Search in sources :

Example 1 with Claim

use of com.auth0.jwt.interfaces.Claim in project libresonic by Libresonic.

the class JWTAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    JWTAuthenticationToken authentication = (JWTAuthenticationToken) auth;
    if (authentication.getCredentials() == null || !(authentication.getCredentials() instanceof String)) {
        logger.error("Credentials not present");
        return null;
    }
    String rawToken = (String) auth.getCredentials();
    DecodedJWT token = JWTSecurityService.verify(jwtKey, rawToken);
    Claim path = token.getClaim(JWTSecurityService.CLAIM_PATH);
    authentication.setAuthenticated(true);
    // TODO:AD This is super unfortunate, but not sure there is a better way when using JSP
    if (StringUtils.contains(authentication.getRequestedPath(), "/WEB-INF/jsp/")) {
        logger.warn("BYPASSING AUTH FOR WEB-INF page");
    } else if (!roughlyEqual(path.asString(), authentication.getRequestedPath())) {
        throw new InsufficientAuthenticationException("Credentials not valid for path " + authentication.getRequestedPath() + ". They are valid for " + path.asString());
    }
    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_FULLY"));
    authorities.add(new SimpleGrantedAuthority("ROLE_TEMP"));
    return new JWTAuthenticationToken(authorities, rawToken, authentication.getRequestedPath());
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Claim(com.auth0.jwt.interfaces.Claim)

Example 2 with Claim

use of com.auth0.jwt.interfaces.Claim in project libresonic by Libresonic.

the class JWTSecurityServiceTest method addJWTToken.

@Test
public void addJWTToken() throws Exception {
    UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(uriString);
    String actualUri = service.addJWTToken(builder).build().toUriString();
    String jwtToken = UriComponentsBuilder.fromUriString(actualUri).build().getQueryParams().getFirst(JWTSecurityService.JWT_PARAM_NAME);
    DecodedJWT verify = verifier.verify(jwtToken);
    Claim claim = verify.getClaim(JWTSecurityService.CLAIM_PATH);
    assertEquals(expectedClaimString, claim.asString());
}
Also used : UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Claim(com.auth0.jwt.interfaces.Claim) Test(org.junit.Test)

Aggregations

Claim (com.auth0.jwt.interfaces.Claim)2 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)2 ArrayList (java.util.ArrayList)1 Test (org.junit.Test)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)1