Example 1 with JwtTokenParser
use of fish.payara.microprofile.jwtauth.jwt.JwtTokenParser in project Payara by payara.
the class SignedJWTIdentityStore method validate.
public CredentialValidationResult validate(SignedJWTCredential signedJWTCredential) {
final JwtTokenParser jwtTokenParser = new JwtTokenParser(enabledNamespace, customNamespace, disableTypeVerification);
try {
JsonWebTokenImpl jsonWebToken = jwtTokenParser.parse(signedJWTCredential.getSignedJWT(), isEncryptionRequired, publicKeyStore, acceptedIssuer, privateKeyStore);
// verifyAndParseEncryptedJWT audience
final Set<String> recipientsOfThisJWT = jsonWebToken.getAudience();
// find if any recipient is in the allowed audience
Boolean recipientInAudience = allowedAudience.map(recipient -> recipient.stream().anyMatch(a -> recipientsOfThisJWT != null && recipientsOfThisJWT.contains(a))).orElse(true);
if (!recipientInAudience) {
throw new Exception("The intended audience " + recipientsOfThisJWT + " is not a part of allowed audience.");
}
Set<String> groups = new HashSet<>();
Collection<String> groupClaims = jsonWebToken.getClaim("groups");
if (groupClaims != null) {
groups.addAll(groupClaims);
}
return new CredentialValidationResult(jsonWebToken, groups);
} catch (Exception e) {
LOGGER.log(INFO, "Exception trying to parse JWT token.", e);
}
return INVALID_RESULT;
}
Also used :
Arrays(java.util.Arrays)
Properties(java.util.Properties)
JwtTokenParser(fish.payara.microprofile.jwtauth.jwt.JwtTokenParser)
URL(java.net.URL)
Collection(java.util.Collection)
Set(java.util.Set)
INFO(java.util.logging.Level.INFO)
IdentityStore(javax.security.enterprise.identitystore.IdentityStore)
IOException(java.io.IOException)
Thread.currentThread(java.lang.Thread.currentThread)
Config(org.eclipse.microprofile.config.Config)
Logger(java.util.logging.Logger)
JsonWebTokenImpl(fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)
HashSet(java.util.HashSet)
List(java.util.List)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
ISSUER(org.eclipse.microprofile.jwt.config.Names.ISSUER)
INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)
ConfigProvider(org.eclipse.microprofile.config.ConfigProvider)
Duration(java.time.Duration)
Optional(java.util.Optional)
Names(org.eclipse.microprofile.jwt.config.Names)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
JwtTokenParser(fish.payara.microprofile.jwtauth.jwt.JwtTokenParser)
JsonWebTokenImpl(fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Aggregations
JsonWebTokenImpl (fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)1
JwtTokenParser (fish.payara.microprofile.jwtauth.jwt.JwtTokenParser)1
IOException (java.io.IOException)1
Thread.currentThread (java.lang.Thread.currentThread)1
URL (java.net.URL)1
Duration (java.time.Duration)1
Arrays (java.util.Arrays)1
Collection (java.util.Collection)1
HashSet (java.util.HashSet)1
List (java.util.List)1
Optional (java.util.Optional)1
Properties (java.util.Properties)1
Set (java.util.Set)1
INFO (java.util.logging.Level.INFO)1
Logger (java.util.logging.Logger)1
CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)1
INVALID_RESULT (javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)1
IdentityStore (javax.security.enterprise.identitystore.IdentityStore)1
Config (org.eclipse.microprofile.config.Config)1
ConfigProvider (org.eclipse.microprofile.config.ConfigProvider)1
