com.auth0.jwt.exceptions.JWTVerificationException Java Examples

The following examples show how to use com.auth0.jwt.exceptions.JWTVerificationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwtAuthenticationServiceImpl.java    From alibaba-rsocket-broker with Apache License 2.0 6 votes vote down vote up
@Override
public @Nullable NamedPrincipal auth(String jwtToken) {
    int tokenHashCode = jwtToken.hashCode();
    NamedPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode);
    if (principal == null) {
        for (JWTVerifier verifier : verifiers) {
            try {
                DecodedJWT decodedJWT = verifier.verify(jwtToken);
                principal = new NamedPrincipal(decodedJWT.getSubject());
                jwtVerifyCache.put(tokenHashCode, principal);
                break;
            } catch (JWTVerificationException ignore) {

            }
        }
    }
    return principal;
}
 
Example #2
Source File: SignatureVerifier.java    From auth0-java with MIT License 6 votes vote down vote up
/**
 * Verifies a token's signature.
 *
 * @param token the token for which to verify its signature.
 * @return a {@linkplain DecodedJWT} that represents the token.
 * @throws IdTokenValidationException if the signature verification failed.
 */
DecodedJWT verifySignature(String token) throws IdTokenValidationException {
    DecodedJWT decoded = decodeToken(token);

    try {
        this.verifier.verify(decoded);
    } catch (AlgorithmMismatchException algorithmMismatchException) {
        String message = String.format("Signature algorithm of \"%s\" is not supported. Expected the ID token to be signed with \"%s\"",
                decoded.getAlgorithm(), this.algorithm.getName());
        throw new IdTokenValidationException(message, algorithmMismatchException);
    } catch (SignatureVerificationException signatureVerificationException) {
        throw new IdTokenValidationException("Invalid ID token signature", signatureVerificationException);
    } catch (JWTVerificationException ignored) {
        // no-op. Would only occur for expired tokens, which will be handle during claims validation
    }

    return decoded;
}
 
Example #3
Source File: JWTFilter.java    From spring-jwt-gateway with Apache License 2.0 6 votes vote down vote up
@Override
public GatewayFilter apply(NameValueConfig config) {
    return (exchange, chain) -> {

        try {
            String token = this.extractJWTToken(exchange.getRequest());
            DecodedJWT decodedJWT = this.jwtVerifier.verify(token);

            ServerHttpRequest request = exchange.getRequest().mutate().
                    header(X_JWT_SUB_HEADER, decodedJWT.getSubject()).
                    build();

            return chain.filter(exchange.mutate().request(request).build());

        } catch (JWTVerificationException ex) {

            logger.error(ex.toString());
            return this.onError(exchange, ex.getMessage());
        }
    };
}
 
Example #4
Source File: TaskController.java    From onenet-iot-project with MIT License 6 votes vote down vote up
/**
 * 通过任务 ID 获取任务生产进度
 *
 * @param request 请求
 * @param taskId  任务 ID
 * @return Response
 */
@GetMapping("/{taskId}/process")
public Response getTaskProcess(HttpServletRequest request, @PathVariable String taskId) {
    String token = request.getHeader("token");
    if (!VerifyUtil.checkString(taskId, token)) {
        return ResultUtil.returnStatus(ResponseStatus.PARAMS_ERROR);
    } else {
        try {
            // 解析token
            Claim claim = tokenUtil.getClaim(token, "account_id");
            Account account = accountService.findAccountById(claim.asString());
            // 判断角色是否有权限
            if (account != null && account.getRole() == Role.ADMIN) {
                Map<String, Object> status = taskService.getStatus(taskId);
                log.info("get status: {}", status);
                return ResultUtil.returnStatusAndData(ResponseStatus.SUCCESS, status);
            } else {
                return ResultUtil.returnStatus(ResponseStatus.VISITED_FORBID);
            }
        } catch (JWTVerificationException e) {
            // 解析失败,token无效
            log.error("{}", e);
            return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN);
        }
    }
}
 
