Example 21 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class AccountEndpointHandler method getUser.
public void getUser(RoutingContext routingContext) {
JWT token = routingContext.get(ConstantKeys.TOKEN_CONTEXT_KEY);
accountService.get(token.getSub()).subscribe(user -> {
routingContext.put(ConstantKeys.USER_CONTEXT_KEY, user);
routingContext.next();
}, error -> {
LOGGER.error("Unable to retrieve user for Id {}", token.getSub());
routingContext.fail(error);
}, () -> routingContext.fail(new UserNotFoundException(token.getSub())));
}
Also used :
UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException)
JWT(io.gravitee.am.common.jwt.JWT)
Example 22 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class CertificateProviderManagerTest method noneAlgorithmCertificateProvider_nominalCase.
@Test
public void noneAlgorithmCertificateProvider_nominalCase() {
CertificateProvider certificateProvider = certificateProviderManager.create(noneProvider());
JWT jwt = new JWT();
jwt.setIss("iss");
jwt.setSub("sub");
assertEquals("non matching jwt with none algorithm", "eyJhbGciOiJub25lIn0.eyJzdWIiOiJzdWIiLCJpc3MiOiJpc3MifQ.", certificateProvider.getJwtBuilder().sign(jwt));
}Example 23 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class CertificateProviderManagerTest method defaultCertificateProvider_nominalCase.
@Test
public void defaultCertificateProvider_nominalCase() {
CertificateProvider certificateProvider = certificateProviderManager.create(defaultProvider());
JWT jwt = new JWT();
jwt.setIss("iss");
jwt.setSub("sub");
assertEquals("non matching jwt with default certificateProvider", "eyJraWQiOiJkZWZhdWx0LWdyYXZpdGVlLUFNLWtleSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJzdWIiOiJzdWIiLCJpc3MiOiJpc3MifQ.Ti366cJSMVSnvFW1wHYFMdc63zTdIpa42O6AOTWyGKk", certificateProvider.getJwtBuilder().sign(jwt));
}Example 24 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class CustomLogoutSuccessHandler method determineTargetUrl.
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
String logoutRedirectUrl = request.getParameter(LOGOUT_URL_PARAMETER);
if (logoutRedirectUrl != null && !logoutRedirectUrl.isEmpty()) {
setTargetUrlParameter(LOGOUT_URL_PARAMETER);
}
final Cookie[] cookies = request.getCookies();
final Optional<Cookie> authCookie = Stream.of(cookies).filter(c -> authCookieName.equals(c.getName())).findFirst();
authCookie.ifPresent(cookie -> {
try {
final String jwtStr = cookie.getValue().substring("Bearer ".length());
final JWT jwt = jwtParser.parse(jwtStr);
WebAuthenticationDetails details = new WebAuthenticationDetails(request);
// read user profile to obtain same information as login step.
// if the read fails, trace only with information available into the cookie
userService.findById(ReferenceType.ORGANIZATION, (String) jwt.get("org"), (String) jwt.getSub()).doOnSuccess(user -> auditService.report(AuditBuilder.builder(LogoutAuditBuilder.class).user(user).referenceType(ReferenceType.ORGANIZATION).referenceId((String) jwt.get("org")).ipAddress(details.getRemoteAddress()).userAgent(details.getUserAgent()))).doOnError(err -> {
logger.warn("Unable to read user information, trace logout with minimal data", err);
auditService.report(AuditBuilder.builder(LogoutAuditBuilder.class).principal(new EndUserAuthentication(jwt.get("username"), null, new SimpleAuthenticationContext())).referenceType(ReferenceType.ORGANIZATION).referenceId((String) jwt.get("org")).ipAddress(details.getRemoteAddress()).userAgent(details.getUserAgent()));
}).subscribe();
} catch (Exception e) {
logger.warn("Unable to extract information from authentication cookie", e);
}
});
return super.determineTargetUrl(request, response);
}
Also used :
Cookie(javax.servlet.http.Cookie)
JWTParser(io.gravitee.am.jwt.JWTParser)
UserService(io.gravitee.am.management.service.UserService)
JWT(io.gravitee.am.common.jwt.JWT)
EndUserAuthentication(io.gravitee.am.management.handlers.management.api.authentication.provider.security.EndUserAuthentication)
WebAuthenticationDetails(io.gravitee.am.management.handlers.management.api.authentication.web.WebAuthenticationDetails)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SimpleUrlLogoutSuccessHandler(org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler)
AuditService(io.gravitee.am.service.AuditService)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Stream(java.util.stream.Stream)
AuditBuilder(io.gravitee.am.service.reporter.builder.AuditBuilder)
LogoutAuditBuilder(io.gravitee.am.service.reporter.builder.LogoutAuditBuilder)
Environment(org.springframework.core.env.Environment)
Optional(java.util.Optional)
ReferenceType(io.gravitee.am.model.ReferenceType)
OrganizationUserService(io.gravitee.am.management.service.OrganizationUserService)
Cookie(javax.servlet.http.Cookie)
SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext)
JWT(io.gravitee.am.common.jwt.JWT)
WebAuthenticationDetails(io.gravitee.am.management.handlers.management.api.authentication.web.WebAuthenticationDetails)
LogoutAuditBuilder(io.gravitee.am.service.reporter.builder.LogoutAuditBuilder)
SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext)
EndUserAuthentication(io.gravitee.am.management.handlers.management.api.authentication.provider.security.EndUserAuthentication)
Example 25 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class JWTGenerator method generateToken.
private String generateToken(final User user, Date expirationDate) {
try {
JWT jwt = new JWT();
jwt.setJti(SecureRandomString.generate());
jwt.setIat(Instant.now().getEpochSecond());
jwt.setSub(user.getId());
jwt.setExp(expirationDate.toInstant().getEpochSecond());
jwt.put(StandardClaims.PREFERRED_USERNAME, user.getUsername());
jwt.putAll(user.getAdditionalInformation());
return jwtBuilder.sign(jwt);
} catch (Exception ex) {
LOGGER.error("An error occurs while creating JWT token", ex);
return null;
}
}
Also used :
JWT(io.gravitee.am.common.jwt.JWT)
Aggregations
JWT (io.gravitee.am.common.jwt.JWT)130
Test (org.junit.Test)76
Client (io.gravitee.am.model.oidc.Client)72
User (io.gravitee.am.model.User)35
Maybe (io.reactivex.Maybe)27
Json (io.vertx.core.json.Json)26
HttpHeaders (io.gravitee.common.http.HttpHeaders)23
MediaType (io.gravitee.common.http.MediaType)23
Single (io.reactivex.Single)22
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)19
InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)17
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)17
Handler (io.vertx.core.Handler)16
RxWebTestBase (io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase)14
HttpMethod (io.vertx.core.http.HttpMethod)14
BodyHandler (io.vertx.reactivex.ext.web.handler.BodyHandler)14
RunWith (org.junit.runner.RunWith)14
InjectMocks (org.mockito.InjectMocks)14
Mock (org.mockito.Mock)14
OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)11
