use of com.auth0.jwt.JWTVerifyException in project survey by markoniemi.
the class JwtTokenTest method verifyTokenWithInvalidSignature.
@Test()
public void verifyTokenWithInvalidSignature() {
try {
User user = new User("username", "password", "email", Role.ROLE_USER);
JWTSigner jwtSigner = new JWTSigner("wrong_secret");
Map<String, Object> payload = new HashMap<String, Object>();
payload.put("username", user.getUsername());
String tokenString = jwtSigner.sign(payload);
JwtToken token = new JwtToken(tokenString);
token.verifyToken();
Assert.fail();
} catch (Exception e) {
Assert.assertTrue(e instanceof JWTVerifyException);
}
}
use of com.auth0.jwt.JWTVerifyException in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method verifyJwtToken.
private void verifyJwtToken(Response response) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, JWTVerifyException {
String cookieContent = response.getCookies().get(HttpHeaders.AUTHORIZATION).getValue();
assertThat(cookieContent, StringStartsWith.startsWith("Bearer "));
String jwt = cookieContent.substring(7);
JWTVerifier jwtVerifier = new JWTVerifier("myJWT4Gr4v1t33_S3cr3t");
Map<String, Object> mapJwt = jwtVerifier.verify(jwt);
assertEquals(mapJwt.get("sub"), "janedoe@example.com");
assertEquals(mapJwt.get("firstname"), "Jane");
assertEquals(mapJwt.get("iss"), "gravitee-management-auth");
assertEquals(mapJwt.get("sub"), "janedoe@example.com");
assertEquals(mapJwt.get("email"), "janedoe@example.com");
assertEquals(mapJwt.get("lastname"), "Doe");
}
use of com.auth0.jwt.JWTVerifyException in project survey by markoniemi.
the class JwtAuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (isLoginUrl(request)) {
log.trace("URL {} is login URL.", request.getRequestURI());
filterChain.doFilter(request, response);
} else {
JwtToken token = getToken(request);
if (token != null) {
try {
token.verifyToken();
log.debug("URL {} is authenticated", request.getRequestURI());
filterChain.doFilter(request, response);
// TODO show different message for different errors
} catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException | SignatureException | JWTVerifyException e) {
log.trace(String.format("URL %s is not authenticated", request.getRequestURI()), e);
sendError(response);
}
} else {
log.trace("URL {} is not authenticated", request.getRequestURI());
sendError(response);
}
}
}
Aggregations