Example 1 with JwtRawToken
use of com.epam.pipeline.entity.security.JwtRawToken in project cloud-pipeline by epam.
the class DockerRegistryManager method issueTokenForDockerRegistry.
/**
* Checks permissions for a requested docker registry and issues a valid JWT token,
* if action is allowed. Otherwise 401 code will be returned to registry. See documentation
* for details https://docs.docker.com/registry/spec/auth/token/#requesting-a-token
* @param userName requesting permission
* @param token provided by docker client, should be a valid Cloud Pipeline token
* @param dockerRegistryHost id of docker registry
* @param scope requested action in format
* 'scope=repository:samalba/my-app:push,repository:samalba/my-test:push'
* @return
*/
public JwtRawToken issueTokenForDockerRegistry(String userName, String token, String dockerRegistryHost, String scope) {
LOGGER.debug("Processing authorization request from registry {} for user {} and scope {}", dockerRegistryHost, userName, scope);
UserContext user = dockerAuthService.verifyTokenForDocker(userName, token, dockerRegistryHost);
DockerRegistry dockerRegistry = loadByNameOrId(dockerRegistryHost);
if (dockerRegistry == null) {
throw new DockerAuthorizationException(dockerRegistryHost, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, dockerRegistryHost));
}
try {
List<DockerRegistryClaim> claims = parseAndValidateScope(userName, dockerRegistry, scope);
JwtRawToken jwtRawToken = dockerAuthService.issueDockerToken(user, dockerRegistryHost, claims);
LOGGER.debug("Successfully issued JWT token for registry {} user {} and scope {}", dockerRegistry, userName, scope);
return jwtRawToken;
} catch (IllegalArgumentException e) {
throw new DockerAuthorizationException(dockerRegistryHost, e.getMessage());
}
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
UserContext(com.epam.pipeline.security.UserContext)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
Example 2 with JwtRawToken
use of com.epam.pipeline.entity.security.JwtRawToken in project cloud-pipeline by epam.
the class JwtAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) {
JwtRawToken jwtRawToken = (JwtRawToken) authentication.getCredentials();
if (jwtRawToken == null) {
throw new AuthenticationServiceException("Authentication error: missing token");
}
JwtTokenClaims claims;
try {
claims = tokenVerifier.readClaims(jwtRawToken.getToken());
} catch (TokenVerificationException e) {
throw new AuthenticationServiceException("Authentication error", e);
}
UserContext context = new UserContext(jwtRawToken, claims);
return new JwtAuthenticationToken(context, context.getAuthorities());
}
Also used :
JwtTokenClaims(com.epam.pipeline.entity.security.JwtTokenClaims)
UserContext(com.epam.pipeline.security.UserContext)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 3 with JwtRawToken
use of com.epam.pipeline.entity.security.JwtRawToken in project cloud-pipeline by epam.
the class JwtFilterAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
JwtRawToken rawToken;
String authorizationHeader = extractAuthHeader(request);
try {
if (!StringUtils.isEmpty(authorizationHeader)) {
// attempt obtain JWT token from HTTP header
rawToken = JwtRawToken.fromHeader(authorizationHeader);
LOGGER.trace("Extracted JWT token from authorization HTTP header");
} else {
// else try to get token from cookies
Cookie authCookie = extractAuthCookie(request);
rawToken = JwtRawToken.fromCookie(authCookie);
LOGGER.trace("Extracted JWT token from authorization cookie");
}
JwtTokenClaims claims = tokenVerifier.readClaims(rawToken.getToken());
UserContext context = new UserContext(rawToken, claims);
JwtAuthenticationToken token = new JwtAuthenticationToken(context, context.getAuthorities());
token.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(token);
} catch (AuthenticationServiceException | TokenVerificationException e) {
LOGGER.trace(e.getMessage(), e);
}
filterChain.doFilter(request, response);
}
Also used :
Cookie(javax.servlet.http.Cookie)
JwtTokenClaims(com.epam.pipeline.entity.security.JwtTokenClaims)
UserContext(com.epam.pipeline.security.UserContext)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Aggregations
JwtRawToken (com.epam.pipeline.entity.security.JwtRawToken)3
UserContext (com.epam.pipeline.security.UserContext)3
JwtTokenClaims (com.epam.pipeline.entity.security.JwtTokenClaims)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)1
DockerAuthorizationException (com.epam.pipeline.exception.docker.DockerAuthorizationException)1
Cookie (javax.servlet.http.Cookie)1
WebAuthenticationDetailsSource (org.springframework.security.web.authentication.WebAuthenticationDetailsSource)1
