Examples with IdmJwtAuthenticationDto eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto used on opensource projects

Example 6 with IdmJwtAuthenticationDto

use of eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto in project CzechIdMng by bcvsolutions.

the class AuthenticationTestUtils method getAuthDto.

public static IdmJwtAuthenticationDto getAuthDto(IdmIdentityDto user, Collection<GrantedAuthority> authorities) {
    IdmJwtAuthenticationDto d = new IdmJwtAuthenticationDto();
    d.setCurrentUsername(user.getUsername());
    d.setCurrentIdentityId(user.getId());
    d.setIssuedAt(getIat());
    d.setExpiration(getExp());
    d.setAuthorities(new ArrayList<>());
    d.setFromModule("test");
    d.setAuthorities(authorities.stream().map(a -> new DefaultGrantedAuthorityDto(a.toString())).collect(Collectors.toList()));
    return d;
}

Example 7 with IdmJwtAuthenticationDto

use of eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto in project CzechIdMng by bcvsolutions.

the class DefaultJwtAuthenticationServiceTest method createJwtAuthenticationAndAuthenticateTest.

@Test
public void createJwtAuthenticationAndAuthenticateTest() {
    createTestUser();
    IdmIdentityDto identityDto = getTestIdentity();
    LoginDto loginDto = getTestLoginDto();
    LoginDto resultLoginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identityDto, MODULE);
    Assert.assertTrue(securityService.isAuthenticated());
    Assert.assertEquals(USERNAME, securityService.getCurrentUsername());
    Assert.assertEquals(USERNAME, resultLoginDto.getUsername());
    Assert.assertEquals(MODULE, resultLoginDto.getAuthenticationModule());
    Assert.assertNotNull(resultLoginDto.getToken());
    IdmJwtAuthenticationDto jwtAuthenticationDto = resultLoginDto.getAuthentication();
    Assert.assertNotNull(jwtAuthenticationDto);
    Assert.assertEquals(USERNAME, jwtAuthenticationDto.getCurrentUsername());
    Assert.assertEquals(MODULE, jwtAuthenticationDto.getFromModule());
    Assert.assertTrue(jwtAuthenticationDto.getAuthorities().isEmpty());
}

Example 8 with IdmJwtAuthenticationDto

use of eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto in project CzechIdMng by bcvsolutions.

the class ExtendExpirationFilter method doExtendExpiration.

/**
 * Extends token expiration time. There two types of extensions,
 * either by just setting new expiration time or by issuing
 * a fresh token. A fresh token is issued only if the original
 * one in HTTP request is expired or authorities change and
 * user signed in by other means than IdM JWT token (remote OAuth / Basic...).
 *
 * The token with extended expiration is set into a response header.
 *
 * @param req
 * @param res
 */
private void doExtendExpiration(HttpServletRequest req, HttpServletResponse res) {
    if (ctx.isDisabledOrNotExists()) {
        // he cannot be disabled or nonexistent
        return;
    }
    IdmJwtAuthenticationDto token = ctx.getToken();
    token.setExpiration(getNewExpiration());
    // this is a valid state and we only issue a fresh IdM token
    if (ctx.isExpired() || ctx.isAuthoritiesChanged()) {
        token = jwtTokenMapper.toDto((IdmJwtAuthentication) SecurityContextHolder.getContext().getAuthentication());
    }
    try {
        res.setHeader(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME, jwtTokenMapper.writeToken(token));
    } catch (IOException e) {
        LOG.warn("Cannot write token with extended expiration header!");
    }
}

Example 9 with IdmJwtAuthenticationDto

use of eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto in project CzechIdMng by bcvsolutions.

the class JwtIdmAuthenticationFilter method authorize.

@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
    IdmJwtAuthenticationDto claims = null;
    try {
        Optional<Jwt> jwt = HttpFilterUtils.parseToken(token);
        if (!jwt.isPresent()) {
            return false;
        }
        HttpFilterUtils.verifyToken(jwt.get(), jwtTokenMapper.getVerifier());
        claims = jwtTokenMapper.getClaims(jwt.get());
        ctx.setToken(claims);
        Authentication auth = authenticationManager.authenticate(jwtTokenMapper.fromDto(claims));
        LOG.debug("User [{}] successfully logged in.", auth.getName());
        return auth.isAuthenticated();
    } catch (ResultCodeException ex) {
        LOG.warn("Invalid token, reason: [{}]", ex.getMessage());
        ctx.setCodeEx(ex);
        // only expired or authorities changed
        ctx.setToken(claims);
    } catch (AuthenticationException ex) {
        LOG.warn("Invalid authentication, reason: [{}]", ex.getMessage());
        ctx.setAuthEx(ex);
    } catch (InvalidSignatureException | IOException | IllegalArgumentException ex) {
        // client sent some rubbish, just log and ignore
        LOG.warn("Invalid IdM auth token received.", ex);
    }
    return false;
}

Example 10 with IdmJwtAuthenticationDto

use of eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto in project CzechIdMng by bcvsolutions.

the class DefaultJwtAuthenticationService method createJwtAuthenticationAndAuthenticate.

@Override
public LoginDto createJwtAuthenticationAndAuthenticate(LoginDto loginDto, IdmIdentityDto identity, String module) {
    IdmJwtAuthentication authentication = new IdmJwtAuthentication(identity, getAuthExpiration(), grantedAuthoritiesFactory.getGrantedAuthorities(loginDto.getUsername()), module);
    oauthAuthenticationManager.authenticate(authentication);
    IdmJwtAuthenticationDto authenticationDto = jwtTokenMapper.toDto(authentication);
    try {
        loginDto.setAuthenticationModule(module);
        loginDto.setAuthentication(authenticationDto);
        loginDto.setToken(jwtTokenMapper.writeToken(authenticationDto));
        return loginDto;
    } catch (IOException ex) {
        throw new IdmAuthenticationException(ex.getMessage(), ex);
    }
}