Examples with Verification com.auth0.jwt.interfaces.Verification used on opensource projects

Example 46 with Verification

use of com.auth0.jwt.interfaces.Verification in project AuthGuard by AuthGuard.

the class IdTokenProviderTest method verifyToken.

private void verifyToken(final String token, final String subject, final String jti, final List<PermissionBO> permissions, final List<String> scopes) {
    final Verification verifier = JWT.require(JwtConfigParser.parseAlgorithm(ALGORITHM, null, KEY)).withIssuer(ISSUER).withSubject(subject);
    if (jti != null) {
        verifier.withJWTId(jti);
    }
    final DecodedJWT decodedJWT = verifier.build().verify(token);
    if (permissions != null) {
        assertThat(decodedJWT.getClaim("permissions").asArray(String.class)).hasSameSizeAs(permissions);
    }
    if (scopes != null) {
        assertThat(decodedJWT.getClaim("scopes").asArray(String.class)).containsExactlyInAnyOrder(scopes.toArray(new String[0]));
    }
}

Example 47 with Verification

use of com.auth0.jwt.interfaces.Verification in project group-project-team1 by BUMETCS673.

the class JwtFilter method doFilterInternal.

/**
 * Filter method that checks for the JWT authorization, if it finds a JWT bearer
 * token then verification will take place, otherwise an access denied error is
 * returned.
 */
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    String authHeader = request.getHeader("Authorization");
    // if request has an Authorization header which is a Bearer token (JWT) then attempt to verify it
    if (authHeader != null && !authHeader.isEmpty() && authHeader.startsWith("Bearer ")) {
        String jwt = authHeader.substring(7);
        if (jwt == null || StringUtils.isBlank(jwt)) {
            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid JWT Token in Bearer Header");
        } else {
            try {
                // validate token and return the username contained within
                String username = jwtUtil.validateTokenAndRetrieveSubject(jwt);
                if (StringUtils.isNotBlank(username)) {
                    // TrackrUser userDetails = userRepository.findByUsername(username);
                    UserDetails userDetails = userServiceImpl.loadUserByUsername(username);
                    // create token using the username and password gathered from the JWT token
                    UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, userDetails.getPassword(), new ArrayList<>());
                    authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                    // set authentication for API request
                    if (SecurityContextHolder.getContext().getAuthentication() == null) {
                        SecurityContextHolder.getContext().setAuthentication(authToken);
                    }
                }
            } catch (JWTVerificationException | UsernameNotFoundException e) {
                response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid JWT Token");
                return;
            }
        }
    }
    chain.doFilter(request, response);
}

Example 48 with Verification

use of com.auth0.jwt.interfaces.Verification in project java-jwt by auth0.

the class JWTTest method shouldGetExpirationTime.

@Test
public void shouldGetExpirationTime() {
    long seconds = 1477592L;
    Clock clock = Clock.fixed(Instant.ofEpochSecond(seconds), ZoneId.of("UTC"));
    String token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0Nzc1OTJ9.x_ZjkPkKYUV5tdvc0l8go6D_z2kez1MQcOxokXrDc3k";
    JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWT.require(Algorithm.HMAC256("secret"));
    DecodedJWT jwt = verification.build(clock).verify(token);
    assertThat(jwt, is(notNullValue()));
    assertThat(jwt.getExpiresAt(), is(equalTo(new Date(seconds * 1000))));
    assertThat(jwt.getExpiresAtAsInstant(), is(equalTo(Instant.ofEpochSecond(seconds))));
}

Example 49 with Verification

use of com.auth0.jwt.interfaces.Verification in project java-jwt by auth0.

the class JWTTest method shouldGetNotBefore.

@Test
public void shouldGetNotBefore() {
    long seconds = 1477592;
    Clock clock = Clock.fixed(Instant.ofEpochSecond(seconds), ZoneId.of("UTC"));
    String token = "eyJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE0Nzc1OTJ9.mWYSOPoNXstjKbZkKrqgkwPOQWEx3F3gMm6PMcfuJd8";
    JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWT.require(Algorithm.HMAC256("secret"));
    DecodedJWT jwt = verification.build(clock).verify(token);
    assertThat(jwt, is(notNullValue()));
    assertThat(jwt.getNotBefore(), is(equalTo(new Date(seconds * 1000))));
    assertThat(jwt.getNotBeforeAsInstant(), is(equalTo(Instant.ofEpochSecond(seconds))));
}

Example 50 with Verification

use of com.auth0.jwt.interfaces.Verification in project java-jwt by auth0.

the class JWTVerifierTest method shouldAddDefaultLeewayToDateClaims.

// Generic Delta
@Test
public void shouldAddDefaultLeewayToDateClaims() {
    Algorithm algorithm = mock(Algorithm.class);
    JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(algorithm);
    JWTVerifier verifier = verification.build();
    assertThat(verifier.expectedChecks, is(notNullValue()));
    assertThat(verification.getLeewayFor(RegisteredClaims.ISSUED_AT), is(0L));
    assertThat(verification.getLeewayFor(RegisteredClaims.EXPIRES_AT), is(0L));
    assertThat(verification.getLeewayFor(RegisteredClaims.NOT_BEFORE), is(0L));
}