@Override public Set<String> getGroups() { final HashSet<String> groups = new HashSet<>(); try { final List<String> globalGroups = claimsSet.getStringListClaimValue("groups"); if (globalGroups != null) { groups.addAll(globalGroups); } } catch (final MalformedClaimException e) { logger.log(Level.FINEST, "Can't retrieve malformed 'groups' claim.", e); } return groups; }
@Override public Set<String> getGroups() { HashSet<String> groups = new HashSet<>(); try { List<String> globalGroups = claimsSet.getStringListClaimValue("groups"); if (globalGroups != null) { groups.addAll(globalGroups); } } catch (MalformedClaimException e) { e.printStackTrace(); } return groups; }
/** * Is the claim present with a string array value. * @param claimName the name of the claim * @return true, if the claim is present and its value is array of strings. False otherwise. */ public boolean isClaimValueStringList(String claimName) { try { return hasClaim(claimName) && getStringListClaimValue(claimName) != null; } catch (MalformedClaimException e) { return false; } }
@Override public Set<String> getAudience() { final Set<String> audSet = new HashSet<>(); try { final List<String> audList = claimsSet.getStringListClaimValue("aud"); if (audList != null) { audSet.addAll(audList); } } catch (final MalformedClaimException e) { try { final String aud = claimsSet.getStringClaimValue("aud"); audSet.add(aud); } catch (final MalformedClaimException e1) { logger.log(Level.FINEST, "Can't retrieve malformed 'aud' claim.", e); } } return audSet.isEmpty() ? null : audSet; }
@Override public Set<String> getAudience() { Set<String> audSet = null; try { if (claimsSet.hasClaim(Claims.aud.name())) { List<String> audList = claimsSet.getStringListClaimValue("aud"); audSet = new HashSet<>(audList); } } catch (MalformedClaimException e) { try { // Not sent as an array, try a single value String aud = claimsSet.getStringClaimValue("aud"); audSet = new HashSet<>(); audSet.add(aud); } catch (MalformedClaimException e1) { } } return audSet; }
List<String> scopes = jwtDecoded.getStringListClaimValue("scope"); if (!scopes.stream().anyMatch(scope -> scope.equals(requiredScope))) { throw new Exception("Required scope is not claimed: " + requiredScope);
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException { Map<String, Object> user = null; X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate); x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(issuer) .setExpectedAudience(audience) .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates .build(); // create the JwtConsumer instance // Validate the JWT and process it to the Claims JwtClaims claims = jwtConsumer.processToClaims(jwt); if(claims != null) { user = new HashMap<String, Object>(); user.put("userId", claims.getClaimValue("userId")); user.put("clientId", claims.getClaimValue("clientId")); List roles = claims.getStringListClaimValue("roles"); user.put("roles", roles); Object host = claims.getClaimValue("host"); if(host != null) user.put("host", host); } return user; } }
try { JwtClaims scopeClaims = JwtHelper.verifyJwt(scopeJwt, false); secondaryScopes = scopeClaims.getStringListClaimValue("scope"); auditInfo.put(Constants.SCOPE_CLIENT_ID_STRING, scopeClaims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.ACCESS_CLAIMS, scopeClaims); primaryScopes = claims.getStringListClaimValue("scope"); } catch (MalformedClaimException e) { logger.error("MalformedClaimException", e);
try { JwtClaims scopeClaims = JwtHelper.verifyJwt(scopeJwt, false); secondaryScopes = scopeClaims.getStringListClaimValue("scope"); auditInfo.put(Constants.SCOPE_CLIENT_ID_STRING, scopeClaims.getStringClaimValue(Constants.CLIENT_ID_STRING)); auditInfo.put(Constants.ACCESS_CLAIMS, scopeClaims); primaryScopes = claims.getStringListClaimValue("scope"); } catch (MalformedClaimException e) { logger.error("MalformedClaimException", e);