use of com.auth0.json.mgmt.users.User in project vboard by voyages-sncf-technologies.
the class AwsCognitoAuthenticationProvider method authenticate.
@Override
@SuppressFBWarnings("CFS_CONFUSING_FUNCTION_SEMANTICS")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) {
return null;
}
JsonWebTokenAuthentication jwtAuth = (JsonWebTokenAuthentication) authentication;
try {
Algorithm algorithm = Algorithm.ECDSA256(new AwsCognitoECDSAKeyProvider(awsCognitoConfig.getRegion(), jwtAuth.getKeyId()));
JWT.require(algorithm).build().verify(jwtAuth.getToken());
jwtAuth.setAuthenticated(true);
logger.debug("Authenticated with JWT with scopes: {}", authentication.getAuthorities());
return authentication;
} catch (JWTVerificationException e) {
logger.error("JWT ECDSA256 verify error for user: {}", jwtAuth.getName(), e);
throw new BadCredentialsException("Not a valid token", e);
}
}
use of com.auth0.json.mgmt.users.User in project snow-owl by b2ihealthcare.
the class AuthorizationHeaderVerifier method toUser.
/**
* Converts the given JWT access token to a {@link User} representation using the configured email and permission claims.
*
* @param jwt
* - the JWT to convert to a {@link User} object
* @return
* @throws BadRequestException
* - if either the configured email or permissions property is missing from the given JWT
*/
public User toUser(DecodedJWT jwt) {
final Claim emailClaim = jwt.getClaim(emailClaimProperty);
if (emailClaim == null || emailClaim.isNull()) {
throw new BadRequestException("'%s' JWT access token field is required for email access, but it was missing.", emailClaimProperty);
}
Claim permissionsClaim = jwt.getClaim(permissionsClaimProperty);
if (permissionsClaim == null || permissionsClaim.isNull()) {
throw new BadRequestException("'%s' JWT access token field is required for permissions access, but it was missing.", permissionsClaimProperty);
}
final Set<Permission> permissions = jwt.getClaim(permissionsClaimProperty).asList(String.class).stream().map(Permission::valueOf).collect(Collectors.toSet());
return new User(emailClaim.asString(), List.of(new Role("jwt_roles", permissions)));
}
use of com.auth0.json.mgmt.users.User in project alf.io by alfio-event.
the class BaseOpenIdAuthenticationManager method updateOrganizations.
private void updateOrganizations(OpenIdAlfioUser alfioUser) {
int userId = userRepository.findIdByUserName(alfioUser.getEmail()).orElseThrow();
var databaseOrganizationIds = organizationRepository.findAllForUser(alfioUser.getEmail()).stream().map(Organization::getId).collect(Collectors.toSet());
if (alfioUser.isAdmin()) {
if (!databaseOrganizationIds.isEmpty()) {
userOrganizationRepository.removeOrganizationUserLinks(userId, databaseOrganizationIds);
}
return;
}
List<Integer> organizationIds;
var userOrg = alfioUser.getAlfioOrganizationAuthorizations().keySet();
if (!userOrg.isEmpty()) {
organizationIds = organizationRepository.findOrganizationIdsByExternalId(userOrg);
} else {
organizationIds = List.of();
}
var organizationsToUnlink = databaseOrganizationIds.stream().filter(orgId -> !organizationIds.contains(orgId)).collect(Collectors.toSet());
if (!organizationsToUnlink.isEmpty()) {
userOrganizationRepository.removeOrganizationUserLinks(userId, organizationsToUnlink);
}
if (organizationIds.isEmpty()) {
throw new IllegalStateException("The user needs to be ADMIN or have at least one organization linked");
}
var params = organizationIds.stream().filter(orgId -> !databaseOrganizationIds.contains(orgId)).map(id -> new MapSqlParameterSource("userId", userId).addValue("organizationId", id)).toArray(MapSqlParameterSource[]::new);
jdbcTemplate.batchUpdate(userOrganizationRepository.bulkCreate(), params);
}
use of com.auth0.json.mgmt.users.User in project waltz by khartec.
the class AuthenticationEndpoint method register.
@Override
public void register() {
post(mkPath(BASE_URL, "login"), (request, response) -> {
LoginRequest login = readBody(request, LoginRequest.class);
if (userService.authenticate(login)) {
Algorithm algorithmHS = Algorithm.HMAC512(JWTUtilities.SECRET);
String[] roles = userRoleService.getUserRoles(login.userName()).stream().map(r -> r.name()).toArray(size -> new String[size]);
String token = JWT.create().withIssuer(JWTUtilities.ISSUER).withSubject(login.userName()).withArrayClaim("roles", roles).withClaim("displayName", login.userName()).withClaim("employeeId", login.userName()).sign(algorithmHS);
return newHashMap("token", token);
} else {
response.status(401);
return "Unknown user/password";
}
}, transformer);
before(mkPath("api", "*"), filter);
}
use of com.auth0.json.mgmt.users.User in project gravitee-management-rest-api by gravitee-io.
the class AbstractAuthenticationResource method connectUser.
protected Response connectUser(String userId) {
UserEntity user = userService.connect(userId);
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
Set<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
// We must also load permissions from repository for configured management or portal role
RoleEntity role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.MANAGEMENT);
if (role != null) {
authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
}
role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.PORTAL);
if (role != null) {
authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
}
// JWT signer
final Map<String, Object> claims = new HashMap<>();
claims.put(JWTHelper.Claims.ISSUER, environment.getProperty("jwt.issuer", JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER));
claims.put(JWTHelper.Claims.SUBJECT, user.getId());
claims.put(JWTHelper.Claims.PERMISSIONS, authorities);
claims.put(JWTHelper.Claims.EMAIL, user.getEmail());
claims.put(JWTHelper.Claims.FIRSTNAME, user.getFirstname());
claims.put(JWTHelper.Claims.LASTNAME, user.getLastname());
final JWTSigner.Options options = new JWTSigner.Options();
options.setExpirySeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER));
options.setIssuedAt(true);
options.setJwtId(true);
return Response.ok().entity(user).cookie(new NewCookie(HttpHeaders.AUTHORIZATION, "Bearer " + new JWTSigner(environment.getProperty("jwt.secret")).sign(claims, options), environment.getProperty("jwt.cookie-path", "/"), environment.getProperty("jwt.cookie-domain"), "", environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER), environment.getProperty("jwt.cookie-secure", Boolean.class, false), true)).build();
}
Aggregations