Search in sources :

Example 1 with JWTVerifyException

use of com.auth0.jwt.JWTVerifyException in project survey by markoniemi.

the class JwtTokenTest method verifyTokenWithInvalidSignature.

@Test()
public void verifyTokenWithInvalidSignature() {
    try {
        User user = new User("username", "password", "email", Role.ROLE_USER);
        JWTSigner jwtSigner = new JWTSigner("wrong_secret");
        Map<String, Object> payload = new HashMap<String, Object>();
        payload.put("username", user.getUsername());
        String tokenString = jwtSigner.sign(payload);
        JwtToken token = new JwtToken(tokenString);
        token.verifyToken();
        Assert.fail();
    } catch (Exception e) {
        Assert.assertTrue(e instanceof JWTVerifyException);
    }
}
Also used : User(org.survey.model.user.User) JWTSigner(com.auth0.jwt.JWTSigner) HashMap(java.util.HashMap) JWTVerifyException(com.auth0.jwt.JWTVerifyException) JWTExpiredException(com.auth0.jwt.JWTExpiredException) JWTVerifyException(com.auth0.jwt.JWTVerifyException) Test(org.junit.Test)

Example 2 with JWTVerifyException

use of com.auth0.jwt.JWTVerifyException in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method verifyJwtToken.

private void verifyJwtToken(Response response) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, JWTVerifyException {
    String cookieContent = response.getCookies().get(HttpHeaders.AUTHORIZATION).getValue();
    assertThat(cookieContent, StringStartsWith.startsWith("Bearer "));
    String jwt = cookieContent.substring(7);
    JWTVerifier jwtVerifier = new JWTVerifier("myJWT4Gr4v1t33_S3cr3t");
    Map<String, Object> mapJwt = jwtVerifier.verify(jwt);
    assertEquals(mapJwt.get("sub"), "janedoe@example.com");
    assertEquals(mapJwt.get("firstname"), "Jane");
    assertEquals(mapJwt.get("iss"), "gravitee-management-auth");
    assertEquals(mapJwt.get("sub"), "janedoe@example.com");
    assertEquals(mapJwt.get("email"), "janedoe@example.com");
    assertEquals(mapJwt.get("lastname"), "Doe");
}
Also used : Matchers.anyString(org.mockito.Matchers.anyString) JWTVerifier(com.auth0.jwt.JWTVerifier)

Example 3 with JWTVerifyException

use of com.auth0.jwt.JWTVerifyException in project survey by markoniemi.

the class JwtAuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    if (isLoginUrl(request)) {
        log.trace("URL {} is login URL.", request.getRequestURI());
        filterChain.doFilter(request, response);
    } else {
        JwtToken token = getToken(request);
        if (token != null) {
            try {
                token.verifyToken();
                log.debug("URL {} is authenticated", request.getRequestURI());
                filterChain.doFilter(request, response);
            // TODO show different message for different errors
            } catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException | SignatureException | JWTVerifyException e) {
                log.trace(String.format("URL %s is not authenticated", request.getRequestURI()), e);
                sendError(response);
            }
        } else {
            log.trace("URL {} is not authenticated", request.getRequestURI());
            sendError(response);
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWTVerifyException(com.auth0.jwt.JWTVerifyException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException)

Aggregations

JWTVerifyException (com.auth0.jwt.JWTVerifyException)2 JWTExpiredException (com.auth0.jwt.JWTExpiredException)1 JWTSigner (com.auth0.jwt.JWTSigner)1 JWTVerifier (com.auth0.jwt.JWTVerifier)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SignatureException (java.security.SignatureException)1 HashMap (java.util.HashMap)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Test (org.junit.Test)1 Matchers.anyString (org.mockito.Matchers.anyString)1 User (org.survey.model.user.User)1