Example #5
Source File: TokenDecoder.java    From cf-java-logging-support with Apache License 2.0 6 votes vote down vote up
/**
 * This method validates if a token has a valid signature as well as a valid
 * timestamp and returns the decoded token
 *
 * @throws DynamicLogLevelException
 */
public DecodedJWT validateAndDecodeToken(String token) throws DynamicLogLevelException {
    try {
        DecodedJWT jwt = verifier.verify(token);
        Date exp = jwt.getExpiresAt();
        Date iat = jwt.getIssuedAt();
        Date now = new Date();

        if (exp != null && iat != null && now.after(iat) && now.before(exp)) {
            return jwt;
        } else {
            throw new DynamicLogLevelException("Token provided to dynamically change the log-level on thread-level is outdated");
        }
    } catch (JWTVerificationException e) {
        // Exception is not attached to avoid logging of JWT token
        throw new DynamicLogLevelException("Token could not be verified");
    }
}
 
Example #6
Source File: JWTTokenAsUserUniqueIdentifierSsoService.java    From Knowage-Server with GNU Affero General Public License v3.0 6 votes vote down vote up
public String readUserIdentifier(HttpServletRequest request) {
	try {
		String jwtToken = request.getParameter(SsoServiceInterface.USER_ID);
		if (jwtToken == null) {
			logger.debug("JWT token not found in request");
			return null;
		}
		logger.debug("JWT token retrieved : [" + jwtToken + "]");
		JWTVerifier verifier = JWT.require(algorithm).build();
		verifier.verify(jwtToken);
		logger.debug("JWT token verified properly");
		return jwtToken; // we consider the JWT token as user unique identifier
	} catch (JWTVerificationException e) {
		throw new SpagoBIRuntimeException("Invalid JWT token!", e);
	}
}
 
Example #7
Source File: OAuth2AuthenticationResourceTest.java    From gravitee-management-rest-api with Apache License 2.0 6 votes vote down vote up
private void verifyJwtToken(Response response) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, JWTVerificationException {
    Token responseToken = response.readEntity(Token.class);
    assertEquals("BEARER", responseToken.getTokenType().name());

    String token = responseToken.getToken();

    Algorithm algorithm = Algorithm.HMAC256("myJWT4Gr4v1t33_S3cr3t");
    JWTVerifier jwtVerifier = JWT.require(algorithm).build();

    DecodedJWT jwt = jwtVerifier.verify(token);

    assertEquals(jwt.getSubject(),"janedoe@example.com");

    assertEquals("Jane", jwt.getClaim("firstname").asString());
    assertEquals("gravitee-management-auth", jwt.getClaim("iss").asString());
    assertEquals("janedoe@example.com", jwt.getClaim("sub").asString());
    assertEquals("janedoe@example.com", jwt.getClaim("email").asString());
    assertEquals("Doe", jwt.getClaim("lastname").asString());
}
 
Example #8
Source File: JWTGenerator.java    From elepy with Apache License 2.0 6 votes vote down vote up
@Override
public Grant validateToken(String rawToken) {
    try {
        final var decodedToken = JWT.require(algorithm).build().verify(rawToken);

        final var userId = decodedToken.getClaim("userId").asString();
        final var username = decodedToken.getClaim("username").asString();
        final var permissions = decodedToken.getClaim("permissions").asList(String.class);

        final var grant = new Grant();

        grant.setPermissions(permissions);
        grant.setUserId(userId);
        grant.setUsername(username);
        return grant;
    } catch (JWTVerificationException e) {
        return null;
    }
}
 
Example #9
Source File: SecureServerComms.java    From vicinity-gateway-api with GNU General Public License v3.0 6 votes vote down vote up
public String loadToken(File file) {
	// loaded data
	String token;
   	try {
   		InputStream is = new FileInputStream(file);
           token = IOUtils.toString(is, "UTF-8");
           is.close();
           verifyToken(token);
   	} catch (IOException i) {
    	logger.warning("Token could not be loaded from file, creating new one...");
    	i.printStackTrace();
    	token = generateToken();
        return token;
	} catch (JWTVerificationException jwte){
	    //Invalid signature/claims
    	logger.warning("Error verifying file token, creating new one...");
    	jwte.printStackTrace();
    	token = generateToken();
        return token;
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
   	return token;
}
 
