UserLoginDto("admin", "admin");
final MvcResult result = mockMvc.perform(post(PREFIX + "/login")
.contentType(contentType).content(this.json(user)))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("token").exists())
.andReturn();
final String body = result.getResponse().getContentAsString();
final ObjectMapper mapper = new ObjectMapper();
final JsonNode node = mapper.readTree(body);
final String token = node.get("token").asText();
log.debug("Token: " + token);
final Jws<Claims> claims = Jwts.parser()
.setSigningKey(TEST_KEY)
.parseClaimsJws(token);
assertEquals("admin", claims.getBody().getSubject());
}
LoginControllerIT.java 文件源码
项目:kanbanboard
阅读 22
收藏 0
点赞 0
评论 0
@Test
public void loginSuccessfullUser() throws Exception {
final UserLoginDto user = new UserLoginDto("user", "user");
final MvcResult result = mockMvc.perform(post(PREFIX + "/login")
.contentType(contentType).content(this.json(user)))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("token").exists())
.andReturn();
final String body = result.getResponse().getContentAsString();
final ObjectMapper mapper = new ObjectMapper();
final JsonNode node = mapper.readTree(body);
final String token = node.get("token").asText();
log.debug("Token: " + token);
final Jws<Claims> claims = Jwts.parser()
.setSigningKey(TEST_KEY)
.parseClaimsJws(token);
assertEquals("user", claims.getBody().getSubject());
}
JsonWebTokenAuthenticationService.java 文件源码
项目:unity
阅读 25
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(final HttpServletRequest request) {
final String token = request.getHeader(authHeaderName);
final Optional<Jws<Claims>> tokenData = parseToken(token);
if (tokenData.isPresent()) {
try {
final User user = getUserFromToken(tokenData.get());
return new UserAuthentication(user);
} catch (UserNotFoundException e) {
log.warn(e.getMessage());
}
}
return null;
}
HonoSaslAuthenticatorFactory.java 文件源码
项目:hono
阅读 33
收藏 0
点赞 0
评论 0
@Override
public void authenticate(final JsonObject authRequest, final Handler<AsyncResult<HonoUser>> authenticationResultHandler) {
final DeliveryOptions options = new DeliveryOptions().setSendTimeout(AUTH_REQUEST_TIMEOUT_MILLIS);
vertx.eventBus().send(AuthenticationConstants.EVENT_BUS_ADDRESS_AUTHENTICATION_IN, authRequest, options, reply -> {
if (reply.succeeded()) {
JsonObject result = (JsonObject) reply.result().body();
String token = result.getString(AuthenticationConstants.FIELD_TOKEN);
log.debug("received token [length: {}] in response to authentication request", token.length());
try {
Jws<Claims> expandedToken = tokenValidator.expand(result.getString(AuthenticationConstants.FIELD_TOKEN));
authenticationResultHandler.handle(Future.succeededFuture(new HonoUserImpl(expandedToken, token)));
} catch (JwtException e) {
authenticationResultHandler.handle(Future.failedFuture(e));
}
} else {
authenticationResultHandler.handle(Future.failedFuture(reply.cause()));
}
});
}
PortalRequestService.java 文件源码
项目:Soffit
阅读 23
收藏 0
点赞 0
评论 0
public PortalRequest parsePortalRequest(String portalRequestToken) {
final Jws<Claims> claims = parseEncrypteToken(portalRequestToken, PortalRequest.class);
final String username = claims.getBody().getSubject();
// Properties
@SuppressWarnings("unchecked")
final Map<String,String> properties = (Map<String, String>) claims.getBody().get(JwtClaims.PROPERTIES.getName());
// Attributes
@SuppressWarnings("unchecked")
final Map<String,List<String>> attributes = (Map<String, List<String>>) claims.getBody().get(JwtClaims.ATTRIBUTES.getName());
// Parameters
@SuppressWarnings("unchecked")
final Map<String,List<String>> parameters = (Map<String, List<String>>) claims.getBody().get(JwtClaims.PARAMETERS.getName());
PortalRequest rslt = new PortalRequest(portalRequestToken, properties, attributes, parameters);
logger.debug("Produced the following PortalRequest for user '{}': {}", username, rslt);
return rslt;
}
JwtServiceImpl.java 文件源码
项目:adeptj-modules
阅读 28
收藏 0
点赞 0
评论 0
/**
* {@inheritDoc}
*/
@Override
public boolean verifyJwt(String jwt) {
boolean verified = false;
try {
Assert.hasText(jwt, "JWT can't be null or empty!!");
JwtParser jwtParser = Jwts.parser().requireIssuer(this.jwtConfig.issuer());
this.setSigningKey(jwtParser);
Jws<Claims> claimsJws = jwtParser.parseClaimsJws(jwt);
verified = !this.jwtConfig.validateClaims() ||
this.claimsValidator != null && this.claimsValidator.validate(claimsJws.getBody());
} catch (RuntimeException ex) {
// For reducing noise in the logs, set this config to false.
if (this.jwtConfig.printJwtExceptionTrace()) {
LOGGER.error(ex.getMessage(), ex);
} else {
LOGGER.error(ex.getMessage());
}
}
return verified;
}
JwtUtil.java 文件源码
项目:booktrackr
阅读 29
收藏 0
点赞 0
评论 0
public JwtAuthenticationToken tokenFromStringJwt(String rawJwt) {
DefaultJwtParser parser = ((DefaultJwtParser) Jwts.parser());
parser.setSigningKey(signingSecret);
try {
Jws<Claims> jws = parser.parseClaimsJws(rawJwt);
Claims claims = jws.getBody();
UUID userId = UUID.fromString((String) claims.get("user_id"));
String email = ((String) claims.get("email"));
Collection<? extends GrantedAuthority> roles = parseRolesFromClaims(claims);
return new JwtAuthenticationToken(userId, email, roles);
} catch (Exception e) {
log.info(String.format("Exception occurred parsing JWT [%s].\nException message: %s", rawJwt, e.getMessage()));
return null;
}
}
JwtTokenFactory.java 文件源码
项目:thingsboard
阅读 27
收藏 0
点赞 0
评论 0
public SecurityUser parseRefreshToken(RawAccessJwtToken rawAccessToken) {
Jws<Claims> jwsClaims = rawAccessToken.parseClaims(settings.getTokenSigningKey());
Claims claims = jwsClaims.getBody();
String subject = claims.getSubject();
List<String> scopes = claims.get(SCOPES, List.class);
if (scopes == null || scopes.isEmpty()) {
throw new IllegalArgumentException("Refresh Token doesn't have any scopes");
}
if (!scopes.get(0).equals(Authority.REFRESH_TOKEN.name())) {
throw new IllegalArgumentException("Invalid Refresh Token scope");
}
boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
securityUser.setUserPrincipal(principal);
return securityUser;
}
RSA256TokenParser.java 文件源码
项目:ameba-lib
阅读 26
收藏 0
点赞 0
评论 0
/**
* {@inheritDoc}
*/
@Override
public Jws<Claims> parse(String token, Asymmetric issuer) {
Jws<Claims> jws;
try {
Jwk jwk = jwkProvider.get(issuer.getKID());
byte[] publicKeyBytes = jwk.getPublicKey().getEncoded();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(keySpec);
jws = Jwts.parser()
.setAllowedClockSkewSeconds(issuer.getSkewSeconds())
.setSigningKey(pubKey)
.parseClaimsJws(token);
return jws;
} catch (Exception e) {
LOGGER.error(e.getMessage(), e);
throw new InvalidTokenException(e.getMessage());
}
}
CookieParser.java 文件源码
项目:mangooio
阅读 23
收藏 0
点赞 0
评论 0
@SuppressWarnings("unchecked")
public boolean hasValidSessionCookie() {
decrypt();
boolean valid = false;
if (StringUtils.isNotBlank(this.value)) {
try {
Jws<Claims> jwsClaims = Jwts.parser()
.setSigningKey(this.secret)
.parseClaimsJws(this.value);
Claims claims = jwsClaims.getBody();
Date expiration = claims.getExpiration();
if (expiration != null) {
this.sessionValues = claims.get(ClaimKey.DATA.toString(), Map.class);
this.authenticityToken = claims.get(ClaimKey.AUTHENTICITY.toString(), String.class);
this.expiresDate = dateToLocalDateTime(expiration);
valid = true;
}
} catch (Exception e) { //NOSONAR
LOG.error("Failed to parse JWS for seesion cookie", e);
}
}
return valid;
}
CookieParser.java 文件源码
项目:mangooio
阅读 25
收藏 0
点赞 0
评论 0
public boolean hasValidAuthenticationCookie() {
decrypt();
boolean valid = false;
if (StringUtils.isNotBlank(this.value)) {
try {
Jws<Claims> jwsClaims = Jwts.parser()
.setSigningKey(this.secret)
.parseClaimsJws(this.value);
Claims claims = jwsClaims.getBody();
Date expiration = claims.getExpiration();
if (expiration != null) {
this.authenticatedUser = claims.getSubject();
this.twoFactor = claims.get(ClaimKey.TWO_FACTOR.toString(), Boolean.class);
this.expiresDate = dateToLocalDateTime(expiration);
valid = true;
}
} catch (Exception e) { //NOSONAR
LOG.error("Failed to parse JWS for authentication cookie", e);
}
}
return valid;
}
SecurityServiceImpl.java 文件源码
项目:codekvast
阅读 26
收藏 0
点赞 0
评论 0
private Authentication toAuthentication(String token) throws AuthenticationException {
if (token == null || settings.isDemoMode()) {
return null;
}
int pos = token.startsWith(BEARER_) ? BEARER_.length() : 0;
try {
Jws<Claims> claims = Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token.substring(pos));
return new PreAuthenticatedAuthenticationToken(
Long.valueOf(claims.getBody().getSubject()),
WebappCredentials.builder()
.externalId(claims.getBody().getId())
.customerName(claims.getBody().get(JWT_CLAIM_CUSTOMER_NAME, String.class))
.email(claims.getBody().get(JWT_CLAIM_EMAIL, String.class))
.source(claims.getBody().get(JWT_CLAIM_SOURCE, String.class))
.build(),
USER_AUTHORITY);
} catch (Exception e) {
logger.debug("Failed to authenticate token: " + e);
return null;
}
}
JsonWebTokenAuthenticationService.java 文件源码
项目:Spring-Boot-MongoDB-JWT
阅读 28
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(final HttpServletRequest request) {
final String token = request.getHeader(SecurityConstants.AUTH_HEADER_NAME);
final Jws<Claims> tokenData = parseToken(token);
if (tokenData != null) {
User user = getUserFromToken(tokenData);
if (user != null) {
return new UserAuthentication(user);
}
}
return null;
}
JsonWebTokenAuthenticationService.java 文件源码
项目:Spring-Boot-MongoDB-JWT
阅读 25
收藏 0
点赞 0
评论 0
private Jws<Claims> parseToken(final String token) {
if (token != null) {
try {
return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException
| SignatureException | IllegalArgumentException e) {
return null;
}
}
return null;
}
JsonWebTokenAuthenticationService.java 文件源码
项目:Spring-Boot-MongoDB-JWT
阅读 22
收藏 0
点赞 0
评论 0
private User getUserFromToken(final Jws<Claims> tokenData) {
try {
return (User) userDetailsService
.loadUserByUsername(tokenData.getBody().get("username").toString());
} catch (UsernameNotFoundException e) {
throw new UserNotFoundException("User "
+ tokenData.getBody().get("username").toString() + " not found");
}
}
RawAccessJwtToken.java 文件源码
项目:OpenLRW
阅读 31
收藏 0
点赞 0
评论 0
/**
* Parses and validates JWT Token signature.
*
* @throws BadCredentialsException
* @throws JwtExpiredTokenException
*
*/
public Jws<Claims> parseClaims(String signingKey) {
try {
return Jwts.parser().setSigningKey(signingKey).parseClaimsJws(this.token);
} catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException | SignatureException ex) {
logger.error("Invalid JWT Token", ex);
throw new BadCredentialsException("Invalid JWT token: ", ex);
} catch (ExpiredJwtException expiredEx) {
logger.info("JWT Token is expired", expiredEx);
throw new JwtExpiredTokenException(this, "JWT Token expired", expiredEx);
}
}
RefreshToken.java 文件源码
项目:OpenLRW
阅读 23
收藏 0
点赞 0
评论 0
/**
* Creates and validates Refresh token
*
* @param token
* @param signingKey
*
* @throws BadCredentialsException
* @throws JwtExpiredTokenException
*
* @return
*/
public static Optional<RefreshToken> create(RawAccessJwtToken token, String signingKey) {
Jws<Claims> claims = token.parseClaims(signingKey);
List<String> scopes = claims.getBody().get("scopes", List.class);
if (scopes == null || scopes.isEmpty()
|| !scopes.stream().filter(scope -> Scopes.REFRESH_TOKEN.authority().equals(scope)).findFirst().isPresent()) {
return Optional.empty();
}
return Optional.of(new RefreshToken(claims));
}
JwtService.java 文件源码
项目:product-management-system
阅读 39
收藏 0
点赞 0
评论 0
private Authentication parseToken(final String token) {
final Jws<Claims> tokenData = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
final Authentication jwtAuth = getAuthenticationFromToken(tokenData);
if (Objects.isNull(jwtAuth)) {
return null;
}
return validatePasswordFromToken(tokenData, jwtAuth);
}
JwtService.java 文件源码
项目:product-management-system
阅读 29
收藏 0
点赞 0
评论 0
private Authentication validatePasswordFromToken(final Jws<Claims> tokenData, final Authentication jwtAuth) {
final String tokenPassword = tokenData.getBody().get("password").toString();
if(tokenPassword.equals(jwtAuth.getCredentials())) {
jwtAuth.setAuthenticated(true);
return jwtAuth;
}
return null;
}
TokenServiceTest.java 文件源码
项目:product-management-system
阅读 22
收藏 0
点赞 0
评论 0
private String modifyTokenExpirationTime(final String token) {
final Jws<Claims> tokenData = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
final JwtBuilder jwtBuilder = Jwts.builder();
final Calendar calendar = Calendar.getInstance();
jwtBuilder.setClaims(tokenData.getBody());
calendar.add(Calendar.MILLISECOND, 1);
jwtBuilder.setExpiration(calendar.getTime());
return jwtBuilder.signWith(SignatureAlgorithm.HS512, secretKey).compact();
}
TokenServiceTest.java 文件源码
项目:product-management-system
阅读 30
收藏 0
点赞 0
评论 0
private void validateTokenData(final String token, final User user) {
final Jws<Claims> tokenData = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
final String username = tokenData.getBody().get("username").toString();
final String password = tokenData.getBody().get("password").toString();
final User userFromToken = userService.findByUsername(username);
assertEquals(user.getUsername(), userFromToken.getUsername());
assertEquals(user.getPassword(), password);
}
RawAccessJwtToken.java 文件源码
项目:infotaf
阅读 27
收藏 0
点赞 0
评论 0
/**
* Parses and validates JWT Token signature.
