Search in sources :

Example 1 with AuthTokenTooLongException

use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.

the class AuthTokenServiceTest method test_that_auth_token_too_long_error_is_caught_correctly_for_JWT.

@Test(expected = ApiException.class)
public void test_that_auth_token_too_long_error_is_caught_correctly_for_JWT() throws AuthTokenTooLongException {
    String principal = "test-user@domain.com";
    String groups = "group1,group2,group3";
    OffsetDateTime now = OffsetDateTime.now();
    when(dateTimeSupplier.get()).thenReturn(now);
    when(tokenFlag.getIssueType()).thenReturn(AuthTokenIssueType.JWT);
    when(tokenFlag.getAcceptType()).thenReturn(AuthTokenAcceptType.JWT);
    when(jwtService.generateJwtToken(any())).thenThrow(new AuthTokenTooLongException("auth token too long"));
    authTokenService.generateToken(principal, PrincipalType.USER, false, groups, 5, 0);
}
Also used : AuthTokenTooLongException(com.nike.cerberus.error.AuthTokenTooLongException) OffsetDateTime(java.time.OffsetDateTime) Test(org.junit.Test)

Example 2 with AuthTokenTooLongException

use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.

the class AuthTokenService method generateToken.

@Transactional
public CerberusAuthToken generateToken(String principal, PrincipalType principalType, boolean isAdmin, String groups, long ttlInMinutes, int refreshCount) {
    checkArgument(StringUtils.isNotBlank(principal), "The principal must be set and not empty");
    String id = uuidSupplier.get();
    OffsetDateTime now = dateTimeSupplier.get();
    switch(tokenFlag.getIssueType()) {
        case JWT:
            try {
                return getCerberusAuthTokenFromJwt(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
            } catch (AuthTokenTooLongException e) {
                final String msg = e.getMessage();
                logger.info(msg);
                if (tokenFlag.getAcceptType() == AuthTokenAcceptType.ALL) {
                    return getCerberusAuthTokenFromSession(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
                }
                throw ApiException.newBuilder().withApiErrors(CustomApiError.createCustomApiError(DefaultApiError.AUTH_TOKEN_TOO_LONG, msg)).withExceptionMessage(msg).build();
            }
        case SESSION:
            return getCerberusAuthTokenFromSession(principal, principalType, isAdmin, groups, ttlInMinutes, refreshCount, id, now);
        default:
            throw ApiException.newBuilder().withApiErrors(DefaultApiError.INTERNAL_SERVER_ERROR).build();
    }
}
Also used : AuthTokenTooLongException(com.nike.cerberus.error.AuthTokenTooLongException) OffsetDateTime(java.time.OffsetDateTime) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with AuthTokenTooLongException

use of com.nike.cerberus.error.AuthTokenTooLongException in project cerberus by Nike-Inc.

the class JwtService method generateJwtToken.

/**
 * Generate JWT token
 *
 * @param cerberusJwtClaims Cerberus JWT claims
 * @return JWT token
 */
public String generateJwtToken(CerberusJwtClaims cerberusJwtClaims) throws AuthTokenTooLongException {
    CerberusJwtKeySpec cerberusJwtKeySpec = signingKeyResolver.resolveSigningKey();
    String principal = cerberusJwtClaims.getPrincipal();
    String jwtToken = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, cerberusJwtKeySpec.getKid()).setId(cerberusJwtClaims.getId()).setIssuer(environmentName).setSubject(principal).claim(PRINCIPAL_TYPE_CLAIM_NAME, cerberusJwtClaims.getPrincipalType()).claim(GROUP_CLAIM_NAME, cerberusJwtClaims.getGroups()).claim(IS_ADMIN_CLAIM_NAME, cerberusJwtClaims.getIsAdmin()).claim(REFRESH_COUNT_CLAIM_NAME, cerberusJwtClaims.getRefreshCount()).setExpiration(Date.from(cerberusJwtClaims.getExpiresTs().toInstant())).setIssuedAt(Date.from(cerberusJwtClaims.getCreatedTs().toInstant())).signWith(cerberusJwtKeySpec).compressWith(CompressionCodecs.GZIP).compact();
    int tokenLength = jwtToken.length();
    log.info("{}: JWT length: {}", principal, tokenLength);
    if (tokenLength > maxTokenLength) {
        String msg = String.format("Token for %s is %d characters long. The max is %d bytes.", principal, tokenLength, maxTokenLength);
        throw new AuthTokenTooLongException(msg);
    }
    return jwtToken;
}
Also used : AuthTokenTooLongException(com.nike.cerberus.error.AuthTokenTooLongException) CerberusJwtKeySpec(com.nike.cerberus.jwt.CerberusJwtKeySpec)

Aggregations

AuthTokenTooLongException (com.nike.cerberus.error.AuthTokenTooLongException)3 OffsetDateTime (java.time.OffsetDateTime)2 CerberusJwtKeySpec (com.nike.cerberus.jwt.CerberusJwtKeySpec)1 Test (org.junit.Test)1 Transactional (org.springframework.transaction.annotation.Transactional)1