Example #10
Source File: JwtApplication.java    From spring-boot-study with MIT License 6 votes vote down vote up
/**
 * 验证 token
 * */
private static void verifyJWTToken(String token) throws JWTVerificationException {
    Algorithm algorithm=Algorithm.HMAC256("secret");
    JWTVerifier verifier = JWT.require(algorithm)
            .withIssuer("SERVICE")
            .build();

    DecodedJWT jwt =verifier.verify(token);
    String subject=jwt.getSubject();
    Map<String,Claim> claims=jwt.getClaims();
    Claim claim = claims.get("loginName");
    System.out.println("自定义 claim:"+claim.asString());

    List<String> audience = jwt.getAudience();
    System.out.println("subject 值:"+subject);
    System.out.println("audience 值:"+audience.get(0));
}
 
Example #11
Source File: MachineController.java    From onenet-iot-project with MIT License 6 votes vote down vote up
/**
 * 获取机器设备列表
 *
 * @param request 请求
 * @return Response
 */
@GetMapping
public Response getMachineList(HttpServletRequest request) {
    String token = request.getHeader("token");
    if (!VerifyUtil.checkString(token)) {
        return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN);
    } else {
        try {
            // 解析token
            Claim claim = tokenUtil.getClaim(token, "account_id");
            Account account = accountService.findAccountById(claim.asString());
            // 判断角色是否有权限
            if (account != null && account.getRole() == Role.ADMIN) {
                List<Machine> machines = machineService.findAllMachine();
                log.info("machines: {}", machines);
                return ResultUtil.returnStatusAndData(ResponseStatus.SUCCESS, machines);
            } else {
                return ResultUtil.returnStatus(ResponseStatus.VISITED_FORBID);
            }
        } catch (JWTVerificationException e) {
            // 解析失败,token无效
            log.error("{}", e);
            return ResultUtil.returnStatus(ResponseStatus.NOT_LOGIN);
        }
    }
}
 
Example #12
Source File: AuthenticationServiceJwtImpl.java    From alibaba-rsocket-broker with Apache License 2.0 6 votes vote down vote up
@Override
@Nullable
public RSocketAppPrincipal auth(String type, String credentials) {
    int tokenHashCode = credentials.hashCode();
    RSocketAppPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode);
    for (JWTVerifier verifier : verifiers) {
        try {
            principal = new JwtPrincipal(verifier.verify(credentials), credentials);
            jwtVerifyCache.put(tokenHashCode, principal);
            break;
        } catch (JWTVerificationException ignore) {

        }
    }
    return principal;
}
 
Example #13
Source File: SignatureVerifier.java    From auth0-java-mvc-common with MIT License 6 votes vote down vote up
DecodedJWT verifySignature(String token) throws TokenValidationException {
    DecodedJWT decoded = decodeToken(token);
    if (!this.acceptedAlgorithms.contains(decoded.getAlgorithm())) {
        throw new TokenValidationException(String.format("Signature algorithm of \"%s\" is not supported. Expected the ID token to be signed with \"%s\".", decoded.getAlgorithm(), this.acceptedAlgorithms));
    }
    if (verifier != null) {
        try {
            verifier.verify(decoded);
        } catch (SignatureVerificationException e) {
            throw new TokenValidationException("Invalid token signature", e);
        } catch (JWTVerificationException ignored) {
            //NO-OP. Will be catch on a different step
            //Would only trigger for "expired tokens" (invalid exp)
        }
    }

    return decoded;
}
 
Example #14
Source File: JwtHelper.java    From litemall with MIT License 5 votes vote down vote up
public Integer verifyTokenAndGetUserId(String token) {
		try {
		    Algorithm algorithm = Algorithm.HMAC256(SECRET);
		    JWTVerifier verifier = JWT.require(algorithm)
		        .withIssuer(ISSUSER)
		        .build();
		    DecodedJWT jwt = verifier.verify(token);
		    Map<String, Claim> claims = jwt.getClaims();
		    Claim claim = claims.get("userId");
		    return claim.asInt();
		} catch (JWTVerificationException exception){
//			exception.printStackTrace();
		}
		
