Example 51 with Role
use of com.auth0.json.mgmt.Role in project learn-center-rest by elbar-org.
the class CustomAuthorizationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (request.getServletPath().equals("/api/v1/login")) {
try {
filterChain.doFilter(request, response);
} catch (Exception e) {
throw new RuntimeException(e.getMessage());
}
} else {
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
try {
String token = authorizationHeader.substring("Bearer ".length());
DecodedJWT jwt = JWTUtils.getVerifier().verify(token);
String userCode = jwt.getSubject();
List<String> roles;
if (Objects.isNull(jwt.getClaim("roles").asList(String.class)))
roles = new ArrayList<>();
else
roles = jwt.getClaim("roles").asList(String.class);
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userCode, null, authorities);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
filterChain.doFilter(request, response);
} catch (Exception e) {
response.setHeader("error", e.getMessage());
response.setStatus(HttpStatus.FORBIDDEN.value());
Map<String, String> error = new HashMap<>();
error.put("error_message", e.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
new ObjectMapper().writeValue(response.getOutputStream(), error);
}
} else {
filterChain.doFilter(request, response);
}
}
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 52 with Role
use of com.auth0.json.mgmt.Role in project Toy by gmoon92.
the class JwtUtils method decode.
public User decode(String tokenOfIncludeSchema) {
String token = obtainTokenWithoutSchema(tokenOfIncludeSchema);
verify(token);
DecodedJWT jwt = JWT.decode(token);
String username = jwt.getClaim("username").asString();
Role role = Role.valueOf(jwt.getClaim("role").asString());
return User.create(username, "", role);
}
Also used :
Role(com.gmoon.resourceserver.user.Role)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Aggregations
Algorithm (com.auth0.jwt.algorithms.Algorithm)20
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)17
IOException (java.io.IOException)17
java.util (java.util)14
JWT (com.auth0.jwt.JWT)13
Maps (io.gravitee.common.util.Maps)12
DEFAULT_JWT_ISSUER (io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER)12
Duration (java.time.Duration)12
Instant (java.time.Instant)12
GraviteeContext (io.gravitee.rest.api.service.common.GraviteeContext)10
JWTHelper (io.gravitee.rest.api.service.common.JWTHelper)10
HttpServletResponse (javax.servlet.http.HttpServletResponse)10
Authentication (org.springframework.security.core.Authentication)10
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)9
HashMap (java.util.HashMap)9
Collectors (java.util.stream.Collectors)9
Cookie (javax.servlet.http.Cookie)9
SecurityContextHolder (org.springframework.security.core.context.SecurityContextHolder)9
UserDetails (io.gravitee.rest.api.idp.api.authentication.UserDetails)8
CookieGenerator (io.gravitee.rest.api.security.cookies.CookieGenerator)8
