public String getSubject() throws MalformedClaimException { return getClaimValue(ReservedClaimNames.SUBJECT, String.class); }
public boolean isClaimValueOfType(String claimName, Class type) { try { return getClaimValue(claimName, type) != null; } catch (MalformedClaimException e) { return false; } }
public String getIssuer() throws MalformedClaimException { return getClaimValue(ReservedClaimNames.ISSUER, String.class); }
public String getJwtId() throws MalformedClaimException { return getClaimValue(ReservedClaimNames.JWT_ID, String.class); }
public boolean hasClaim(String claimName) { return getClaimValue(claimName) != null; }
public String getStringClaimValue(String claimName) throws MalformedClaimException { return getClaimValue(claimName, String.class); }
/** * Gets the value of the claim as a List of Strings, which assumes that it is a JSON array of strings. * @param claimName the name of the claim * @return a {@code List<String>} with the values of the claim. Empty list, if the claim is not present. * @throws MalformedClaimException if the claim value is not an array or is an array that contains non string values */ public List<String> getStringListClaimValue(String claimName) throws MalformedClaimException { List listClaimValue = getClaimValue(claimName, List.class); return toStringList(listClaimValue, claimName); }
public NumericDate getNumericDateClaimValue(String claimName) throws MalformedClaimException { Number number = getClaimValue(claimName, Number.class); return number != null ? NumericDate.fromSeconds(number.longValue()) : null; }
private void replaceNumber(final String name) { try { final Number number = claimsSet.getClaimValue(name, Number.class); final JsonNumber jsonNumber = (JsonNumber) wrapValue(number); claimsSet.setClaim(name, jsonNumber); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceNumber failure for: " + name, e); } }
private void replaceNumber(String name) { try { Number number = claimsSet.getClaimValue(name, Number.class); JsonNumber jsonNumber = (JsonNumber) wrapValue(number); claimsSet.setClaim(name, jsonNumber); } catch (MalformedClaimException e) { logger.warn("replaceNumber failure for: " + name, e); } } }
/** * Replace the jose4j Map<String,Object> with a JsonObject * * @param name - claim name */ private void replaceMap(String name) { try { Map<String, Object> map = claimsSet.getClaimValue(name, Map.class); JsonObject jsonObject = replaceMap(map); claimsSet.setClaim(name, jsonObject); } catch (MalformedClaimException e) { logger.warn("replaceMap failure for: " + name, e); } }
private OAuth2Request getOAuth2Request( @NotNull final JwtClaims claims ) throws MalformedClaimException, InvalidTokenException { final String clientId = claims.getClaimValue("client_id", String.class); @SuppressWarnings("unchecked") final Set<String> scopes = Sets.newHashSet(claims.getClaimValue("scope", Collection.class));
/** * Replace the jose4j List<?> with a JsonArray * * @param name - claim name */ private void replaceList(String name) { try { List list = claimsSet.getClaimValue(name, List.class); JsonArray array = (JsonArray) wrapValue(list); claimsSet.setClaim(name, array); } catch (MalformedClaimException e) { logger.warn("replaceList failure for: " + name, e); } }
/** * Replace the jose4j Map<String,Object> with a JsonObject * * @param name - claim name */ private void replaceMap(final String name) { try { final Map<String, Object> map = claimsSet.getClaimValue(name, Map.class); final JsonObject jsonObject = replaceMap(map); claimsSet.setClaim(name, jsonObject); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceMap failure for: " + name, e); } }
/** * Replace the jose4j List<?> with a JsonArray * * @param name - claim name */ private void replaceList(final String name) { try { final List list = claimsSet.getClaimValue(name, List.class); final JsonArray array = (JsonArray) wrapValue(list); claimsSet.setClaim(name, array); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceList failure for: " + name, e); } }
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException { Map<String, Object> user = null; X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate); x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(issuer) .setExpectedAudience(audience) .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates .build(); // create the JwtConsumer instance // Validate the JWT and process it to the Claims JwtClaims claims = jwtConsumer.processToClaims(jwt); if(claims != null) { user = new HashMap<String, Object>(); user.put("userId", claims.getClaimValue("userId")); user.put("clientId", claims.getClaimValue("clientId")); List roles = claims.getStringListClaimValue("roles"); user.put("roles", roles); Object host = claims.getClaimValue("host"); if(host != null) user.put("host", host); } return user; } }
@Override public HobsonUser authenticate(String token) throws HobsonAuthenticationException { try { // extract the claims from the token JwtClaims claims = jwtConsumer.processToClaims(token); // make sure the token hasn't expired if (claims.getExpirationTime().isAfter(NumericDate.now())) { List<String> roles = null; Map realmAccess = claims.getClaimValue("realm_access", Map.class); if (realmAccess != null && realmAccess.containsKey("roles")) { roles = (List<String>)realmAccess.get("roles"); } return new HobsonUser.Builder(claims.getSubject()) .givenName(claims.getStringClaimValue(PROP_FIRST_NAME)) .familyName(claims.getStringClaimValue(PROP_LAST_NAME)) .roles(roles != null ? roles : new ArrayList<String>()) .hubs(Collections.singletonList(claims.getClaimValue("hubs", String.class))) .build(); } else { throw new HobsonAuthenticationException("Token has expired"); } } catch (Exception e) { throw new HobsonAuthenticationException("Error validating bearer token: " + e.getMessage()); } }
JwtClaims claimsSet = jwtContext.getJwtClaims(); name = claimsSet.getClaimValue("upn", String.class); if (name == null) { name = claimsSet.getClaimValue("preferred_username", String.class); if (name == null) { name = claimsSet.getSubject();
/** * Convert the types jose4j uses for address, sub_jwk, and jwk */ private void fixJoseTypes() { if (claimsSet.hasClaim(Claims.address.name())) { replaceMap(Claims.address.name()); } if (claimsSet.hasClaim(Claims.jwk.name())) { replaceMap(Claims.jwk.name()); } if (claimsSet.hasClaim(Claims.sub_jwk.name())) { replaceMap(Claims.sub_jwk.name()); } // Handle custom claims Set<String> customClaimNames = filterCustomClaimNames(claimsSet.getClaimNames()); for (String name : customClaimNames) { Object claimValue = claimsSet.getClaimValue(name); Class claimType = claimValue.getClass(); if (claimValue instanceof List) { replaceList(name); } else if (claimValue instanceof Map) { replaceMap(name); } else if (claimValue instanceof Number) { replaceNumber(name); } } }
/** * Convert the types jose4j uses for address, sub_jwk, and jwk */ private void fixJoseTypes() { if (claimsSet.hasClaim(Claims.address.name())) { replaceMap(Claims.address.name()); } if (claimsSet.hasClaim(Claims.jwk.name())) { replaceMap(Claims.jwk.name()); } if (claimsSet.hasClaim(Claims.sub_jwk.name())) { replaceMap(Claims.sub_jwk.name()); } // Handle custom claims final Set<String> customClaimNames = filterCustomClaimNames(claimsSet.getClaimNames()); for (String name : customClaimNames) { final Object claimValue = claimsSet.getClaimValue(name); if (claimValue instanceof List) { replaceList(name); } else if (claimValue instanceof Map) { replaceMap(name); } else if (claimValue instanceof Number) { replaceNumber(name); } } }