Examples with User com.auth0.json.mgmt.users.User used on opensource projects

Search in sources :

Example 11 with User

use of com.auth0.json.mgmt.users.User in project vboard by voyages-sncf-technologies.

the class AwsCognitoAuthenticationProvider method authenticate.

@Override
@SuppressFBWarnings("CFS_CONFUSING_FUNCTION_SEMANTICS")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!supports(authentication.getClass())) {
        return null;
    }
    JsonWebTokenAuthentication jwtAuth = (JsonWebTokenAuthentication) authentication;
    try {
        Algorithm algorithm = Algorithm.ECDSA256(new AwsCognitoECDSAKeyProvider(awsCognitoConfig.getRegion(), jwtAuth.getKeyId()));
        JWT.require(algorithm).build().verify(jwtAuth.getToken());
        jwtAuth.setAuthenticated(true);
        logger.debug("Authenticated with JWT with scopes: {}", authentication.getAuthorities());
        return authentication;
    } catch (JWTVerificationException e) {
        logger.error("JWT ECDSA256 verify error for user: {}", jwtAuth.getName(), e);
        throw new BadCredentialsException("Not a valid token", e);
    }
}
Also used : JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Algorithm(com.auth0.jwt.algorithms.Algorithm) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)

Example 12 with User

use of com.auth0.json.mgmt.users.User in project snow-owl by b2ihealthcare.

the class AuthorizationHeaderVerifier method toUser.

/**
 * Converts the given JWT access token to a {@link User} representation using the configured email and permission claims.
 *
 * @param jwt
 *            - the JWT to convert to a {@link User} object
 * @return
 * @throws BadRequestException
 *             - if either the configured email or permissions property is missing from the given JWT
 */
public User toUser(DecodedJWT jwt) {
    final Claim emailClaim = jwt.getClaim(emailClaimProperty);
    if (emailClaim == null || emailClaim.isNull()) {
        throw new BadRequestException("'%s' JWT access token field is required for email access, but it was missing.", emailClaimProperty);
    }
    Claim permissionsClaim = jwt.getClaim(permissionsClaimProperty);
    if (permissionsClaim == null || permissionsClaim.isNull()) {
        throw new BadRequestException("'%s' JWT access token field is required for permissions access, but it was missing.", permissionsClaimProperty);
    }
    final Set<Permission> permissions = jwt.getClaim(permissionsClaimProperty).asList(String.class).stream().map(Permission::valueOf).collect(Collectors.toSet());
    return new User(emailClaim.asString(), List.of(new Role("jwt_roles", permissions)));
}
Also used : BadRequestException(com.b2international.commons.exceptions.BadRequestException) Claim(com.auth0.jwt.interfaces.Claim)

Example 13 with User

use of com.auth0.json.mgmt.users.User in project alf.io by alfio-event.

the class BaseOpenIdAuthenticationManager method updateOrganizations.

