Search in sources :

Example 1 with JwtAuthentication

use of com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication in project ma-core-public by MangoAutomation.

the class MangoTokenAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof BearerAuthenticationToken)) {
        return null;
    }
    String bearerToken = (String) authentication.getCredentials();
    User user;
    Jws<Claims> jws;
    try {
        jws = tokenAuthenticationService.parse(bearerToken);
        user = tokenAuthenticationService.verify(jws);
    } catch (ExpiredJwtException e) {
        throw new CredentialsExpiredException("JWT token expired", e);
    } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
        // assume that this is not a JWT, allow the next AuthenticationProvider to process it
        return null;
    } catch (SignatureException | MissingClaimException | IncorrectClaimException e) {
        throw new BadCredentialsException("JWT signature verification error or claim incorrect", e);
    } catch (NotFoundException e) {
        throw new BadCredentialsException("Invalid username", e);
    } catch (Exception e) {
        throw new InternalAuthenticationServiceException("Error authenticating with JWT token", e);
    }
    userDetailsChecker.check(user);
    if (log.isDebugEnabled()) {
        log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody());
    }
    return new JwtAuthentication(user, bearerToken, jws, user.getAuthorities());
}
Also used : User(com.serotonin.m2m2.vo.User) Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) NotFoundException(com.infiniteautomation.mango.util.exception.NotFoundException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) SignatureException(io.jsonwebtoken.SignatureException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) NotFoundException(com.infiniteautomation.mango.util.exception.NotFoundException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) MissingClaimException(io.jsonwebtoken.MissingClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.SignatureException) AuthenticationException(org.springframework.security.core.AuthenticationException) MissingClaimException(io.jsonwebtoken.MissingClaimException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Example 2 with JwtAuthentication

use of com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication in project ma-modules-public by infiniteautomation.

the class MangoWebSocketSessionTracker method afterConnectionEstablished.

public void afterConnectionEstablished(WebSocketSession session) {
    String httpSessionId = this.httpSessionIdForSession(session);
    if (httpSessionId != null) {
        sessionsByHttpSessionId.put(httpSessionId, session);
    }
    PermissionHolder permissionHolder = this.userForSession(session);
    Authentication authentication = this.authenticationForSession(session);
    boolean isJwt = authentication instanceof JwtAuthentication;
    User user = permissionHolder.getUser();
    if (user != null) {
        int userId = user.getId();
        if (isJwt) {
            jwtSessionsByUserId.put(userId, session);
        } else {
            otherSessionsByUserId.put(userId, session);
        }
    }
    if (isJwt) {
        JwtAuthentication jwtAuthentication = (JwtAuthentication) authentication;
        Date expiration = jwtAuthentication.getToken().getBody().getExpiration();
        TimeoutTask closeTask = new TimeoutTask(expiration, new CloseSessionTask(session));
        session.getAttributes().put(CLOSE_TIMEOUT_TASK_ATTR, closeTask);
        jwtSessions.add(session);
    }
}
Also used : User(com.serotonin.m2m2.vo.User) JwtAuthentication(com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication) Authentication(org.springframework.security.core.Authentication) PermissionHolder(com.serotonin.m2m2.vo.permission.PermissionHolder) JwtAuthentication(com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication) Date(java.util.Date) TimeoutTask(com.serotonin.m2m2.util.timeout.TimeoutTask)

Example 3 with JwtAuthentication

use of com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication in project ma-modules-public by infiniteautomation.

the class MangoWebSocketSessionTracker method afterConnectionClosed.

public void afterConnectionClosed(WebSocketSession session, CloseStatus closeStatus) {
    String httpSessionId = this.httpSessionIdForSession(session);
    if (httpSessionId != null) {
        sessionsByHttpSessionId.remove(httpSessionId, session);
    }
    PermissionHolder permissionHolder = this.userForSession(session);
    Authentication authentication = this.authenticationForSession(session);
    boolean isJwt = authentication instanceof JwtAuthentication;
    User user = permissionHolder.getUser();
    if (user != null) {
        int userId = user.getId();
        if (isJwt) {
            jwtSessionsByUserId.remove(userId, session);
        } else {
            otherSessionsByUserId.remove(userId, session);
        }
    }
    if (isJwt) {
        TimeoutTask closeTask = (TimeoutTask) session.getAttributes().get(CLOSE_TIMEOUT_TASK_ATTR);
        if (closeTask != null) {
            closeTask.cancel();
        }
        jwtSessions.remove(session);
    }
}
Also used : User(com.serotonin.m2m2.vo.User) JwtAuthentication(com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication) Authentication(org.springframework.security.core.Authentication) PermissionHolder(com.serotonin.m2m2.vo.permission.PermissionHolder) JwtAuthentication(com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication) TimeoutTask(com.serotonin.m2m2.util.timeout.TimeoutTask)

Example 4 with JwtAuthentication

use of com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication in project ma-core-public by infiniteautomation.

the class MangoTokenAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof BearerAuthenticationToken)) {
        return null;
    }
    String bearerToken = (String) authentication.getCredentials();
    User user;
    Jws<Claims> jws;
    try {
        jws = tokenAuthenticationService.parse(bearerToken);
        user = tokenAuthenticationService.verify(jws);
    } catch (ExpiredJwtException e) {
        throw new CredentialsExpiredException("JWT token expired", e);
    } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
        // assume that this is not a JWT, allow the next AuthenticationProvider to process it
        return null;
    } catch (SignatureException | MissingClaimException | IncorrectClaimException e) {
        throw new BadCredentialsException("JWT signature verification error or claim incorrect", e);
    } catch (NotFoundException e) {
        throw new BadCredentialsException("Invalid username", e);
    } catch (Exception e) {
        throw new InternalAuthenticationServiceException("Error authenticating with JWT token", e);
    }
    userDetailsChecker.check(user);
    if (log.isDebugEnabled()) {
        log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody());
    }
    return new JwtAuthentication(user, bearerToken, jws, user.getAuthorities());
}
Also used : User(com.serotonin.m2m2.vo.User) Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) NotFoundException(com.infiniteautomation.mango.util.exception.NotFoundException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) SignatureException(io.jsonwebtoken.SignatureException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) NotFoundException(com.infiniteautomation.mango.util.exception.NotFoundException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) MissingClaimException(io.jsonwebtoken.MissingClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.SignatureException) AuthenticationException(org.springframework.security.core.AuthenticationException) MissingClaimException(io.jsonwebtoken.MissingClaimException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Aggregations

User (com.serotonin.m2m2.vo.User)4 NotFoundException (com.infiniteautomation.mango.util.exception.NotFoundException)2 TimeoutTask (com.serotonin.m2m2.util.timeout.TimeoutTask)2 PermissionHolder (com.serotonin.m2m2.vo.permission.PermissionHolder)2 JwtAuthentication (com.serotonin.m2m2.web.mvc.spring.security.authentication.JwtAuthentication)2 Claims (io.jsonwebtoken.Claims)2 ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)2 IncorrectClaimException (io.jsonwebtoken.IncorrectClaimException)2 MalformedJwtException (io.jsonwebtoken.MalformedJwtException)2 MissingClaimException (io.jsonwebtoken.MissingClaimException)2 SignatureException (io.jsonwebtoken.SignatureException)2 UnsupportedJwtException (io.jsonwebtoken.UnsupportedJwtException)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)2 InternalAuthenticationServiceException (org.springframework.security.authentication.InternalAuthenticationServiceException)2 Authentication (org.springframework.security.core.Authentication)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 Date (java.util.Date)1