@GET @Produces(MediaType.APPLICATION_JSON) @RequiresAuthentication public String checkJWT() { Subject subject = SecurityUtils.getSubject(); PortofinoRealm portofinoRealm = ShiroUtils.getPortofinoRealm(); String jwt = JWTFilter.getJSONWebToken(context.getRequest()); if(jwt == null) { subject.logout(); throw new WebApplicationException(Response.Status.FORBIDDEN); } return userInfo(subject, portofinoRealm, jwt); }
@Override protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { HttpServletRequest httpRequest = WebUtils.toHttp(request); String jwt = getJSONWebToken(httpRequest); if(jwt == null) { logger.debug("JWT not found, proceeding with the request"); return true; } Subject subject = SecurityUtils.getSubject(); if(subject.isAuthenticated()) { subject.logout(); } try { subject.login(new JSONWebToken(jwt)); return true; } catch (AuthenticationException e) { logger.warn("Failed JWT authentication to " + httpRequest.getRequestURL(), e); HttpServletResponse httpResponse = WebUtils.toHttp(response); httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return false; } }