private void updateOrganizations(OpenIdAlfioUser alfioUser) {
    int userId = userRepository.findIdByUserName(alfioUser.getEmail()).orElseThrow();
    var databaseOrganizationIds = organizationRepository.findAllForUser(alfioUser.getEmail()).stream().map(Organization::getId).collect(Collectors.toSet());
    if (alfioUser.isAdmin()) {
        if (!databaseOrganizationIds.isEmpty()) {
            userOrganizationRepository.removeOrganizationUserLinks(userId, databaseOrganizationIds);
        }
        return;
    }
    List<Integer> organizationIds;
    var userOrg = alfioUser.getAlfioOrganizationAuthorizations().keySet();
    if (!userOrg.isEmpty()) {
        organizationIds = organizationRepository.findOrganizationIdsByExternalId(userOrg);
    } else {
        organizationIds = List.of();
    }
    var organizationsToUnlink = databaseOrganizationIds.stream().filter(orgId -> !organizationIds.contains(orgId)).collect(Collectors.toSet());
    if (!organizationsToUnlink.isEmpty()) {
        userOrganizationRepository.removeOrganizationUserLinks(userId, organizationsToUnlink);
    }
    if (organizationIds.isEmpty()) {
        throw new IllegalStateException("The user needs to be ADMIN or have at least one organization linked");
    }
    var params = organizationIds.stream().filter(orgId -> !databaseOrganizationIds.contains(orgId)).map(id -> new MapSqlParameterSource("userId", userId).addValue("organizationId", id)).toArray(MapSqlParameterSource[]::new);
    jdbcTemplate.batchUpdate(userOrganizationRepository.bulkCreate(), params);
}
Also used : JWT(com.auth0.jwt.JWT) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) java.util(java.util) HttpUtils(alfio.util.HttpUtils) NamedParameterJdbcTemplate(org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) MapSqlParameterSource(org.springframework.jdbc.core.namedparam.MapSqlParameterSource) OpenIdAlfioAuthentication(alfio.config.authentication.support.OpenIdAlfioAuthentication) StringUtils(org.apache.commons.lang3.StringUtils) HttpRequest(java.net.http.HttpRequest) APPLICATION_FORM_URLENCODED(alfio.util.HttpUtils.APPLICATION_FORM_URLENCODED) Json(alfio.util.Json) HttpClient(java.net.http.HttpClient) URI(java.net.URI) TypeReference(com.fasterxml.jackson.core.type.TypeReference) Claim(com.auth0.jwt.interfaces.Claim) AuthorityRepository(alfio.repository.user.AuthorityRepository) HttpResponse(java.net.http.HttpResponse) HttpSession(javax.servlet.http.HttpSession) APPLICATION_JSON(alfio.util.HttpUtils.APPLICATION_JSON) OrganizationRepository(alfio.repository.user.OrganizationRepository) PasswordGenerator(alfio.util.PasswordGenerator) UserOrganizationRepository(alfio.repository.user.join.UserOrganizationRepository) Organization(alfio.model.user.Organization) User(alfio.model.user.User) OpenIdAlfioUser(alfio.config.authentication.support.OpenIdAlfioUser) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Role(alfio.model.user.Role) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) UserRepository(alfio.repository.user.UserRepository) UserManager(alfio.manager.user.UserManager) Log4j2(lombok.extern.log4j.Log4j2) UriComponents(org.springframework.web.util.UriComponents) MapSqlParameterSource(org.springframework.jdbc.core.namedparam.MapSqlParameterSource)

Example 14 with User

use of com.auth0.json.mgmt.users.User in project waltz by khartec.

the class AuthenticationEndpoint method register.

@Override
public void register() {
    post(mkPath(BASE_URL, "login"), (request, response) -> {
        LoginRequest login = readBody(request, LoginRequest.class);
        if (userService.authenticate(login)) {
            Algorithm algorithmHS = Algorithm.HMAC512(JWTUtilities.SECRET);
            String[] roles = userRoleService.getUserRoles(login.userName()).stream().map(r -> r.name()).toArray(size -> new String[size]);
            String token = JWT.create().withIssuer(JWTUtilities.ISSUER).withSubject(login.userName()).withArrayClaim("roles", roles).withClaim("displayName", login.userName()).withClaim("employeeId", login.userName()).sign(algorithmHS);
            return newHashMap("token", token);
        } else {
            response.status(401);
            return "Unknown user/password";
        }
    }, transformer);
    before(mkPath("api", "*"), filter);
}
Also used : Endpoint(com.khartec.waltz.web.endpoints.Endpoint) JWT(com.auth0.jwt.JWT) UserService(com.khartec.waltz.service.user.UserService) Logger(org.slf4j.Logger) UserRoleService(com.khartec.waltz.service.user.UserRoleService) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) Spark.post(spark.Spark.post) Supplier(java.util.function.Supplier) SettingsService(com.khartec.waltz.service.settings.SettingsService) NamedSettings(com.khartec.waltz.model.settings.NamedSettings) Algorithm(com.auth0.jwt.algorithms.Algorithm) Service(org.springframework.stereotype.Service) LoginRequest(com.khartec.waltz.model.user.LoginRequest) Optional(java.util.Optional) Filter(spark.Filter) MapUtilities.newHashMap(com.khartec.waltz.common.MapUtilities.newHashMap) Spark.before(spark.Spark.before) WebUtilities(com.khartec.waltz.web.WebUtilities) LoginRequest(com.khartec.waltz.model.user.LoginRequest) Algorithm(com.auth0.jwt.algorithms.Algorithm)

Example 15 with User

use of com.auth0.json.mgmt.users.User in project gravitee-management-rest-api by gravitee-io.

the class AbstractAuthenticationResource method connectUser.

protected Response connectUser(String userId) {
    UserEntity user = userService.connect(userId);
    final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
    // Manage authorities, initialize it with dynamic permissions from the IDP
    Set<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
    // We must also load permissions from repository for configured management or portal role
    RoleEntity role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.MANAGEMENT);
    if (role != null) {
        authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
    }
    role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.PORTAL);
    if (role != null) {
        authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
    }
    // JWT signer
    final Map<String, Object> claims = new HashMap<>();
    claims.put(JWTHelper.Claims.ISSUER, environment.getProperty("jwt.issuer", JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER));
    claims.put(JWTHelper.Claims.SUBJECT, user.getId());
    claims.put(JWTHelper.Claims.PERMISSIONS, authorities);
    claims.put(JWTHelper.Claims.EMAIL, user.getEmail());
    claims.put(JWTHelper.Claims.FIRSTNAME, user.getFirstname());
    claims.put(JWTHelper.Claims.LASTNAME, user.getLastname());
    final JWTSigner.Options options = new JWTSigner.Options();
    options.setExpirySeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER));
    options.setIssuedAt(true);
    options.setJwtId(true);
    return Response.ok().entity(user).cookie(new NewCookie(HttpHeaders.AUTHORIZATION, "Bearer " + new JWTSigner(environment.getProperty("jwt.secret")).sign(claims, options), environment.getProperty("jwt.cookie-path", "/"), environment.getProperty("jwt.cookie-domain"), "", environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER), environment.getProperty("jwt.cookie-secure", Boolean.class, false), true)).build();
}
Also used : HashMap(java.util.HashMap) JWTSigner(com.auth0.jwt.JWTSigner) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UserEntity(io.gravitee.management.model.UserEntity) RoleEntity(io.gravitee.management.model.RoleEntity) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(io.gravitee.management.idp.api.authentication.UserDetails) Authentication(org.springframework.security.core.Authentication) HashSet(java.util.HashSet) NewCookie(javax.ws.rs.core.NewCookie)

Aggregations

JWTSigner (com.auth0.jwt.JWTSigner)5 JWT (com.auth0.jwt.JWT)4 JWTVerifier (com.auth0.jwt.JWTVerifier)4 Algorithm (com.auth0.jwt.algorithms.Algorithm)4 Collectors (java.util.stream.Collectors)4 Test (org.junit.Test)4 JWTExpiredException (com.auth0.jwt.JWTExpiredException)3 JWTVerifyException (com.auth0.jwt.JWTVerifyException)3 EmailNotificationBuilder (io.gravitee.management.service.builder.EmailNotificationBuilder)3 DefaultRoleNotFoundException (io.gravitee.management.service.exceptions.DefaultRoleNotFoundException)3 TechnicalManagementException (io.gravitee.management.service.exceptions.TechnicalManagementException)3 UserNotFoundException (io.gravitee.management.service.exceptions.UserNotFoundException)3 URI (java.net.URI)3 APIException (com.auth0.exception.APIException)2 Auth0Exception (com.auth0.exception.Auth0Exception)2 User (com.auth0.json.mgmt.users.User)2 JWTCreator (com.auth0.jwt.JWTCreator)2 PublicClaims (com.auth0.jwt.impl.PublicClaims)2 Claim (com.auth0.jwt.interfaces.Claim)2 ImmutableList (com.google.common.collect.ImmutableList)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial