com.auth0.jwt.exceptions.JWTVerificationException Java Examples
The following examples show how to use
Example #1
Source File: From alibaba-rsocket-broker with Apache License 2.0 | 6 votes |
@Override public @Nullable NamedPrincipal auth(String jwtToken) { int tokenHashCode = jwtToken.hashCode(); NamedPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode); if (principal == null) { for (JWTVerifier verifier : verifiers) { try { DecodedJWT decodedJWT = verifier.verify(jwtToken); principal = new NamedPrincipal(decodedJWT.getSubject()); jwtVerifyCache.put(tokenHashCode, principal); break; } catch (JWTVerificationException ignore) { } } } return principal; }
Example #2
Source File: From auth0-java with MIT License | 6 votes |
/** * Verifies a token's signature. * * @param token the token for which to verify its signature. * @return a {@linkplain DecodedJWT} that represents the token. * @throws IdTokenValidationException if the signature verification failed. */ DecodedJWT verifySignature(String token) throws IdTokenValidationException { DecodedJWT decoded = decodeToken(token); try { this.verifier.verify(decoded); } catch (AlgorithmMismatchException algorithmMismatchException) { String message = String.format("Signature algorithm of \"%s\" is not supported. Expected the ID token to be signed with \"%s\"", decoded.getAlgorithm(), this.algorithm.getName()); throw new IdTokenValidationException(message, algorithmMismatchException); } catch (SignatureVerificationException signatureVerificationException) { throw new IdTokenValidationException("Invalid ID token signature", signatureVerificationException); } catch (JWTVerificationException ignored) { // no-op. Would only occur for expired tokens, which will be handle during claims validation } return decoded; }
Example #3
Source File: From spring-jwt-gateway with Apache License 2.0 | 6 votes |
@Override public GatewayFilter apply(NameValueConfig config) { return (exchange, chain) -> { try { String token = this.extractJWTToken(exchange.getRequest()); DecodedJWT decodedJWT = this.jwtVerifier.verify(token); ServerHttpRequest request = exchange.getRequest().mutate(). header(X_JWT_SUB_HEADER, decodedJWT.getSubject()). build(); return chain.filter(exchange.mutate().request(request).build()); } catch (JWTVerificationException ex) { logger.error(ex.toString()); return this.onError(exchange, ex.getMessage()); } }; }
Example #4
Source File: From onenet-iot-project with MIT License | 6 votes |
/** * 通过任务 ID 获取任务生产进度 * * @param request 请求 * @param taskId 任务 ID * @return Response */ @GetMapping("/{taskId}/process") public Response getTaskProcess(HttpServletRequest request, @PathVariable String taskId) { String token = request.getHeader("token"); if (!VerifyUtil.checkString(taskId, token)) { return ResultUtil.returnStatus(ResponseStatus.PARAMS_ERROR); } else { try { // 解析token Claim claim = tokenUtil.getClaim(token, "account_id"); Account account = accountService.findAccountById(claim.asString()); // 判断角色是否有权限 if (account != null && account.getRole() == Role.ADMIN) { Map<String, Object> status = taskService.getStatus(taskId);"get status: {}", status); return ResultUtil.returnStatusAndData(ResponseStatus.SUCCESS, status); } else { return ResultUtil.returnStatus(ResponseStatus.VISITED_FORBID); } } catch (JWTVerificationException e) { // 解析失败,token无效 log.error("{}", e); return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN); } } }
Example #5
Source File: From cf-java-logging-support with Apache License 2.0 | 6 votes |
/** * This method validates if a token has a valid signature as well as a valid * timestamp and returns the decoded token * * @throws DynamicLogLevelException */ public DecodedJWT validateAndDecodeToken(String token) throws DynamicLogLevelException { try { DecodedJWT jwt = verifier.verify(token); Date exp = jwt.getExpiresAt(); Date iat = jwt.getIssuedAt(); Date now = new Date(); if (exp != null && iat != null && now.after(iat) && now.before(exp)) { return jwt; } else { throw new DynamicLogLevelException("Token provided to dynamically change the log-level on thread-level is outdated"); } } catch (JWTVerificationException e) { // Exception is not attached to avoid logging of JWT token throw new DynamicLogLevelException("Token could not be verified"); } }
Example #6
Source File: From Knowage-Server with GNU Affero General Public License v3.0 | 6 votes |
public String readUserIdentifier(HttpServletRequest request) { try { String jwtToken = request.getParameter(SsoServiceInterface.USER_ID); if (jwtToken == null) { logger.debug("JWT token not found in request"); return null; } logger.debug("JWT token retrieved : [" + jwtToken + "]"); JWTVerifier verifier = JWT.require(algorithm).build(); verifier.verify(jwtToken); logger.debug("JWT token verified properly"); return jwtToken; // we consider the JWT token as user unique identifier } catch (JWTVerificationException e) { throw new SpagoBIRuntimeException("Invalid JWT token!", e); } }
Example #7
Source File: From gravitee-management-rest-api with Apache License 2.0 | 6 votes |
private void verifyJwtToken(Response response) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, JWTVerificationException { Token responseToken = response.readEntity(Token.class); assertEquals("BEARER", responseToken.getTokenType().name()); String token = responseToken.getToken(); Algorithm algorithm = Algorithm.HMAC256("myJWT4Gr4v1t33_S3cr3t"); JWTVerifier jwtVerifier = JWT.require(algorithm).build(); DecodedJWT jwt = jwtVerifier.verify(token); assertEquals(jwt.getSubject(),""); assertEquals("Jane", jwt.getClaim("firstname").asString()); assertEquals("gravitee-management-auth", jwt.getClaim("iss").asString()); assertEquals("", jwt.getClaim("sub").asString()); assertEquals("", jwt.getClaim("email").asString()); assertEquals("Doe", jwt.getClaim("lastname").asString()); }
Example #8
Source File: From elepy with Apache License 2.0 | 6 votes |
@Override public Grant validateToken(String rawToken) { try { final var decodedToken = JWT.require(algorithm).build().verify(rawToken); final var userId = decodedToken.getClaim("userId").asString(); final var username = decodedToken.getClaim("username").asString(); final var permissions = decodedToken.getClaim("permissions").asList(String.class); final var grant = new Grant(); grant.setPermissions(permissions); grant.setUserId(userId); grant.setUsername(username); return grant; } catch (JWTVerificationException e) { return null; } }
Example #9
Source File: From vicinity-gateway-api with GNU General Public License v3.0 | 6 votes |
public String loadToken(File file) { // loaded data String token; try { InputStream is = new FileInputStream(file); token = IOUtils.toString(is, "UTF-8"); is.close(); verifyToken(token); } catch (IOException i) { logger.warning("Token could not be loaded from file, creating new one..."); i.printStackTrace(); token = generateToken(); return token; } catch (JWTVerificationException jwte){ //Invalid signature/claims logger.warning("Error verifying file token, creating new one..."); jwte.printStackTrace(); token = generateToken(); return token; } catch (Exception e) { e.printStackTrace(); return null; } return token; }
Example #10
Source File: From spring-boot-study with MIT License | 6 votes |
/** * 验证 token * */ private static void verifyJWTToken(String token) throws JWTVerificationException { Algorithm algorithm=Algorithm.HMAC256("secret"); JWTVerifier verifier = JWT.require(algorithm) .withIssuer("SERVICE") .build(); DecodedJWT jwt =verifier.verify(token); String subject=jwt.getSubject(); Map<String,Claim> claims=jwt.getClaims(); Claim claim = claims.get("loginName"); System.out.println("自定义 claim:"+claim.asString()); List<String> audience = jwt.getAudience(); System.out.println("subject 值:"+subject); System.out.println("audience 值:"+audience.get(0)); }
Example #11
Source File: From onenet-iot-project with MIT License | 6 votes |
/** * 获取机器设备列表 * * @param request 请求 * @return Response */ @GetMapping public Response getMachineList(HttpServletRequest request) { String token = request.getHeader("token"); if (!VerifyUtil.checkString(token)) { return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN); } else { try { // 解析token Claim claim = tokenUtil.getClaim(token, "account_id"); Account account = accountService.findAccountById(claim.asString()); // 判断角色是否有权限 if (account != null && account.getRole() == Role.ADMIN) { List<Machine> machines = machineService.findAllMachine();"machines: {}", machines); return ResultUtil.returnStatusAndData(ResponseStatus.SUCCESS, machines); } else { return ResultUtil.returnStatus(ResponseStatus.VISITED_FORBID); } } catch (JWTVerificationException e) { // 解析失败,token无效 log.error("{}", e); return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN); } } }
Example #12
Source File: From alibaba-rsocket-broker with Apache License 2.0 | 6 votes |
@Override @Nullable public RSocketAppPrincipal auth(String type, String credentials) { int tokenHashCode = credentials.hashCode(); RSocketAppPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode); for (JWTVerifier verifier : verifiers) { try { principal = new JwtPrincipal(verifier.verify(credentials), credentials); jwtVerifyCache.put(tokenHashCode, principal); break; } catch (JWTVerificationException ignore) { } } return principal; }
Example #13
Source File: From auth0-java-mvc-common with MIT License | 6 votes |
DecodedJWT verifySignature(String token) throws TokenValidationException { DecodedJWT decoded = decodeToken(token); if (!this.acceptedAlgorithms.contains(decoded.getAlgorithm())) { throw new TokenValidationException(String.format("Signature algorithm of \"%s\" is not supported. Expected the ID token to be signed with \"%s\".", decoded.getAlgorithm(), this.acceptedAlgorithms)); } if (verifier != null) { try { verifier.verify(decoded); } catch (SignatureVerificationException e) { throw new TokenValidationException("Invalid token signature", e); } catch (JWTVerificationException ignored) { //NO-OP. Will be catch on a different step //Would only trigger for "expired tokens" (invalid exp) } } return decoded; }
Example #14
Source File: From litemall with MIT License | 5 votes |
public Integer verifyTokenAndGetUserId(String token) { try { Algorithm algorithm = Algorithm.HMAC256(SECRET); JWTVerifier verifier = JWT.require(algorithm) .withIssuer(ISSUSER) .build(); DecodedJWT jwt = verifier.verify(token); Map<String, Claim> claims = jwt.getClaims(); Claim claim = claims.get("userId"); return claim.asInt(); } catch (JWTVerificationException exception){ // exception.printStackTrace(); } return 0; }
Example #15
Source File: From data-transfer-project with Apache License 2.0 | 5 votes |
@Override public UUID getJobIdFromToken(String token) { try { DecodedJWT jwt = verifier.verify(token); // Token is verified, get claim Claim claim = jwt.getClaim(JWTTokenManager.ID_CLAIM_KEY); if (claim.isNull()) { return null; } return claim.isNull() ? null : UUID.fromString(claim.asString()); } catch (JWTVerificationException exception) { monitor.debug(() -> "Error verifying token", exception); throw new RuntimeException("Error verifying token: " + token); } }
Example #16
Source File: From Knowage-Server with GNU Affero General Public License v3.0 | 5 votes |
public static String verifyJWTToken(String token) throws TokenExpiredException, SecurityException{ try { String jwtToken = token; return JWTSsoService.jwtToken2userId(jwtToken); }catch (TokenExpiredException te) { throw te; }catch (JWTVerificationException e) { throw new SecurityException("Invalid JWT token!", e); } }
Example #17
Source File: From vicinity-gateway-api with GNU General Public License v3.0 | 5 votes |
private void verifyToken(String token) throws JWTVerificationException, IOException{ String file = path + pubKey; try { RSAPublicKey publicKey = readPublicKey(file); //Get the key instance Algorithm algorithm = Algorithm.RSA256(publicKey, null); JWTVerifier verifier = JWT.require(algorithm) .withIssuer(agid) .build(); //Reusable verifier instance DecodedJWT jwt = verifier.verify(token); logger.fine("Token expires at: " + jwt.getExpiresAt().toString()); } catch (Exception e) { e.printStackTrace(); } }
Example #18
Source File: From microprofile-jwt-auth with Apache License 2.0 | 5 votes |
/** * Ensure a token is validated by the provider using the JWKS URL for the public key associated * with the signer. * * @throws Exception */ @Test(expectedExceptions = {InvalidJwtException.class, BadJOSEException.class, JWTVerificationException.class}) public void testNoMatchingKID() throws Exception { PrivateKey pk = loadPrivateKey(); String token = TokenUtils.generateTokenString(pk, "invalid-kid", "/Token1.json", null, null); int expGracePeriodSecs = 60; validateToken(token, new URL(endpoint), TEST_ISSUER, expGracePeriodSecs); }
Example #19
Source File: From smockin with Apache License 2.0 | 5 votes |
public void verifyToken(final String jwt) throws AuthException { try { jwtVerifier.verify(jwt); } catch (JWTVerificationException ex) { logger.debug("JWT authorization failed", ex); throw new AuthException(); } }
Example #20
Source File: From flow-platform-x with Apache License 2.0 | 5 votes |
public static boolean verify(String token, User user, boolean checkExpire) { try { Algorithm algorithm = Algorithm.HMAC256(user.getPasswordOnMd5()); JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build(); verifier.verify(token); return true; } catch (JWTVerificationException e) { if (e instanceof TokenExpiredException) { return !checkExpire; } return false; } }
Example #21
Source File: From sakai with Educational Community License v2.0 | 5 votes |
private JWT decodeToken(String token) { JWT jwt = null; try { jwt = JWT.decode(token); // First verify it JWTVerifier verifier = JWT.require(Algorithm.HMAC256( serverConfigurationService.getString(rubricsConfiguration.RUBRICS_TOKEN_SIGNING_SHARED_SECRET_PROPERTY, rubricsConfiguration.RUBRICS_TOKEN_SIGNING_SHARED_SECRET_DEFAULT))) .build(); //Reusable verifier instance verifier.verify(token); } catch (UnsupportedEncodingException | JWTVerificationException e) { // If expired, check if the session is still live in the sakai system // we can do this because the first exception to be launched is the signature verification failure // So if the exception is only about token expiring we can be sure the token was a correct one. if (!(e.getMessage().startsWith("The Token has expired on") && isSakaiSessionStillValid(jwt.getClaim("sessionId").asString()))) { throw new JwtTokenMalformedException(String.format("Error occurred while decoding access token '%s'", token), e); } } // Manually verify audience and issuer since we are using the validation error flow to allow for time // extensions - in lieu of just specifying withAudience(JWT_AUDIENCE).withIssuer(JWT_ISSUER) to the Verifier if (!jwt.getAudience().contains(JWT_AUDIENCE)) { throw new JwtTokenMalformedException(String.format("Access token denied for audience. Expected: ['%s'], " + "Provided: %s, Token: %s", JWT_AUDIENCE, jwt.getAudience().toString(), token)); } if (!jwt.getIssuer().contentEquals(JWT_ISSUER)) { throw new JwtTokenMalformedException(String.format("Access token denied for issuer. Expected: ['%s'], " + "Provided: %s, Token: %s", JWT_ISSUER, jwt.getIssuer().toString(), token)); } return jwt; }
Example #22
Source File: From Knowage-Server with GNU Affero General Public License v3.0 | 5 votes |
@Override public void validateTicket(String ticket, String userId) throws SecurityException { try { String jwtToken = ticket; logger.debug("JWT token in input : [" + jwtToken + "]"); JWTVerifier verifier = JWT.require(algorithm).withIssuer("knowage").build(); verifier.verify(jwtToken); logger.debug("JWT token verified properly"); } catch (JWTVerificationException e) { throw new SecurityException("Invalid JWT token!", e); } }
Example #23
Source File: From MicroCommunity with Apache License 2.0 | 5 votes |
/** * 校验Token * * @param token * @return * @throws Exception */ public static Map<String, String> verifyToken(String token) throws Exception { String jwtSecret = MappingCache.getValue(MappingConstant.KEY_JWT_SECRET); if (StringUtil.isNullOrNone(jwtSecret)) { jwtSecret = CommonConstant.DEFAULT_JWT_SECRET; } Algorithm algorithm = Algorithm.HMAC256(jwtSecret); JWTVerifier verifier = JWT.require(algorithm).withIssuer("java110").build(); DecodedJWT jwt = verifier.verify(token); String jdi = jwt.getId(); //保存token Id String userId = JWTCache.getValue(jdi); if (StringUtil.isNullOrNone(userId)) { throw new JWTVerificationException("用户还未登录"); } String expireTime = MappingCache.getValue(MappingConstant.KEY_JWT_EXPIRE_TIME); if (StringUtil.isNullOrNone(expireTime)) { expireTime = CommonConstant.DEFAULT_JWT_EXPIRE_TIME; } //刷新过时时间 JWTCache.resetExpireTime(jdi, Integer.parseInt(expireTime)); Map<String, Claim> claims = jwt.getClaims(); // Add the claim to request header Map<String, String> paramOut = new HashMap<String, String>(); for (String key : claims.keySet()) { paramOut.put(key, claims.get(key).asString()); } paramOut.put(CommonConstant.LOGIN_USER_ID, userId); return paramOut; }
Example #24
Source File: From recheck with GNU Affero General Public License v3.0 | 5 votes |
private boolean isAccessTokenValid() { try { final DecodedJWT verify = verifier.verify( accessToken ); return accessToken != null && verify != null; } catch ( final JWTVerificationException exception ) { "Current token is invalid, requesting new one" ); } return false; }
Example #25
Source File: From flowchat with GNU General Public License v3.0 | 5 votes |
public static final DecodedJWT decodeJWTToken(String token) { DecodedJWT jwt = null; try { JWTVerifier verifier = JWT.require(getJWTAlgorithm()).withIssuer("flowchat").build(); jwt = verifier.verify(token); } catch (JWTVerificationException e) { } return jwt; }
Example #26
Source File: From curiostack with MIT License | 5 votes |
public CompletableFuture<DecodedJWT> verify(String token) { final DecodedJWT unverifiedJwt; try { unverifiedJwt = JWT.decode(token); } catch (JWTVerificationException e) { return CompletableFuturesExtra.exceptionallyCompletedFuture(e); } return getAlgorithm(unverifiedJwt.getKeyId()) .thenApply( alg -> { JWTVerifier verifier = JWT.require(alg).build(); return verifier.verify(token); }); }
Example #27
Source File: From flow-platform-x with Apache License 2.0 | 5 votes |
public static boolean verify(String token, User user, boolean checkExpire) { try { Algorithm algorithm = Algorithm.HMAC256(user.getPasswordOnMd5()); JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build(); verifier.verify(token); return true; } catch (JWTVerificationException e) { if (e instanceof TokenExpiredException) { return !checkExpire; } return false; } }
Example #28
Source File: From mycore with GNU General Public License v3.0 | 5 votes |
private static void checkIPClaim(Claim ipClaim, String remoteAddr) { try { if (ipClaim.isNull() || !MCRFrontendUtil.isIPAddrAllowed(ipClaim.asString(), remoteAddr)) { throw new JWTVerificationException( "The Claim '" + MCRJWTUtil.JWT_CLAIM_IP + "' value doesn't match the required one."); } } catch (UnknownHostException e) { throw new JWTVerificationException( "The Claim '" + MCRJWTUtil.JWT_CLAIM_IP + "' value doesn't match the required one.", e); } }
Example #29
Source File: From WeEvent with Apache License 2.0 | 5 votes |
/** * decode AccountEntity from token * f * * @param token token * @return AccountEntity */ public static AccountEntity decodeToken(String token, String privateSecret) { try { JWTVerifier verifier = JWT.require(Algorithm.HMAC256(privateSecret)).build(); DecodedJWT jwt = verifier.verify(token); // check expired date if (Calendar.getInstance().getTime().after(jwt.getExpiresAt())) { log.error("expired token at {}", jwt.getExpiresAt()); return null; } return new AccountEntity(jwt.getIssuer()); } catch (JWTVerificationException e) { log.error("invalid jwt token", e); return null; } }
Example #30
Source File: From mycore with GNU General Public License v3.0 | 5 votes |
public static void validate(String token) throws JWTVerificationException { if (!Optional.of(JWT.require(MCRJWTUtil.getJWTAlgorithm()) .withAudience(AUDIENCE) .build().verify(token)) .map(DecodedJWT::getId) .map(MCRSessionMgr::getSession) .isPresent()) { throw new JWTVerificationException("MCRSession is invalid."); } }