@Override public String getName() { return username == null ? claims.getSubject() : username; } }
@Override public String getName() { return username == null ? claims.getSubject() : username; } }
@Override public Object getPrincipal() { return username == null ? claims.getSubject() : username; }
@Override public Object getPrincipal() { return username == null ? claims.getSubject() : username; }
JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(pk) .setRequireExpirationTime() .setExpectedAudience("https://citrixp.com:8443/") .setExpectedIssuer("https://sts.windows.net/dd9b6a3e-29d1-4254-a746-e02941444517/") .build(); JwtClaims claims = jwtConsumer.processToClaims(data + "." + signedData); System.out.println("Subject: " + claims.getSubject()); System.out.println("UPN: " + claims.getStringClaimValue("upn")); // or whatever, etc....
@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
protected SecurityContext configureSecurityContext(JwtToken jwt) { Message m = JAXRSUtils.getCurrentMessage(); boolean enableUnsignedJwt = MessageUtils.getContextualBoolean(m, JoseConstants.ENABLE_UNSIGNED_JWT_PRINCIPAL, false); // The token must be signed/verified with a public key to set up the security context, // unless we directly configure otherwise if (jwt.getClaims().getSubject() != null && (isVerifiedWithAPublicKey(jwt) || enableUnsignedJwt)) { return new JwtTokenSecurityContext(jwt, roleClaim); } return null; }
public JwtTokenSecurityContext(JwtToken jwt, String roleClaim) { principal = new SimplePrincipal(jwt.getClaims().getSubject()); this.token = jwt; if (roleClaim != null && jwt.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = jwt.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } // Parse JwtToken into ClaimCollection jwt.getClaims().asMap().forEach((String name, Object values) -> { Claim claim = new Claim(); claim.setClaimType(name); if (values instanceof List<?>) { claim.setValues(CastUtils.cast((List<?>)values)); } else { claim.setValues(Collections.singletonList(values)); } claims.add(claim); }); }
if (relayState != null && !relayState.getJwtClaims().getSubject().equals(logoutResponse.getInResponseTo())) { throw new IllegalArgumentException("Unmatching request ID: " + logoutResponse.getInResponseTo());
Set<SyncopeGrantedAuthority> authorities; if (adminUser.equals(authentication.getClaims().getSubject())) { AccessToken accessToken = accessTokenDAO.find(authentication.getClaims().getTokenId()); if (accessToken == null) { if (resolved == null || resolved.getLeft() == null) { throw new AuthenticationCredentialsNotFoundException( "Could not find User " + authentication.getClaims().getSubject() + " for JWT " + authentication.getClaims().getTokenId());
Set<SyncopeGrantedAuthority> authorities; if (adminUser.equals(authentication.getClaims().getSubject())) { AccessToken accessToken = accessTokenDAO.find(authentication.getClaims().getTokenId()); if (accessToken == null) { if (resolved == null || resolved.getLeft() == null) { throw new AuthenticationCredentialsNotFoundException( "Could not find User " + authentication.getClaims().getSubject() + " for JWT " + authentication.getClaims().getTokenId());
if (username != null) { UserSubject userSubject = new UserSubject(username); if (claims.getSubject() != null) { userSubject.setId(claims.getSubject()); } else if (claims.getSubject() != null) { atv.setTokenSubject(new UserSubject(claims.getSubject()));
Principal principal = new SimplePrincipal(jwt.getClaims().getSubject()); response.setPrincipal(principal);
Principal principal = new SimplePrincipal(jwt.getClaims().getSubject()); response.setPrincipal(principal);
protected void validateClaims(Client client, JwtClaims claims) { if (getAudience() != null) { JAXRSUtils.getCurrentMessage().put(JwtConstants.EXPECTED_CLAIM_AUDIENCE, getAudience()); } JwtUtils.validateTokenClaims(claims, ttl, clockOffset, true); validateIssuer(claims.getIssuer()); validateSubject(client, claims.getSubject()); // We must have an Expiry if (claims.getClaim(JwtConstants.CLAIM_EXPIRY) == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } }
@Override public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException { String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM); if (assertion == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } try { JwsJwtCompactConsumer jwsReader = getJwsReader(assertion); JwtToken jwtToken = jwsReader.getJwtToken(); validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature()); validateClaims(client, jwtToken.getClaims()); UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject()); return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE))); } catch (OAuthServiceException ex) { throw ex; } catch (Exception ex) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex); } }
protected void validateClaims(Client client, JwtClaims claims) { if (getAudience() != null) { JAXRSUtils.getCurrentMessage().put(JwtConstants.EXPECTED_CLAIM_AUDIENCE, getAudience()); } JwtUtils.validateTokenClaims(claims, ttl, clockOffset, true); validateIssuer(claims.getIssuer()); validateSubject(client, claims.getSubject()); // We must have an Expiry if (claims.getClaim(JwtConstants.CLAIM_EXPIRY) == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } }
@Override public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException { String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM); if (assertion == null) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } try { JwsJwtCompactConsumer jwsReader = getJwsReader(assertion); JwtToken jwtToken = jwsReader.getJwtToken(); validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature()); validateClaims(client, jwtToken.getClaims()); UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject()); return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE))); } catch (OAuthServiceException ex) { throw ex; } catch (Exception ex) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex); } }
if (claims.getSubject() == null) { throw new OAuthServiceException("Invalid subject");