Java Code Examples for com.auth0.jwt.interfaces.DecodedJWT#getClaim()

The following examples show how to use com.auth0.jwt.interfaces.DecodedJWT#getClaim() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JWTAuthenticationProvider.java    From airsonic with GNU General Public License v3.0 6 votes vote down vote up
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    JWTAuthenticationToken authentication = (JWTAuthenticationToken) auth;
    if (authentication.getCredentials() == null || !(authentication.getCredentials() instanceof String)) {
        LOG.error("Credentials not present");
        return null;
    }
    String rawToken = (String) auth.getCredentials();
    DecodedJWT token = JWTSecurityService.verify(jwtKey, rawToken);
    Claim path = token.getClaim(JWTSecurityService.CLAIM_PATH);
    authentication.setAuthenticated(true);

    // TODO:AD This is super unfortunate, but not sure there is a better way when using JSP
    if (StringUtils.contains(authentication.getRequestedPath(), "/WEB-INF/jsp/")) {
        LOG.warn("BYPASSING AUTH FOR WEB-INF page");
    } else if (!roughlyEqual(path.asString(), authentication.getRequestedPath())) {
        throw new InsufficientAuthenticationException("Credentials not valid for path " + authentication
                .getRequestedPath() + ". They are valid for " + path.asString());
    }

    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_FULLY"));
    authorities.add(new SimpleGrantedAuthority("ROLE_TEMP"));
    return new JWTAuthenticationToken(authorities, rawToken, authentication.getRequestedPath());
}
 
Example 2
Source File: JWTSsoService.java    From Knowage-Server with GNU Affero General Public License v3.0 6 votes vote down vote up
@Override
public String readUserIdentifier(HttpServletRequest request) {
	try {
		String jwtToken = request.getParameter(SsoServiceInterface.USER_ID);
		if (jwtToken == null) {
			logger.debug("JWT token not found in request");
			return null;
		}
		LogMF.debug(logger, "JWT token in input is [{0}]", jwtToken);
		JWTVerifier verifier = JWT.require(algorithm).build();
		DecodedJWT decodedJWT = verifier.verify(jwtToken);
		logger.debug("JWT token verified properly");
		Claim userIdClaim = decodedJWT.getClaim(SsoServiceInterface.USER_ID);
		LogMF.debug(logger, "User id detected is [{0}]", userIdClaim.asString());
		assertNotEmpty(userIdClaim, "User id information is missing!!!");
		return jwtToken;
	} catch (JWTVerificationException e) {
		throw new SpagoBIRuntimeException("Invalid JWT token!", e);
	}
}
 
Example 3
Source File: JWTSecurityServiceTest.java    From airsonic-advanced with GNU General Public License v3.0 5 votes vote down vote up
@Test
public void addJWTToken() {
    UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(uriString);
    String actualUri = service.addJWTToken("xyz", builder).build().toUriString();
    String jwtToken = UriComponentsBuilder.fromUriString(actualUri).build().getQueryParams().getFirst(
            JWTSecurityService.JWT_PARAM_NAME);
    DecodedJWT verify = verifier.verify(jwtToken);
    Claim claim = verify.getClaim(JWTSecurityService.CLAIM_PATH);
    assertEquals(expectedClaimString, claim.asString());
    assertEquals("xyz", verify.getSubject());
}
 
Example 4
Source File: JWTTokenManager.java    From data-transfer-project with Apache License 2.0 5 votes vote down vote up
@Override
public UUID getJobIdFromToken(String token) {
  try {
    DecodedJWT jwt = verifier.verify(token);
    // Token is verified, get claim
    Claim claim = jwt.getClaim(JWTTokenManager.ID_CLAIM_KEY);
    if (claim.isNull()) {
      return null;
    }
    return claim.isNull() ? null : UUID.fromString(claim.asString());
  } catch (JWTVerificationException exception) {
    monitor.debug(() -> "Error verifying token", exception);
    throw new RuntimeException("Error verifying token: " + token);
  }
}
 
Example 5
Source File: JWTSecurityServiceTest.java    From airsonic with GNU General Public License v3.0 5 votes vote down vote up
@Test
public void addJWTToken() {
    UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(uriString);
    String actualUri = service.addJWTToken(builder).build().toUriString();
    String jwtToken = UriComponentsBuilder.fromUriString(actualUri).build().getQueryParams().getFirst(
            JWTSecurityService.JWT_PARAM_NAME);
    DecodedJWT verify = verifier.verify(jwtToken);
    Claim claim = verify.getClaim(JWTSecurityService.CLAIM_PATH);
    assertEquals(expectedClaimString, claim.asString());
}
 
Example 6
Source File: AuthServiceImpl.java    From smockin with Apache License 2.0 5 votes vote down vote up
public void checkTokenRoles(final String jwt, SmockinUserRoleEnum... roles) throws AuthException {

        final DecodedJWT decodedJWT = jwtVerifier.verify(jwt);
        final Claim roleClaim = decodedJWT.getClaim(jwtRoleKey);

        if (roleClaim == null || !Stream.of(roles).anyMatch(r -> r.name().equals(roleClaim.asString()))) {
            throw new AuthException();
        }
    }
 
Example 7
Source File: JWTSsoService.java    From Knowage-Server with GNU Affero General Public License v3.0 5 votes vote down vote up
public static String jwtToken2userId(String jwtToken) throws JWTVerificationException {
	LogMF.debug(logger, "JWT token in input is [{0}]", jwtToken);
	JWTVerifier verifier = JWT.require(algorithm).build();
	DecodedJWT decodedJWT = verifier.verify(jwtToken);
	logger.debug("JWT token verified properly");
	Claim userIdClaim = decodedJWT.getClaim(SsoServiceInterface.USER_ID);
	LogMF.debug(logger, "User id detected is [{0}]", userIdClaim.asString());
	assertNotEmpty(userIdClaim, "User id information is missing!!!");
	String userId = userIdClaim.asString();
	LogMF.debug(logger, "User id is [{0}]", userId);
	return userId;
}
 
Example 8
Source File: JwtTokenProvider.java    From realworld-api-quarkus with MIT License 4 votes vote down vote up
@Override
public Role[] extractRoles(DecodedJWT decodedJWT) {
  Claim claim = decodedJWT.getClaim(CLAIM_ROLES);
  return claim.asArray(Role.class);
}
 
Example 9
Source File: TokenUtil.java    From onenet-iot-project with MIT License 3 votes vote down vote up
/**
 * 通过token获取其中的key对应的值
 *
 * @param token 认证的token
 * @param key   对应的键
 * @return claim对象
 * @throws JWTVerificationException
 */
public Claim getClaim(String token, String key) throws JWTVerificationException {
    Algorithm algorithm = Algorithm.HMAC256(env.getProperty("jwt.secret-key"));
    JWTVerifier verifier = JWT.require(algorithm).build();
    DecodedJWT jwt = verifier.verify(token);
    return jwt.getClaim(key);
}