Example 1 with Algorithm
use of com.auth0.jwt.Algorithm in project Taier by DTStack.
the class TokenService method encryptionWithOutExpire.
public String encryptionWithOutExpire(Long userId, String username, Long tenantId) {
Objects.requireNonNull(userId);
Objects.requireNonNull(username);
try {
Algorithm algorithm = Algorithm.HMAC256(JWT_TOKEN);
JWTCreator.Builder builder = JWT.create();
builder.withClaim(DTToken.USER_ID, String.valueOf(userId)).withClaim(DTToken.USER_NAME, username);
// 若存在租户id,则增加租户id信息
if (Objects.nonNull(tenantId)) {
builder.withClaim(DTToken.TENANT_ID, String.valueOf(tenantId));
}
return builder.sign(algorithm);
} catch (UnsupportedEncodingException e) {
throw new RdosDefineException("dtToken生成异常.", e);
}
}
Also used :
JWTCreator(com.auth0.jwt.JWTCreator)
RdosDefineException(com.dtstack.taier.common.exception.RdosDefineException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
Example 2 with Algorithm
use of com.auth0.jwt.Algorithm in project sda-dropwizard-commons by SDA-SE.
the class AuthBuilder method buildToken.
/**
* @return the signed and encoded token, e.g. {@code eyXXX.eyYYY.ZZZ}
*/
public String buildToken() {
Algorithm algorithm = Algorithm.RSA256(null, privateKey);
JWTCreator.Builder builder = JWT.create().withKeyId(keyId).withIssuer(issuer).withSubject(subject);
claims.keySet().forEach(key -> {
Object value = claims.get(key);
if (value instanceof String) {
builder.withClaim(key, (String) value);
} else if (value instanceof Long) {
builder.withClaim(key, (Long) value);
} else if (value instanceof Integer) {
builder.withClaim(key, (Integer) value);
} else if (value instanceof Double) {
builder.withClaim(key, (Double) value);
} else if (value instanceof Date) {
builder.withClaim(key, (Date) value);
} else if (value instanceof Boolean) {
builder.withClaim(key, (Boolean) value);
} else if (value instanceof String[]) {
builder.withArrayClaim(key, (String[]) value);
} else if (value instanceof Long[]) {
builder.withArrayClaim(key, (Long[]) value);
} else if (value instanceof Integer[]) {
builder.withArrayClaim(key, (Integer[]) value);
}
});
return builder.sign(algorithm);
}
Also used :
JWTCreator(com.auth0.jwt.JWTCreator)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
Date(java.util.Date)
Example 3 with Algorithm
use of com.auth0.jwt.Algorithm in project gravitee-api-management by gravitee-io.
the class AbstractAuthenticationResource method connectUserInternal.
protected Response connectUserInternal(UserEntity user, final String state, final HttpServletResponse servletResponse, final String accessToken, final String idToken) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
// We must also load permissions from repository for configured management or portal role
Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.ORGANIZATION, GraviteeContext.getCurrentOrganization(), MembershipMemberType.USER, userDetails.getId());
if (!userRoles.isEmpty()) {
userRoles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
}
// JWT signer
Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
Date issueAt = new Date();
Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
final String token = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(user.getId()).withClaim(JWTHelper.Claims.PERMISSIONS, authorities).withClaim(JWTHelper.Claims.EMAIL, user.getEmail()).withClaim(JWTHelper.Claims.FIRSTNAME, user.getFirstname()).withClaim(JWTHelper.Claims.LASTNAME, user.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
final TokenEntity tokenEntity = new TokenEntity();
tokenEntity.setType(BEARER);
tokenEntity.setToken(token);
if (idToken != null) {
tokenEntity.setAccessToken(accessToken);
tokenEntity.setIdToken(idToken);
}
if (state != null && !state.isEmpty()) {
tokenEntity.setState(state);
}
final Cookie bearerCookie = cookieGenerator.generate(TokenAuthenticationFilter.AUTH_COOKIE_NAME, "Bearer%20" + token);
servletResponse.addCookie(bearerCookie);
return Response.ok(tokenEntity).build();
}
Also used :
JWT(com.auth0.jwt.JWT)
java.util(java.util)
NotBlank(javax.validation.constraints.NotBlank)
BEARER(io.gravitee.rest.api.management.rest.model.TokenType.BEARER)
Autowired(org.springframework.beans.factory.annotation.Autowired)
GraviteeContext(io.gravitee.rest.api.service.common.GraviteeContext)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
CookieGenerator(io.gravitee.rest.api.security.cookies.CookieGenerator)
TokenEntity(io.gravitee.rest.api.management.rest.model.TokenEntity)
UserService(io.gravitee.rest.api.service.UserService)
Duration(java.time.Duration)
TypeReference(com.fasterxml.jackson.core.type.TypeReference)
Cookie(javax.servlet.http.Cookie)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
MembershipMemberType(io.gravitee.rest.api.model.MembershipMemberType)
MembershipService(io.gravitee.rest.api.service.MembershipService)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
Instant(java.time.Instant)
UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails)
Collectors(java.util.stream.Collectors)
Maps(io.gravitee.common.util.Maps)
RoleEntity(io.gravitee.rest.api.model.RoleEntity)
DEFAULT_JWT_ISSUER(io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER)
MembershipReferenceType(io.gravitee.rest.api.model.MembershipReferenceType)
Response(javax.ws.rs.core.Response)
TokenAuthenticationFilter(io.gravitee.rest.api.security.filter.TokenAuthenticationFilter)
Environment(org.springframework.core.env.Environment)
JWTHelper(io.gravitee.rest.api.service.common.JWTHelper)
DEFAULT_JWT_EXPIRE_AFTER(io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_EXPIRE_AFTER)
Authentication(org.springframework.security.core.Authentication)
UserEntity(io.gravitee.rest.api.model.UserEntity)
Cookie(javax.servlet.http.Cookie)
Instant(java.time.Instant)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
RoleEntity(io.gravitee.rest.api.model.RoleEntity)
UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails)
Authentication(org.springframework.security.core.Authentication)
TokenEntity(io.gravitee.rest.api.management.rest.model.TokenEntity)
Example 4 with Algorithm
use of com.auth0.jwt.Algorithm in project gravitee-api-management by gravitee-io.
the class CurrentUserResource method login.
@POST
@Path("/login")
@ApiOperation(value = "Login")
@Produces(MediaType.APPLICATION_JSON)
public Response login(@Context final javax.ws.rs.core.HttpHeaders headers, @Context final HttpServletResponse servletResponse) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.getPrincipal() instanceof UserDetails) {
// JWT signer
final Map<String, Object> claims = new HashMap<>();
claims.put(Claims.ISSUER, environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER));
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
// We must also load permissions from repository for configured management or portal role
Set<RoleEntity> roles = membershipService.getRoles(MembershipReferenceType.ORGANIZATION, GraviteeContext.getCurrentOrganization(), MembershipMemberType.USER, userDetails.getUsername());
if (!roles.isEmpty()) {
roles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
}
this.environmentService.findByOrganization(GraviteeContext.getCurrentOrganization()).stream().flatMap(env -> membershipService.getRoles(MembershipReferenceType.ENVIRONMENT, env.getId(), MembershipMemberType.USER, userDetails.getUsername()).stream()).filter(Objects::nonNull).forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
// JWT signer
Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
Date issueAt = new Date();
Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
final String token = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(userDetails.getUsername()).withClaim(JWTHelper.Claims.PERMISSIONS, authorities).withClaim(JWTHelper.Claims.EMAIL, userDetails.getEmail()).withClaim(JWTHelper.Claims.FIRSTNAME, userDetails.getFirstname()).withClaim(JWTHelper.Claims.LASTNAME, userDetails.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
final TokenEntity tokenEntity = new TokenEntity();
tokenEntity.setType(BEARER);
tokenEntity.setToken(token);
final Cookie bearerCookie = cookieGenerator.generate(TokenAuthenticationFilter.AUTH_COOKIE_NAME, "Bearer%20" + token);
servletResponse.addCookie(bearerCookie);
return ok(tokenEntity).build();
}
return ok().build();
}
Also used :
PagedResult(io.gravitee.rest.api.management.rest.model.PagedResult)
BEARER(io.gravitee.rest.api.management.rest.model.TokenType.BEARER)
TechnicalException(io.gravitee.repository.exceptions.TechnicalException)
LoggerFactory(org.slf4j.LoggerFactory)
UserNotFoundException(io.gravitee.rest.api.service.exceptions.UserNotFoundException)
Valid(javax.validation.Valid)
ApiOperation(io.swagger.annotations.ApiOperation)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
CookieGenerator(io.gravitee.rest.api.security.cookies.CookieGenerator)
TokenEntity(io.gravitee.rest.api.management.rest.model.TokenEntity)
Duration(java.time.Duration)
Response.status(javax.ws.rs.core.Response.status)
AbstractResource(io.gravitee.rest.api.management.rest.resource.AbstractResource)
URI(java.net.URI)
UserDetailRole(io.gravitee.rest.api.idp.api.authentication.UserDetailRole)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
Context(javax.ws.rs.core.Context)
GroupRepository(io.gravitee.repository.management.api.GroupRepository)
Instant(java.time.Instant)
NotNull(javax.validation.constraints.NotNull)
UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails)
Collectors(java.util.stream.Collectors)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
MediaType(io.gravitee.common.http.MediaType)
InvalidImageException(io.gravitee.rest.api.exception.InvalidImageException)
javax.ws.rs(javax.ws.rs)
Response(javax.ws.rs.core.Response)
Response.ok(javax.ws.rs.core.Response.ok)
DEFAULT_JWT_EXPIRE_AFTER(io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_EXPIRE_AFTER)
Request(javax.ws.rs.core.Request)
Authentication(org.springframework.security.core.Authentication)
JWT(com.auth0.jwt.JWT)
io.gravitee.rest.api.service(io.gravitee.rest.api.service)
java.util(java.util)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
GraviteeContext(io.gravitee.rest.api.service.common.GraviteeContext)
ApiResponses(io.swagger.annotations.ApiResponses)
Inject(javax.inject.Inject)
ConfigurableEnvironment(org.springframework.core.env.ConfigurableEnvironment)
Claims(io.gravitee.rest.api.service.common.JWTHelper.Claims)
io.gravitee.rest.api.model(io.gravitee.rest.api.model)
TokensResource(io.gravitee.rest.api.management.rest.resource.TokensResource)
Api(io.swagger.annotations.Api)
Cookie(javax.servlet.http.Cookie)
Logger(org.slf4j.Logger)
ImageUtils(io.gravitee.rest.api.security.utils.ImageUtils)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Group(io.gravitee.repository.management.model.Group)
EntityTag(javax.ws.rs.core.EntityTag)
Maps(io.gravitee.common.util.Maps)
TimeUnit(java.util.concurrent.TimeUnit)
DEFAULT_JWT_ISSUER(io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER)
TokenAuthenticationFilter(io.gravitee.rest.api.security.filter.TokenAuthenticationFilter)
ApiResponse(io.swagger.annotations.ApiResponse)
ResourceContext(javax.ws.rs.container.ResourceContext)
JWTHelper(io.gravitee.rest.api.service.common.JWTHelper)
Cookie(javax.servlet.http.Cookie)
Instant(java.time.Instant)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
UserDetails(io.gravitee.rest.api.idp.api.authentication.UserDetails)
Authentication(org.springframework.security.core.Authentication)
TokenEntity(io.gravitee.rest.api.management.rest.model.TokenEntity)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 5 with Algorithm
use of com.auth0.jwt.Algorithm in project gravitee-api-management by gravitee-io.
the class OAuth2AuthenticationResourceTest method verifyJwtToken.
private void verifyJwtToken(Response response) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, JWTVerificationException {
TokenEntity responseToken = response.readEntity(TokenEntity.class);
assertEquals("BEARER", responseToken.getType().name());
String token = responseToken.getToken();
Algorithm algorithm = Algorithm.HMAC256("myJWT4Gr4v1t33_S3cr3t");
JWTVerifier jwtVerifier = JWT.require(algorithm).build();
DecodedJWT jwt = jwtVerifier.verify(token);
assertEquals(jwt.getSubject(), "janedoe@example.com");
assertEquals(jwt.getClaim("firstname").asString(), "Jane");
assertEquals(jwt.getClaim("iss").asString(), "gravitee-management-auth");
assertEquals(jwt.getClaim("sub").asString(), "janedoe@example.com");
assertEquals(jwt.getClaim("email").asString(), "janedoe@example.com");
assertEquals(jwt.getClaim("lastname").asString(), "Doe");
}
Also used :
TokenEntity(io.gravitee.rest.api.management.rest.model.TokenEntity)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
JWTVerifier(com.auth0.jwt.JWTVerifier)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Aggregations
Algorithm (com.auth0.jwt.algorithms.Algorithm)206
Test (org.junit.Test)160
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)90
JWTVerifier (com.auth0.jwt.JWTVerifier)79
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)79
ECDSAAlgorithmTest (com.auth0.jwt.algorithms.ECDSAAlgorithmTest)61
Date (java.util.Date)57
ECDSAKeyProvider (com.auth0.jwt.interfaces.ECDSAKeyProvider)51
RSAPublicKey (java.security.interfaces.RSAPublicKey)36
ECPublicKey (java.security.interfaces.ECPublicKey)34
RSAKeyProvider (com.auth0.jwt.interfaces.RSAKeyProvider)31
IOException (java.io.IOException)30
JWTCreator (com.auth0.jwt.JWTCreator)28
JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)25
ECPrivateKey (java.security.interfaces.ECPrivateKey)23
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)21
HashMap (java.util.HashMap)17
UnsupportedEncodingException (java.io.UnsupportedEncodingException)16
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)15
JsonObject (com.google.gson.JsonObject)15
