Examples with PowerAuthTokenHttpHeader io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader used on opensource projects

Search in sources :

Example 1 with PowerAuthTokenHttpHeader

use of io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateTokenWithActivationDetails.

@Nonnull
@Override
public PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String tokenHeader, @Nonnull List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader.equals("undefined")) {
        logger.warn("Token HTTP header is missing");
        throw new PowerAuthHeaderMissingException();
    }
    // Parse HTTP header
    final PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Token validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenInvalidException();
    }
    // Prepare authentication object
    final PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    powerAuthTokenAuthentication.setVersion(header.getVersion());
    powerAuthTokenAuthentication.setHttpHeader(header);
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        logger.debug("Invalid token value");
        throw new PowerAuthTokenInvalidException();
    }
    // Check if the signature type is allowed
    final PowerAuthSignatureTypes expectedSignatureType = auth.getAuthenticationContext().getSignatureType();
    if (expectedSignatureType == null || !allowedSignatureTypes.contains(expectedSignatureType)) {
        logger.warn("Invalid signature type in token validation: {}", expectedSignatureType);
        throw new PowerAuthSignatureTypeInvalidException();
    }
    return auth;
}
Also used : PowerAuthHeaderMissingException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException) PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthTokenAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthTokenInvalidException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenInvalidException) PowerAuthSignatureTypeInvalidException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException) PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes) Nonnull(javax.annotation.Nonnull)

Example 2 with PowerAuthTokenHttpHeader

use of io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateToken.

public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader == null || tokenHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Prepare authentication object
    PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
    }
    return auth;
}
Also used : PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)

Example 3 with PowerAuthTokenHttpHeader

use of io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateToken.

@Override
public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader == null || tokenHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Prepare authentication object
    PowerAuthTokenAuthentication powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth;
    try {
        auth = this.authenticate(powerAuthTokenAuthentication);
    } catch (RemoteException e) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SOAP_ERROR");
    }
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
    }
    return auth;
}
Also used : PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.jaxrs.authentication.PowerAuthTokenAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthTokenAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthTokenAuthentication) PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader) RemoteException(java.rmi.RemoteException) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)

Aggregations

PowerAuthSignatureTypes (io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)3 PowerAuthTokenHttpHeader (io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader)3 InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)3 PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)2 PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)2 PowerAuthTokenAuthentication (io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthTokenAuthentication)1 PowerAuthTokenAuthenticationImpl (io.getlime.security.powerauth.rest.api.jaxrs.authentication.PowerAuthTokenAuthenticationImpl)1 PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication)1 PowerAuthTokenAuthenticationImpl (io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl)1 PowerAuthTokenAuthenticationImpl (io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthTokenAuthenticationImpl)1 PowerAuthHeaderMissingException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException)1 PowerAuthSignatureTypeInvalidException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException)1 PowerAuthTokenInvalidException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenInvalidException)1 RemoteException (java.rmi.RemoteException)1 Nonnull (javax.annotation.Nonnull)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial