Example 1 with Claims
use of io.gravitee.management.service.common.JWTHelper.Claims in project gravitee-management-rest-api by gravitee-io.
the class AuthenticationSuccessFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) servletRequest;
final Optional<Cookie> optionalStringToken;
if (req.getCookies() == null) {
optionalStringToken = Optional.empty();
} else {
optionalStringToken = Arrays.stream(req.getCookies()).filter(cookie -> HttpHeaders.AUTHORIZATION.equals(cookie.getName())).filter(cookie -> cookie.getValue() != null && !cookie.getValue().isEmpty()).findAny();
}
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && !optionalStringToken.isPresent()) {
// JWT signer
final Map<String, Object> claims = new HashMap<>();
claims.put(Claims.ISSUER, jwtIssuer);
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
Set<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
// We must also load permissions from repository for configured management or portal role
RoleEntity role = membershipService.getRole(MembershipReferenceType.MANAGEMENT, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.MANAGEMENT);
if (role != null) {
authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
}
role = membershipService.getRole(MembershipReferenceType.PORTAL, MembershipDefaultReferenceId.DEFAULT.toString(), userDetails.getUsername(), RoleScope.PORTAL);
if (role != null) {
authorities.add(new SimpleGrantedAuthority(role.getScope().toString() + ':' + role.getName()));
}
claims.put(Claims.PERMISSIONS, authorities);
claims.put(Claims.SUBJECT, userDetails.getUsername());
claims.put(Claims.EMAIL, userDetails.getEmail());
claims.put(Claims.FIRSTNAME, userDetails.getFirstname());
claims.put(Claims.LASTNAME, userDetails.getLastname());
final JWTSigner.Options options = new JWTSigner.Options();
options.setExpirySeconds(jwtExpireAfter);
options.setIssuedAt(true);
options.setJwtId(true);
final Cookie bearerCookie = jwtCookieGenerator.generate("Bearer " + new JWTSigner(jwtSecret).sign(claims, options));
((HttpServletResponse) servletResponse).addCookie(bearerCookie);
}
filterChain.doFilter(servletRequest, servletResponse);
}
Also used :
Cookie(javax.servlet.http.Cookie)
JWTCookieGenerator(io.gravitee.management.security.cookies.JWTCookieGenerator)
UserDetails(io.gravitee.management.idp.api.authentication.UserDetails)
RoleScope(io.gravitee.repository.management.model.RoleScope)
FilterChain(javax.servlet.FilterChain)
ServletRequest(javax.servlet.ServletRequest)
java.util(java.util)
HttpHeaders(io.gravitee.common.http.HttpHeaders)
RoleEntity(io.gravitee.management.model.RoleEntity)
ServletException(javax.servlet.ServletException)
MembershipDefaultReferenceId(io.gravitee.repository.management.model.MembershipDefaultReferenceId)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
IOException(java.io.IOException)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
MembershipService(io.gravitee.management.service.MembershipService)
ServletResponse(javax.servlet.ServletResponse)
GenericFilterBean(org.springframework.web.filter.GenericFilterBean)
JWTSigner(com.auth0.jwt.JWTSigner)
Claims(io.gravitee.management.service.common.JWTHelper.Claims)
MembershipReferenceType(io.gravitee.repository.management.model.MembershipReferenceType)
Authentication(org.springframework.security.core.Authentication)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
Cookie(javax.servlet.http.Cookie)
JWTSigner(com.auth0.jwt.JWTSigner)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RoleEntity(io.gravitee.management.model.RoleEntity)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
UserDetails(io.gravitee.management.idp.api.authentication.UserDetails)
Authentication(org.springframework.security.core.Authentication)
Aggregations
JWTSigner (com.auth0.jwt.JWTSigner)1
HttpHeaders (io.gravitee.common.http.HttpHeaders)1
UserDetails (io.gravitee.management.idp.api.authentication.UserDetails)1
RoleEntity (io.gravitee.management.model.RoleEntity)1
JWTCookieGenerator (io.gravitee.management.security.cookies.JWTCookieGenerator)1
MembershipService (io.gravitee.management.service.MembershipService)1
Claims (io.gravitee.management.service.common.JWTHelper.Claims)1
MembershipDefaultReferenceId (io.gravitee.repository.management.model.MembershipDefaultReferenceId)1
MembershipReferenceType (io.gravitee.repository.management.model.MembershipReferenceType)1
RoleScope (io.gravitee.repository.management.model.RoleScope)1
IOException (java.io.IOException)1
java.util (java.util)1
FilterChain (javax.servlet.FilterChain)1
ServletException (javax.servlet.ServletException)1
ServletRequest (javax.servlet.ServletRequest)1
ServletResponse (javax.servlet.ServletResponse)1
Cookie (javax.servlet.http.Cookie)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Authentication (org.springframework.security.core.Authentication)1
