Search in sources :

Example 1 with DecodedJWT

use of com.auth0.jwt.interfaces.DecodedJWT in project libresonic by Libresonic.

the class JWTAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    JWTAuthenticationToken authentication = (JWTAuthenticationToken) auth;
    if (authentication.getCredentials() == null || !(authentication.getCredentials() instanceof String)) {
        logger.error("Credentials not present");
        return null;
    }
    String rawToken = (String) auth.getCredentials();
    DecodedJWT token = JWTSecurityService.verify(jwtKey, rawToken);
    Claim path = token.getClaim(JWTSecurityService.CLAIM_PATH);
    authentication.setAuthenticated(true);
    // TODO:AD This is super unfortunate, but not sure there is a better way when using JSP
    if (StringUtils.contains(authentication.getRequestedPath(), "/WEB-INF/jsp/")) {
        logger.warn("BYPASSING AUTH FOR WEB-INF page");
    } else if (!roughlyEqual(path.asString(), authentication.getRequestedPath())) {
        throw new InsufficientAuthenticationException("Credentials not valid for path " + authentication.getRequestedPath() + ". They are valid for " + path.asString());
    }
    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_FULLY"));
    authorities.add(new SimpleGrantedAuthority("ROLE_TEMP"));
    return new JWTAuthenticationToken(authorities, rawToken, authentication.getRequestedPath());
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Claim(com.auth0.jwt.interfaces.Claim)

Example 2 with DecodedJWT

use of com.auth0.jwt.interfaces.DecodedJWT in project libresonic by Libresonic.

the class ExternalPlayerController method getSongs.

private List<MediaFileWithUrlInfo> getSongs(HttpServletRequest request, Share share, Player player) throws IOException {
    Date expires = null;
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof JWTAuthenticationToken) {
        DecodedJWT token = jwtSecurityService.verify((String) authentication.getCredentials());
        expires = token.getExpiresAt();
    }
    Date finalExpires = expires;
    List<MediaFileWithUrlInfo> result = new ArrayList<>();
    List<MusicFolder> musicFolders = settingsService.getMusicFoldersForUser(player.getUsername());
    if (share != null) {
        for (MediaFile file : shareService.getSharedFiles(share.getId(), musicFolders)) {
            if (file.getFile().exists()) {
                if (file.isDirectory()) {
                    List<MediaFile> childrenOf = mediaFileService.getChildrenOf(file, true, false, true);
                    result.addAll(childrenOf.stream().map(mf -> addUrlInfo(request, player, mf, finalExpires)).collect(Collectors.toList()));
                } else {
                    result.add(addUrlInfo(request, player, file, finalExpires));
                }
            }
        }
    }
    return result;
}
Also used : Authentication(org.springframework.security.core.Authentication) JWTAuthenticationToken(org.libresonic.player.security.JWTAuthenticationToken) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)

Example 3 with DecodedJWT

use of com.auth0.jwt.interfaces.DecodedJWT in project libresonic by Libresonic.

the class JWTSecurityServiceTest method addJWTToken.

@Test
public void addJWTToken() throws Exception {
    UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(uriString);
    String actualUri = service.addJWTToken(builder).build().toUriString();
    String jwtToken = UriComponentsBuilder.fromUriString(actualUri).build().getQueryParams().getFirst(JWTSecurityService.JWT_PARAM_NAME);
    DecodedJWT verify = verifier.verify(jwtToken);
    Claim claim = verify.getClaim(JWTSecurityService.CLAIM_PATH);
    assertEquals(expectedClaimString, claim.asString());
}
Also used : UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Claim(com.auth0.jwt.interfaces.Claim) Test(org.junit.Test)

Example 4 with DecodedJWT

use of com.auth0.jwt.interfaces.DecodedJWT in project libresonic by Libresonic.

the class JWTSecurityService method verify.

public static DecodedJWT verify(String jwtKey, String token) {
    Algorithm algorithm = JWTSecurityService.getAlgorithm(jwtKey);
    JWTVerifier verifier = JWT.require(algorithm).build();
    return verifier.verify(token);
}
Also used : Algorithm(com.auth0.jwt.algorithms.Algorithm) JWTVerifier(com.auth0.jwt.JWTVerifier)

Aggregations

DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)3 Claim (com.auth0.jwt.interfaces.Claim)2 JWTVerifier (com.auth0.jwt.JWTVerifier)1 Algorithm (com.auth0.jwt.algorithms.Algorithm)1 ArrayList (java.util.ArrayList)1 Test (org.junit.Test)1 JWTAuthenticationToken (org.libresonic.player.security.JWTAuthenticationToken)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 Authentication (org.springframework.security.core.Authentication)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)1