Java Code Examples for com.nimbusds.jwt.JWTClaimsSet#getAudience()

The following examples show how to use com.nimbusds.jwt.JWTClaimsSet#getAudience() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OpenIdConnectJwtValidation.java    From remote-monitoring-services-java with MIT License 6 votes vote down vote up
/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 
Example 2
Source File: OpenIdConnectJwtValidation.java    From remote-monitoring-services-java with MIT License 6 votes vote down vote up
/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 
Example 3
Source File: OpenIdConnectJwtValidation.java    From remote-monitoring-services-java with MIT License 6 votes vote down vote up
/**
 * Check whether the token has been released to the expected audience
 */
private boolean validateTokenAudience(JWTClaimsSet claims) {
    List<String> audiences = claims.getAudience();

    if (audiences == null) {
        log.error("The authorization token doesn't have an audience (aud)");
        return false;
    }

    if (audiences.contains(this.audience)) {
        return true;
    }

    log.error("The authorization token audience `{}` doesn't match the expected audience `{}`",
        audiences, this.audience);

    return false;
}
 
Example 4
Source File: CellerySignedJWTValidator.java    From cellery-security with Apache License 2.0 5 votes vote down vote up
private void validateMandatoryJWTClaims(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception {

        String subject = claimsSet.getSubject();
        List<String> audience = claimsSet.getAudience();
        String jti = claimsSet.getJWTID();
        if (StringUtils.isEmpty(claimsSet.getIssuer()) || StringUtils.isEmpty(subject) ||
                claimsSet.getExpirationTime() == null || audience == null || jti == null) {
            throw new IdentityOAuth2Exception("Mandatory fields(Issuer, Subject, Expiration time, jtl or Audience) " +
                    "are empty in the given Token.");
        }
    }
 
Example 5
Source File: JwtLoginService.java    From cruise-control with BSD 2-Clause "Simplified" License 5 votes vote down vote up
private boolean validateAudiences(JWTClaimsSet claimsSet) {
  if (_audiences == null) {
    return true;
  }
  List<String> tokenAudienceList = claimsSet.getAudience();
  for (String aud : tokenAudienceList) {
    if (_audiences.contains(aud)) {
      JWT_LOGGER.trace("JWT token audience has been successfully validated");
      return true;
    }
  }
  JWT_LOGGER.trace("Couldn't find a valid audience");
  return false;
}
 
Example 6
Source File: KnoxService.java    From nifi with Apache License 2.0 5 votes vote down vote up
/**
 * Validate the jwt audience.
 *
 * @param jwtToken knox jwt
 * @return whether this jwt audience is valid
 * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set
 */
private boolean validateAudience(final SignedJWT jwtToken) throws ParseException {
    if (audiences == null) {
        return true;
    }

    final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
    if (claimsSet == null) {
        logger.error("Claims set is missing from Knox JWT.");
        return false;
    }

    final List<String> tokenAudiences = claimsSet.getAudience();
    if (tokenAudiences == null) {
        logger.error("Audience is missing from the Knox JWT.");
        return false;
    }

    boolean valid = false;
    for (final String tokenAudience : tokenAudiences) {
        // ensure one of the audiences is matched
        if (audiences.contains(tokenAudience)) {
            valid = true;
            break;
        }
    }

    if (!valid) {
        logger.error(String.format("The Knox JWT does not have the required audience(s). Required one of [%s]. Present in JWT [%s].",
                StringUtils.join(audiences, ", "), StringUtils.join(tokenAudiences, ", ")));
    }

    return valid;
}