use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.
the class AuthTokenServiceTest method test_that_auth_token_too_long_error_is_caught_correctly_for_JWT.
@Test(expected = ApiException.class)
public void test_that_auth_token_too_long_error_is_caught_correctly_for_JWT() throws AuthTokenTooLongException {
String principal = "test-user@domain.com";
String groups = "group1,group2,group3";
OffsetDateTime now = OffsetDateTime.now();
when(dateTimeSupplier.get()).thenReturn(now);
when(tokenFlag.getIssueType()).thenReturn(AuthTokenIssueType.JWT);
when(tokenFlag.getAcceptType()).thenReturn(AuthTokenAcceptType.JWT);
when(jwtService.generateJwtToken(any())).thenThrow(new AuthTokenTooLongException("auth token too long"));
authTokenService.generateToken(principal, PrincipalType.USER, false, groups, 5, 0);
}
use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.
the class AuthTokenService method generateToken.
@Transactional
public CerberusAuthToken generateToken(String principal, PrincipalType principalType, boolean isAdmin, String groups, long ttlInMinutes, int refreshCount) {
checkArgument(StringUtils.isNotBlank(principal), "The principal must be set and not empty");
String id = uuidSupplier.get();
OffsetDateTime now = dateTimeSupplier.get();
switch(tokenFlag.getIssueType()) {
case JWT:
try {
return getCerberusAuthTokenFromJwt(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
} catch (AuthTokenTooLongException e) {
final String msg = e.getMessage();
logger.info(msg);
if (tokenFlag.getAcceptType() == AuthTokenAcceptType.ALL) {
return getCerberusAuthTokenFromSession(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
}
throw ApiException.newBuilder().withApiErrors(CustomApiError.createCustomApiError(DefaultApiError.AUTH_TOKEN_TOO_LONG, msg)).withExceptionMessage(msg).build();
}
case SESSION:
return getCerberusAuthTokenFromSession(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
default:
throw ApiException.newBuilder().withApiErrors(DefaultApiError.INTERNAL_SERVER_ERROR).build();
}
}
use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.
the class JwtService method generateJwtToken.
/**
* Generate JWT token
*
* @param cerberusJwtClaims Cerberus JWT claims
* @return JWT token
*/
public String generateJwtToken(CerberusJwtClaims cerberusJwtClaims) throws AuthTokenTooLongException {
CerberusJwtKeySpec cerberusJwtKeySpec = signingKeyResolver.resolveSigningKey();
String principal = cerberusJwtClaims.getPrincipal();
String jwtToken = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, cerberusJwtKeySpec.getKid()).setId(cerberusJwtClaims.getId()).setIssuer(environmentName).setSubject(principal).claim(PRINCIPAL_TYPE_CLAIM_NAME, cerberusJwtClaims.getPrincipalType()).claim(GROUP_CLAIM_NAME, cerberusJwtClaims.getGroups()).claim(IS_ADMIN_CLAIM_NAME, cerberusJwtClaims.getIsAdmin()).claim(REFRESH_COUNT_CLAIM_NAME, cerberusJwtClaims.getRefreshCount()).setExpiration(Date.from(cerberusJwtClaims.getExpiresTs().toInstant())).setIssuedAt(Date.from(cerberusJwtClaims.getCreatedTs().toInstant())).signWith(cerberusJwtKeySpec).compressWith(CompressionCodecs.GZIP).compact();
int tokenLength = jwtToken.length();
log.info("{}: JWT length: {}", principal, tokenLength);
if (tokenLength > maxTokenLength) {
String msg = String.format("Token for %s is %d characters long. The max is %d bytes.", principal, tokenLength, maxTokenLength);
throw new AuthTokenTooLongException(msg);
}
return jwtToken;
}
Aggregations