claims = jwtContext.getJwtClaims(); JsonWebStructure structure = jwtContext.getJoseObjects().get(0); claims = jwtContext.getJwtClaims(); if(Boolean.TRUE.equals(enableJwtCache)) { cache.put(jwt, claims);
/** * Discards any cached principal for the given credentials. * * @param credentials a set of credentials */ public void invalidate(JwtContext credentials) { cache.invalidate(credentials.getJwt()); }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { String subject = jwtContext.getJwtClaims().getJwtId(); return (subject == null && requireJti) ? MISSING_JTI : null; } }
boolean hasSymmetricEncryption = false; ArrayList<JsonWebStructure> originalJoseObjects = new ArrayList<>(jwtContext.getJoseObjects()); throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + jwtContext.getJwt(), errors, jwtContext); throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), errors, jwtContext); "but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), errors, jwtContext);
List<JsonWebStructure> list = jwtContext.getJoseObjects(); String kid = list.get(0).getKeyIdHeaderValue(); String keyAsString;
LinkedList<JsonWebStructure> joseObjects = new LinkedList<>(); JwtContext jwtContext = new JwtContext(jwt, null, Collections.unmodifiableList(joseObjects)); jwtContext.setJwtClaims(jwtClaims);
public JwtClaims processToClaims(String jwt) throws InvalidJwtException { return process(jwt).getJwtClaims(); }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { JwtClaims jwtClaims = jwtContext.getJwtClaims(); String subject = jwtClaims.getSubject(); if (subject == null && requireSubject) { return MISSING_SUB; } else if (expectedSubject != null && !expectedSubject.equals(subject)) { String msg = "Subject (sub) claim value (" + subject + ") doesn't match expected value of " + expectedSubject; return new Error(ErrorCodes.SUBJECT_INVALID, msg); } return null; } }
claims = jwtContext.getJwtClaims(); JsonWebStructure structure = jwtContext.getJoseObjects().get(0); claims = jwtContext.getJwtClaims(); if(Boolean.TRUE.equals(enableJwtCache)) { cache.put(jwt, claims);
/** * Discards any cached principal for the given credentials. * * @param credentials a set of credentials */ public void invalidate(JwtContext credentials) { cache.invalidate(credentials.getJwt()); }
public static boolean isExpired(JwtContext context) { try { return context.getJwtClaims().getExpirationTime().isBefore(NumericDate.now()); } catch (MalformedClaimException e) { logger.debug("failed to validate token {}", e); return false; } } }
final String type = jwtContext.getJoseObjects().get(0).getHeader("typ"); JwtClaims claimsSet = jwtContext.getJwtClaims();
/** * Discards any cached principal for the given collection of credentials. * * @param credentials a collection of credentials */ public void invalidateAll(Iterable<JwtContext> credentials) { credentials.forEach(context -> cache.invalidate(context.getJwt())); }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException final JwtClaims jwtClaims = jwtContext.getJwtClaims();
String type = jwtContext.getJoseObjects().get(0).getHeader("typ"); JwtClaims claimsSet = jwtContext.getJwtClaims();
/** * Discards any cached principal for the given collection of credentials. * * @param credentials a collection of credentials */ public void invalidateAll(Iterable<JwtContext> credentials) { credentials.forEach(context -> cache.invalidate(context.getJwt())); }
/** * Validates an existing {@link User} once their corresponding JWT's signature has been verified. * i.e. this method is called after signature verification. * * //TODO potentially blacklist tokens here until their expiry if a user has * //TODO logged out &or changed her password. * * @param jwtContext * @return * @throws AuthenticationException */ @Override public Optional<User> authenticate(JwtContext jwtContext) throws AuthenticationException { try { if (TokenGenerator.isExpired(jwtContext)) { return Optional.empty(); } User u = userDao.findByEmail(jwtContext.getJwtClaims().getSubject()); return u != null ? Optional.of(u) : Optional.empty(); } catch (MalformedClaimException e) { return Optional.empty(); } } }
@Override public Optional<P> authenticate(JwtContext context) throws AuthenticationException { final Timer.Context timer = gets.time(); try { final SimpleEntry<JwtContext, Optional<P>> cacheEntry = cache.getIfPresent(context.getJwt()); if (cacheEntry != null) { return cacheEntry.getValue(); } cacheMisses.mark(); final Optional<P> principal = authenticator.authenticate(context); if (principal.isPresent()) { cache.put(context.getJwt(), new SimpleEntry<>(context, principal)); } return principal; } finally { timer.stop(); } }
final long start = System.nanoTime(); try { final JwtClaims claims = jwtContext.getJwtClaims(); final StringBuilder builder = new StringBuilder(); final String clientId = claims.getClaimValue("client_id", String.class);
@Override public Optional<P> authenticate(JwtContext context) throws AuthenticationException { final Timer.Context timer = gets.time(); try { final SimpleEntry<JwtContext, Optional<P>> cacheEntry = cache.getIfPresent(context.getJwt()); if (cacheEntry != null) { return cacheEntry.getValue(); } cacheMisses.mark(); final Optional<P> principal = authenticator.authenticate(context); if (principal.isPresent()) { cache.put(context.getJwt(), new SimpleEntry<>(context, principal)); } return principal; } finally { timer.stop(); } }