public JwtClaims mockClaims() { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", "steve"); claims.setClaim("user_type", "EMPLOYEE"); claims.setClaim("client_id", "aaaaaaaa-1234-1234-1234-bbbbbbbb"); List<String> scope = Arrays.asList("api.r", "api.w"); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array return claims; } }
/** * Construct a default JwtClaims * @param expiresIn expires in * @return JwtClaims */ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(expiresIn/60); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
/** * Construct a default JwtClaims * * @return JwtClaims */ public static JwtClaims getDefaultJwtClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes()); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
public JsonWebToken addClaim(String claimName, String value) { claims.setClaim(claimName, value); return this; }
private static void setClaim(JwtClaims claims, @NotNull String name, @Nullable Object value) { if (value != null) { claims.setClaim(name, value); } } }
public JwtClaims mockClaims() { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", "steve"); claims.setClaim("user_type", "EMPLOYEE"); claims.setClaim("client_id", "aaaaaaaa-1234-1234-1234-bbbbbbbb"); List<String> scope = Arrays.asList("api.r", "api.w"); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array return claims; } }
private JwtClaims mockCcClaims(String clientId, Integer expiresIn, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getJwtClaimsWithExpiresIn(expiresIn); claims.setClaim("client_id", clientId); if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
private JwtClaims mockCcClaims(String clientId, String scopeString, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("client_id", clientId); List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
private JwtClaims mockAcClaims(String clientId, String scopeString, String userId, String userType, String roleString, String csrf, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", userId); claims.setClaim("user_type", userType); claims.setClaim("client_id", clientId); if(csrf != null) claims.setClaim("csrf", csrf); if(scopeString != null && scopeString.trim().length() > 0) { List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array } if(roleString != null && roleString.trim().length() > 0) { List<String> roles = Arrays.asList(roleString.split("\\s+")); claims.setStringListClaim("roles", roles); // multi-valued claims work too and will end up as a JSON array } if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
private void replaceNumber(String name) { try { Number number = claimsSet.getClaimValue(name, Number.class); JsonNumber jsonNumber = (JsonNumber) wrapValue(number); claimsSet.setClaim(name, jsonNumber); } catch (MalformedClaimException e) { logger.warn("replaceNumber failure for: " + name, e); } } }
private void replaceNumber(final String name) { try { final Number number = claimsSet.getClaimValue(name, Number.class); final JsonNumber jsonNumber = (JsonNumber) wrapValue(number); claimsSet.setClaim(name, jsonNumber); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceNumber failure for: " + name, e); } }
/** * Replace the jose4j Map<String,Object> with a JsonObject * * @param name - claim name */ private void replaceMap(String name) { try { Map<String, Object> map = claimsSet.getClaimValue(name, Map.class); JsonObject jsonObject = replaceMap(map); claimsSet.setClaim(name, jsonObject); } catch (MalformedClaimException e) { logger.warn("replaceMap failure for: " + name, e); } }
/** * Replace the jose4j List<?> with a JsonArray * * @param name - claim name */ private void replaceList(String name) { try { List list = claimsSet.getClaimValue(name, List.class); JsonArray array = (JsonArray) wrapValue(list); claimsSet.setClaim(name, array); } catch (MalformedClaimException e) { logger.warn("replaceList failure for: " + name, e); } }
/** * Replace the jose4j Map<String,Object> with a JsonObject * * @param name - claim name */ private void replaceMap(final String name) { try { final Map<String, Object> map = claimsSet.getClaimValue(name, Map.class); final JsonObject jsonObject = replaceMap(map); claimsSet.setClaim(name, jsonObject); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceMap failure for: " + name, e); } }
/** * Replace the jose4j List<?> with a JsonArray * * @param name - claim name */ private void replaceList(final String name) { try { final List list = claimsSet.getClaimValue(name, List.class); final JsonArray array = (JsonArray) wrapValue(list); claimsSet.setClaim(name, array); } catch (final MalformedClaimException e) { logger.log(Level.WARNING, "replaceList failure for: " + name, e); } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
@Override public String createToken(HobsonUser user) { try { JwtClaims claims = new JwtClaims(); claims.setIssuer(oidcConfig.getIssuer()); claims.setAudience(System.getenv("OIDC_AUDIENCE") != null ? System.getenv("OIDC_AUDIENCE") : System.getProperty("OIDC_AUDIENCE", "hobson-webconsole")); claims.setSubject(user.getId()); claims.setStringClaim(PROP_FIRST_NAME, user.getGivenName()); claims.setStringClaim(PROP_LAST_NAME, user.getFamilyName()); claims.setExpirationTimeMinutesInTheFuture(DEFAULT_EXPIRATION_MINUTES); claims.setClaim("realm_access", Collections.singletonMap("roles", user.getRoles())); Collection<String> hubs = getHubsForUser(user.getId()); if (hubs != null) { claims.setStringClaim("hubs", StringUtils.join(hubs, ",")); } JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(((RsaJsonWebKey)oidcConfig.getSigningKey()).getPrivateKey()); jws.setKeyIdHeaderValue(((RsaJsonWebKey)oidcConfig.getSigningKey()).getKeyType()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); return jws.getCompactSerialization(); } catch (JoseException e) { logger.error("Error generating token", e); throw new HobsonAuthenticationException("Error generating token"); } }
/** * Construct a default JwtClaims * @param expiresIn expires in * @return JwtClaims */ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(expiresIn/60); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
/** * Construct a default JwtClaims * * @return JwtClaims */ public static JwtClaims getDefaultJwtClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes()); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }