String nonce = claims.getStringClaimValue("nonce"); if (nonce == null) { logger.info("Rejected OpenID token without nonce."); String username = claims.getStringClaimValue(usernameClaim); if (username != null) return username;
public String getClaim(String claimName) { try { return claims.getStringClaimValue(claimName); } catch (MalformedClaimException e) { throw new SecurityException(e); } }
@Override public Set<String> getAudience() { final Set<String> audSet = new HashSet<>(); try { final List<String> audList = claimsSet.getStringListClaimValue("aud"); if (audList != null) { audSet.addAll(audList); } } catch (final MalformedClaimException e) { try { final String aud = claimsSet.getStringClaimValue("aud"); audSet.add(aud); } catch (final MalformedClaimException e1) { logger.log(Level.FINEST, "Can't retrieve malformed 'aud' claim.", e); } } return audSet.isEmpty() ? null : audSet; }
@Override public Set<String> getAudience() { Set<String> audSet = null; try { if (claimsSet.hasClaim(Claims.aud.name())) { List<String> audList = claimsSet.getStringListClaimValue("aud"); audSet = new HashSet<>(audList); } } catch (MalformedClaimException e) { try { // Not sent as an array, try a single value String aud = claimsSet.getStringClaimValue("aud"); audSet = new HashSet<>(); audSet.add(aud); } catch (MalformedClaimException e1) { } } return audSet; }
@Override @SneakyThrows public JwtClaims validate(final String token) { val jsonWebKey = getSigningKey(); if (jsonWebKey.getPublicKey() == null) { throw new IllegalArgumentException("JSON web key used to validate the id token signature has no associated public key"); } val jwt = EncodingUtils.verifyJwsSignature(jsonWebKey.getPublicKey(), token); val result = new String(jwt, StandardCharsets.UTF_8); val claims = JwtClaims.parse(result); LOGGER.debug("Validated claims as [{}]", claims); if (StringUtils.isBlank(claims.getIssuer())) { throw new IllegalArgumentException("Claims do not container an issuer"); } if (claims.getIssuer().equalsIgnoreCase(this.issuer)) { throw new IllegalArgumentException("Issuer assigned to claims does not match " + this.issuer); } if (StringUtils.isBlank(claims.getStringClaimValue(OAuth20Constants.CLIENT_ID))) { throw new IllegalArgumentException("Claims do not contain a client id claim"); } return claims; }
if (!claims.getStringClaimValue("origin").equals(holder.getServerIpAddress())) { LOGGER.error("Token origin server IP address does not match CAS"); return null; if (!claims.getStringClaimValue("client").equals(holder.getClientIpAddress())) { LOGGER.error("Token client IP address does not match CAS"); return null;
String username = jwtDecoded.getStringClaimValue("username"); // "MChambe4"
@Override public HobsonUser authenticate(String token) throws HobsonAuthenticationException { try { // extract the claims from the token JwtClaims claims = jwtConsumer.processToClaims(token); // make sure the token hasn't expired if (claims.getExpirationTime().isAfter(NumericDate.now())) { List<String> roles = null; Map realmAccess = claims.getClaimValue("realm_access", Map.class); if (realmAccess != null && realmAccess.containsKey("roles")) { roles = (List<String>)realmAccess.get("roles"); } return new HobsonUser.Builder(claims.getSubject()) .givenName(claims.getStringClaimValue(PROP_FIRST_NAME)) .familyName(claims.getStringClaimValue(PROP_LAST_NAME)) .roles(roles != null ? roles : new ArrayList<String>()) .hubs(Collections.singletonList(claims.getClaimValue("hubs", String.class))) .build(); } else { throw new HobsonAuthenticationException("Token has expired"); } } catch (Exception e) { throw new HobsonAuthenticationException("Error validating bearer token: " + e.getMessage()); } }
exchange.putAttachment(AuditHandler.AUDIT_INFO, auditInfo); auditInfo.put(Constants.CLIENT_ID_STRING, claims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.USER_ID_STRING, claims.getStringClaimValue(Constants.USER_ID_STRING)); auditInfo.put(Constants.SUBJECT_CLAIMS, claims); if(config != null && (Boolean)config.get(ENABLE_VERIFY_SCOPE) && OpenApiHelper.openApi3 != null) { JwtClaims scopeClaims = JwtHelper.verifyJwt(scopeJwt, false); secondaryScopes = scopeClaims.getStringListClaimValue("scope"); auditInfo.put(Constants.SCOPE_CLIENT_ID_STRING, scopeClaims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.ACCESS_CLAIMS, scopeClaims); } catch (InvalidJwtException | MalformedClaimException e) {
exchange.putAttachment(AuditHandler.AUDIT_INFO, auditInfo); auditInfo.put(Constants.CLIENT_ID_STRING, claims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.USER_ID_STRING, claims.getStringClaimValue(Constants.USER_ID_STRING)); auditInfo.put(Constants.SUBJECT_CLAIMS, claims); if(config != null && (Boolean)config.get(ENABLE_VERIFY_SCOPE) && SwaggerHelper.swagger != null) { JwtClaims scopeClaims = JwtHelper.verifyJwt(scopeJwt, false); secondaryScopes = scopeClaims.getStringListClaimValue("scope"); auditInfo.put(Constants.SCOPE_CLIENT_ID_STRING, scopeClaims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.ACCESS_CLAIMS, scopeClaims); } catch (InvalidJwtException | MalformedClaimException e) {