		return 0;
	}
 
Example #15
Source File: JWTTokenManager.java    From data-transfer-project with Apache License 2.0 5 votes vote down vote up
@Override
public UUID getJobIdFromToken(String token) {
  try {
    DecodedJWT jwt = verifier.verify(token);
    // Token is verified, get claim
    Claim claim = jwt.getClaim(JWTTokenManager.ID_CLAIM_KEY);
    if (claim.isNull()) {
      return null;
    }
    return claim.isNull() ? null : UUID.fromString(claim.asString());
  } catch (JWTVerificationException exception) {
    monitor.debug(() -> "Error verifying token", exception);
    throw new RuntimeException("Error verifying token: " + token);
  }
}
 
Example #16
Source File: SignupJWTTokenManager.java    From Knowage-Server with GNU Affero General Public License v3.0 5 votes vote down vote up
public static String verifyJWTToken(String token) throws TokenExpiredException, SecurityException{
	try {
		String jwtToken = token;
		return JWTSsoService.jwtToken2userId(jwtToken);
	}catch (TokenExpiredException te) {
		throw te;
	}catch (JWTVerificationException e) {
		throw new SecurityException("Invalid JWT token!", e);
	}
}
 
Example #17
Source File: SecureServerComms.java    From vicinity-gateway-api with GNU General Public License v3.0 5 votes vote down vote up
private void verifyToken(String token) throws JWTVerificationException, IOException{
	String file = path + pubKey;
	try {
		RSAPublicKey publicKey = readPublicKey(file); //Get the key instance
	    Algorithm algorithm = Algorithm.RSA256(publicKey, null);
	    JWTVerifier verifier = JWT.require(algorithm)
	        .withIssuer(agid)
	        .build(); //Reusable verifier instance
	    DecodedJWT jwt = verifier.verify(token);
	    logger.fine("Token expires at: " + jwt.getExpiresAt().toString());
	} catch (Exception e) {
    	e.printStackTrace();
	}
}
 
Example #18
Source File: AbstractJWKSTest.java    From microprofile-jwt-auth with Apache License 2.0 5 votes vote down vote up
/**
 * Ensure a token is validated by the provider using the JWKS URL for the public key associated
 * with the signer.
 *
 * @throws Exception
 */
@Test(expectedExceptions = {InvalidJwtException.class, BadJOSEException.class, JWTVerificationException.class})
public void testNoMatchingKID() throws Exception {
    PrivateKey pk = loadPrivateKey();
    String token = TokenUtils.generateTokenString(pk, "invalid-kid", "/Token1.json", null, null);
    int expGracePeriodSecs = 60;
    validateToken(token, new URL(endpoint), TEST_ISSUER, expGracePeriodSecs);
}
 
Example #19
Source File: AuthServiceImpl.java    From smockin with Apache License 2.0 5 votes vote down vote up
public void verifyToken(final String jwt) throws AuthException {

        try {
            jwtVerifier.verify(jwt);
        } catch (JWTVerificationException ex) {
            logger.debug("JWT authorization failed", ex);
            throw new AuthException();
        }
    }
 
Example #20
Source File: JwtHelper.java    From flow-platform-x with Apache License 2.0 5 votes vote down vote up
public static boolean verify(String token, User user, boolean checkExpire) {
    try {
        Algorithm algorithm = Algorithm.HMAC256(user.getPasswordOnMd5());
        JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build();

        verifier.verify(token);
        return true;
    } catch (JWTVerificationException e) {
        if (e instanceof TokenExpiredException) {
            return !checkExpire;
        }
        return false;
    }
}
 
Example #21
Source File: JwtTokenUtil.java    From sakai with Educational Community License v2.0 5 votes vote down vote up
private JWT decodeToken(String token) {

        JWT jwt = null;

        try {

            jwt = JWT.decode(token);

            // First verify it
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(
                    serverConfigurationService.getString(rubricsConfiguration.RUBRICS_TOKEN_SIGNING_SHARED_SECRET_PROPERTY, rubricsConfiguration.RUBRICS_TOKEN_SIGNING_SHARED_SECRET_DEFAULT)))
                    .build(); //Reusable verifier instance
            verifier.verify(token);

        } catch (UnsupportedEncodingException | JWTVerificationException e) {
            // If expired, check if the session is still live in the sakai system
            // we can do this because the first exception to be launched is the signature verification failure
            // So if the exception is only about token expiring we can be sure the token was a correct one.
            if (!(e.getMessage().startsWith("The Token has expired on")
                    && isSakaiSessionStillValid(jwt.getClaim("sessionId").asString()))) {
                throw new JwtTokenMalformedException(String.format("Error occurred while decoding access token '%s'", token), e);
            }
        }

        // Manually verify audience and issuer since we are using the validation error flow to allow for time
        // extensions - in lieu of just specifying withAudience(JWT_AUDIENCE).withIssuer(JWT_ISSUER) to the Verifier
        if (!jwt.getAudience().contains(JWT_AUDIENCE)) {
            throw new JwtTokenMalformedException(String.format("Access token denied for audience. Expected: ['%s'], " +
                    "Provided: %s, Token: %s", JWT_AUDIENCE, jwt.getAudience().toString(), token));
        }
        if (!jwt.getIssuer().contentEquals(JWT_ISSUER)) {
            throw new JwtTokenMalformedException(String.format("Access token denied for issuer. Expected: ['%s'], " +
                    "Provided: %s, Token: %s", JWT_ISSUER, jwt.getIssuer().toString(), token));
        }

        return jwt;
    }
 
Example #22
Source File: JWTSsoService.java    From Knowage-Server with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
public void validateTicket(String ticket, String userId) throws SecurityException {
	try {
		String jwtToken = ticket;
		logger.debug("JWT token in input : [" + jwtToken + "]");
		JWTVerifier verifier = JWT.require(algorithm).withIssuer("knowage").build();
		verifier.verify(jwtToken);
		logger.debug("JWT token verified properly");
	} catch (JWTVerificationException e) {
		throw new SecurityException("Invalid JWT token!", e);
	}
}
 
Example #23
Source File: AuthenticationFactory.java    From MicroCommunity with Apache License 2.0 5 votes vote down vote up
/**
 * 校验Token
 *
 * @param token
 * @return
 * @throws Exception
 */
public static Map<String, String> verifyToken(String token) throws Exception {
    String jwtSecret = MappingCache.getValue(MappingConstant.KEY_JWT_SECRET);
    if (StringUtil.isNullOrNone(jwtSecret)) {
        jwtSecret = CommonConstant.DEFAULT_JWT_SECRET;
    }
    Algorithm algorithm = Algorithm.HMAC256(jwtSecret);
    JWTVerifier verifier = JWT.require(algorithm).withIssuer("java110").build();
    DecodedJWT jwt = verifier.verify(token);
    String jdi = jwt.getId();
    //保存token Id
    String userId = JWTCache.getValue(jdi);
    if (StringUtil.isNullOrNone(userId)) {
        throw new JWTVerificationException("用户还未登录");
    }
    String expireTime = MappingCache.getValue(MappingConstant.KEY_JWT_EXPIRE_TIME);
    if (StringUtil.isNullOrNone(expireTime)) {
        expireTime = CommonConstant.DEFAULT_JWT_EXPIRE_TIME;
    }
    //刷新过时时间
    JWTCache.resetExpireTime(jdi, Integer.parseInt(expireTime));
    Map<String, Claim> claims = jwt.getClaims();
    // Add the claim to request header
    Map<String, String> paramOut = new HashMap<String, String>();
    for (String key : claims.keySet()) {
        paramOut.put(key, claims.get(key).asString());
    }
    paramOut.put(CommonConstant.LOGIN_USER_ID, userId);
    return paramOut;
}
 
