@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
AccessToken accessToken = accessTokenDAO.find(authentication.getClaims().getTokenId()); if (accessToken == null) { throw new AuthenticationCredentialsNotFoundException( "Could not find an Access Token for JWT " + authentication.getClaims().getTokenId()); throw new AuthenticationCredentialsNotFoundException( "Could not find User " + authentication.getClaims().getSubject() + " for JWT " + authentication.getClaims().getTokenId()); authorities = resolved.getRight() == null ? Collections.emptySet() : resolved.getRight(); LOG.debug("JWT {} issued by {} resolved to User {} with authorities {}", authentication.getClaims().getTokenId(), authentication.getClaims().getIssuer(), username, authorities);
AccessToken accessToken = accessTokenDAO.find(authentication.getClaims().getTokenId()); if (accessToken == null) { throw new AuthenticationCredentialsNotFoundException( "Could not find an Access Token for JWT " + authentication.getClaims().getTokenId()); throw new AuthenticationCredentialsNotFoundException( "Could not find User " + authentication.getClaims().getSubject() + " for JWT " + authentication.getClaims().getTokenId()); authorities = resolved.getRight() == null ? Collections.emptySet() : resolved.getRight(); LOG.debug("JWT {} issued by {} resolved to User {} with authorities {}", authentication.getClaims().getTokenId(), authentication.getClaims().getIssuer(), username, authorities);
accessTokenDAO.delete(consumer.getJwtClaims().getTokenId()); } else { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; JwtToken token = theConsumer.getJwtToken(authSchemeData); cacheKey = token.getClaims().getTokenId();
jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; JwtToken token = theConsumer.getJwtToken(authSchemeData); cacheKey = token.getClaims().getTokenId();
response.setToken(tokenData); response.setTokenId(claims.getTokenId());
response.setToken(tokenData); response.setTokenId(claims.getTokenId());
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; JwtToken token = theConsumer.getJwtToken(tokenId); tokenId = token.getClaims().getTokenId(); } catch (JwtException ex) { return new TokenIntrospection(false);
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; JwtToken token = theConsumer.getJwtToken(tokenId); tokenId = token.getClaims().getTokenId(); } catch (JwtException ex) { return new TokenIntrospection(false);