*
* @throws BadCredentialsException
* @throws JwtExpiredTokenException
*
*/
public Jws<Claims> parseClaims(String signingKey) {
try {
return Jwts.parser().setSigningKey(signingKey).parseClaimsJws(this.token);
} catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException | SignatureException ex) {
logger.error("Invalid JWT Token", ex);
throw new BadCredentialsException("Invalid JWT token: ", ex);
} catch (ExpiredJwtException expiredEx) {
logger.info("JWT Token is expired", expiredEx);
throw new JwtExpiredTokenException(this, "JWT Token expired", expiredEx);
}
}
RefreshToken.java 文件源码
项目:infotaf
阅读 24
收藏 0
点赞 0
评论 0
/**
* Creates and validates Refresh token
*
* @param token
* @param signingKey
*
* @throws BadCredentialsException
* @throws JwtExpiredTokenException
*
* @return
*/
public static Optional<RefreshToken> create(RawAccessJwtToken token, String signingKey) {
Jws<Claims> claims = token.parseClaims(signingKey);
List<String> scopes = claims.getBody().get("scopes", List.class);
if (scopes == null || scopes.isEmpty()
|| !scopes.stream().filter(scope -> Scopes.REFRESH_TOKEN.authority().equals(scope)).findFirst().isPresent()) {
return Optional.empty();
}
return Optional.of(new RefreshToken(claims));
}
JwtAuthenticationProvider.java 文件源码
项目:infotaf
阅读 34
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
RawAccessJwtToken rawAccessToken = (RawAccessJwtToken) authentication.getCredentials();
Jws<Claims> jwsClaims = rawAccessToken.parseClaims(AppConfig.prop.getProperty("security.tokenSigningKey"));
String subject = jwsClaims.getBody().getSubject();
List<String> scopes = jwsClaims.getBody().get("scopes", List.class);
List<GrantedAuthority> authorities = scopes.stream()
.map(authority -> new SimpleGrantedAuthority(authority))
.collect(Collectors.toList());
UserContext context = UserContext.create(subject, authorities);
return new JwtAuthenticationToken(context, context.getAuthorities());
}
BearerTokenAuthenticatingFilter.java 文件源码
项目:stateless-shiro
阅读 27
收藏 0
点赞 0
评论 0
String[] getPrincipalsAndCredentials(String authorizeParam) {
Jws<Claims> claims = Jwts.parser()
.setSigningKey(TokenRepository.SECURET.getBytes())
.parseClaimsJws(authorizeParam);
String email = claims.getBody().getSubject();
return new String[]{email, authorizeParam};
}
RawAccessJwtToken.java 文件源码
项目:iotplatform
阅读 27
收藏 0
点赞 0
评论 0
/**
* Parses and validates JWT Token signature.
*
* @throws BadCredentialsException
* @throws JwtExpiredTokenException
*
*/
public Jws<Claims> parseClaims(String signingKey) {
try {
return Jwts.parser().setSigningKey(signingKey).parseClaimsJws(this.token);
} catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException | SignatureException ex) {
logger.error("Invalid JWT Token", ex);
throw new BadCredentialsException("Invalid JWT token: ", ex);
} catch (ExpiredJwtException expiredEx) {
logger.info("JWT Token is expired", expiredEx);
throw new JwtExpiredTokenException(this, "JWT Token expired", expiredEx);
}
}