Example #24
Source File: RetestAuthentication.java    From recheck with GNU Affero General Public License v3.0 5 votes vote down vote up
private boolean isAccessTokenValid() {
	try {
		final DecodedJWT verify = verifier.verify( accessToken );
		return accessToken != null && verify != null;
	} catch ( final JWTVerificationException exception ) {
		log.info( "Current token is invalid, requesting new one" );
	}
	return false;
}
 
Example #25
Source File: Tools.java    From flowchat with GNU General Public License v3.0 5 votes vote down vote up
public static final DecodedJWT decodeJWTToken(String token) {

        DecodedJWT jwt = null;

        try {
            JWTVerifier verifier = JWT.require(getJWTAlgorithm()).withIssuer("flowchat").build(); 
            jwt = verifier.verify(token);
        } catch (JWTVerificationException e) {
        }

        return jwt;
    }
 
Example #26
Source File: JwtVerifier.java    From curiostack with MIT License 5 votes vote down vote up
public CompletableFuture<DecodedJWT> verify(String token) {
  final DecodedJWT unverifiedJwt;
  try {
    unverifiedJwt = JWT.decode(token);
  } catch (JWTVerificationException e) {
    return CompletableFuturesExtra.exceptionallyCompletedFuture(e);
  }
  return getAlgorithm(unverifiedJwt.getKeyId())
      .thenApply(
          alg -> {
            JWTVerifier verifier = JWT.require(alg).build();
            return verifier.verify(token);
          });
}
 
Example #27
Source File: JwtHelper.java    From flow-platform-x with Apache License 2.0 5 votes vote down vote up
public static boolean verify(String token, User user, boolean checkExpire) {
    try {
        Algorithm algorithm = Algorithm.HMAC256(user.getPasswordOnMd5());
        JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build();

        verifier.verify(token);
        return true;
    } catch (JWTVerificationException e) {
        if (e instanceof TokenExpiredException) {
            return !checkExpire;
        }
        return false;
    }
}
 
Example #28
Source File: MCRSessionFilter.java    From mycore with GNU General Public License v3.0 5 votes vote down vote up
private static void checkIPClaim(Claim ipClaim, String remoteAddr) {
    try {
        if (ipClaim.isNull() || !MCRFrontendUtil.isIPAddrAllowed(ipClaim.asString(), remoteAddr)) {
            throw new JWTVerificationException(
                "The Claim '" + MCRJWTUtil.JWT_CLAIM_IP + "' value doesn't match the required one.");
        }
    } catch (UnknownHostException e) {
        throw new JWTVerificationException(
            "The Claim '" + MCRJWTUtil.JWT_CLAIM_IP + "' value doesn't match the required one.", e);
    }
}
 
Example #29
Source File: JwtUtils.java    From WeEvent with Apache License 2.0 5 votes vote down vote up
/**
 * decode AccountEntity from token
 * f
 *
 * @param token token
 * @return AccountEntity
 */
public static AccountEntity decodeToken(String token, String privateSecret) {
    try {
        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(privateSecret)).build();
        DecodedJWT jwt = verifier.verify(token);
        // check expired date
        if (Calendar.getInstance().getTime().after(jwt.getExpiresAt())) {
            log.error("expired token at {}", jwt.getExpiresAt());
            return null;
        }
        return new AccountEntity(jwt.getIssuer());
    } catch (JWTVerificationException e) {
        log.error("invalid jwt token", e);
        return null;
    }
}
 
Example #30
Source File: MCRJWTResource.java    From mycore with GNU General Public License v3.0 5 votes vote down vote up
public static void validate(String token) throws JWTVerificationException {
    if (!Optional.of(JWT.require(MCRJWTUtil.getJWTAlgorithm())
        .withAudience(AUDIENCE)
        .build().verify(token))
        .map(DecodedJWT::getId)
        .map(MCRSessionMgr::getSession)
        .isPresent()) {
        throw new JWTVerificationException("MCRSession is invalid.");
    }
}