/** * Parses a token */ protected JWTClaimsSet parseToken(String token) { try { return jwtProcessor.process(token, null); } catch (ParseException | BadJOSEException | JOSEException e) { throw new BadCredentialsException(e.getMessage()); } } }
@Override public JsonObject process(String jwt) throws JWTException { try { String rawJwt = delegate.process(jwt, null).toString(); return Json.createReader(new StringReader(rawJwt)).readObject(); } catch (ParseException | BadJOSEException | JOSEException e) { throw new JWTException("Unable to parse jwt", e); } }
jwtProcessor.process((PlainJWT)jwt, securityContext); } else if (jwt instanceof SignedJWT) { jwtProcessor.process((SignedJWT)jwt, securityContext); } else if (jwt instanceof EncryptedJWT) { jwtProcessor.process((EncryptedJWT)jwt, securityContext); } else { jwtProcessor.process(jwt, securityContext);
public AuthenticationResult validate(String token) { try { JWTClaimsSet claimsSet = processor.process(token, null); return AuthenticationResult.valid(claimsSet.getClaims()); } catch(RemoteKeySourceException ex) { return AuthenticationResult.failed(ex.getMessage()); } catch (ParseException | JOSEException | BadJOSEException ex) { return AuthenticationResult.invalid(ex.getMessage()); } } }
private Jwt createJwt(String token, JWT parsedJwt) { Jwt jwt; try { // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); jwt = new Jwt(token, issuedAt, expiresAt, headers, claims); } catch (RemoteKeySourceException ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } catch (Exception ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } return jwt; }
public Authentication getAuthentication(HttpServletRequest request) throws Exception { String idToken = request.getHeader(jwtConfiguration.getHttpHeader()); if (idToken != null) { JWTClaimsSet claimsSet = null; claimsSet = configurableJWTProcessor.process(stripBearerToken(idToken), null); if (!isIssuedCorrectly(claimsSet)) { throw new Exception(String.format("Issuer %s in JWT token doesn't match cognito idp %s", claimsSet.getIssuer(), jwtConfiguration.getCognitoIdentityPoolUrl())); } if (!isIdToken(claimsSet)) { throw new Exception("JWT Token doesn't seem to be an ID Token"); } String username = claimsSet.getClaims().get(jwtConfiguration.getUserNameField()).toString(); if (username != null) { List<String> groups = (List<String>) claimsSet.getClaims().get(jwtConfiguration.getGroupsField()); List<GrantedAuthority> grantedAuthorities = convertList(groups, group -> new SimpleGrantedAuthority(ROLE_PREFIX + group.toUpperCase())); User user = new User(username, EMPTY_PWD, grantedAuthorities); jwtIdTokenCredentialsHolder.setIdToken(stripBearerToken(idToken)); return new JwtAuthentication(user, claimsSet, grantedAuthorities); } } logger.trace("No idToken found in HTTP Header"); return null; }
@Override public Jwt decode(String token) throws JwtException { Jwt jwt; try { JWT parsedJwt = JWTParser.parse(token); // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Instant expiresAt = jwtClaimsSet.getExpirationTime().toInstant(); Instant issuedAt; if (jwtClaimsSet.getIssueTime() != null) { issuedAt = jwtClaimsSet.getIssueTime().toInstant(); } else { // issuedAt is required in SecurityToken so let's default to expiresAt - 1 second issuedAt = Instant.from(expiresAt).minusSeconds(1); } Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); jwt = new Jwt(token, issuedAt, expiresAt, headers, jwtClaimsSet.getClaims()); } catch (Exception ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } return jwt; } }
public UserPrincipal buildUserPrincipal(String idToken) throws ParseException, JOSEException, BadJOSEException { final JWSObject jwsObject = JWSObject.parse(idToken); final ConfigurableJWTProcessor<SecurityContext> validator = getAadJwtTokenValidator(jwsObject.getHeader().getAlgorithm()); final JWTClaimsSet jwtClaimsSet = validator.process(idToken, null); final JWTClaimsSetVerifier<SecurityContext> verifier = validator.getJWTClaimsSetVerifier(); verifier.verify(jwtClaimsSet, null); return new UserPrincipal(jwsObject, jwtClaimsSet); }
public UserPrincipal buildUserPrincipal(String idToken) throws ParseException, JOSEException, BadJOSEException { final JWSObject jwsObject = JWSObject.parse(idToken); final ConfigurableJWTProcessor<SecurityContext> validator = getAadJwtTokenValidator(jwsObject.getHeader().getAlgorithm()); final JWTClaimsSet jwtClaimsSet = validator.process(idToken, null); final JWTClaimsSetVerifier<SecurityContext> verifier = validator.getJWTClaimsSetVerifier(); verifier.verify(jwtClaimsSet, null); return new UserPrincipal(jwsObject, jwtClaimsSet); }
}; jwtProcessor.setJWSKeySelector(authContextKeySelector); jwtProcessor.process(signedJWT, null);