Example 16 with Jwt
use of io.helidon.security.jwt.Jwt in project helidon by oracle.
the class JwtProvider method authenticateToken.
private AuthenticationResponse authenticateToken(String token) {
SignedJwt signedJwt;
try {
signedJwt = SignedJwt.parseToken(token);
} catch (Exception e) {
// invalid token
return failOrAbstain("Invalid token" + e);
}
if (verifySignature) {
Errors errors = signedJwt.verifySignature(verifyKeys, defaultJwk);
if (errors.isValid()) {
Jwt jwt = signedJwt.getJwt();
// verify the audience is correct
Errors validate = jwt.validate(null, expectedAudience);
if (validate.isValid()) {
return AuthenticationResponse.success(buildSubject(jwt, signedJwt));
} else {
return failOrAbstain("Audience is invalid or missing: " + expectedAudience);
}
} else {
return failOrAbstain(errors.toString());
}
} else {
return AuthenticationResponse.success(buildSubject(signedJwt.getJwt(), signedJwt));
}
}
Also used :
Errors(io.helidon.common.Errors)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Jwt(io.helidon.security.jwt.Jwt)
SignedJwt(io.helidon.security.jwt.SignedJwt)
JwtException(io.helidon.security.jwt.JwtException)
Example 17 with Jwt
use of io.helidon.security.jwt.Jwt in project helidon by oracle.
the class JwtAuthProvider method propagate.
private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
Map<String, List<String>> headers = new HashMap<>();
Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
Principal principal = subject.principal();
Jwt.Builder builder = Jwt.builder();
principal.abacAttributeNames().forEach(name -> {
principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
});
principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
ot.update(builder);
// MP specific
if (!principal.abacAttribute("upn").isPresent()) {
builder.userPrincipal(principal.getName());
}
Security.getRoles(subject).forEach(builder::addUserGroup);
Jwt jwt = builder.build();
SignedJwt signed = SignedJwt.sign(jwt, jwk);
ot.outboundHandler.header(headers, signed.tokenContent());
return OutboundSecurityResponse.withHeaders(headers);
}
Also used :
IdentityHashMap(java.util.IdentityHashMap)
HashMap(java.util.HashMap)
EncryptedJwt(io.helidon.security.jwt.EncryptedJwt)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Jwt(io.helidon.security.jwt.Jwt)
List(java.util.List)
LinkedList(java.util.LinkedList)
JwtException(io.helidon.security.jwt.JwtException)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Principal(io.helidon.security.Principal)
Jwk(io.helidon.security.jwt.jwk.Jwk)
Example 18 with Jwt
use of io.helidon.security.jwt.Jwt in project helidon by oracle.
the class JwtAuthProvider method impersonate.
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) {
Map<String, List<String>> headers = new HashMap<>();
Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
Jwt.Builder builder = Jwt.builder();
builder.addPayloadClaim("name", username);
builder.subject(username).preferredUsername(username).issuer(issuer).algorithm(jwk.algorithm());
ot.update(builder);
Jwt jwt = builder.build();
SignedJwt signed = SignedJwt.sign(jwt, jwk);
ot.outboundHandler.header(headers, signed.tokenContent());
return OutboundSecurityResponse.withHeaders(headers);
}
Also used :
IdentityHashMap(java.util.IdentityHashMap)
HashMap(java.util.HashMap)
EncryptedJwt(io.helidon.security.jwt.EncryptedJwt)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Jwt(io.helidon.security.jwt.Jwt)
List(java.util.List)
LinkedList(java.util.LinkedList)
JwtException(io.helidon.security.jwt.JwtException)
SignedJwt(io.helidon.security.jwt.SignedJwt)
Jwk(io.helidon.security.jwt.jwk.Jwk)
Example 19 with Jwt
use of io.helidon.security.jwt.Jwt in project helidon by oracle.
the class JsonWebTokenImplTest method testGetClaim.
@Test
void testGetClaim() {
Jwt jwt = Jwt.builder().issuer("issuer").subject("subject").addUserGroup("users").addUserGroup("admins").build();
SignedJwt signed = SignedJwt.sign(jwt, Jwk.NONE_JWK);
JsonWebTokenImpl impl = JsonWebTokenImpl.create(signed);
assertAll(() -> testClaimType(impl, Claims.sub), () -> testClaimType(impl, Claims.groups), () -> testClaimType(impl, Claims.iss));
}Example 20 with Jwt
use of io.helidon.security.jwt.Jwt in project helidon by oracle.
the class JsonWebTokenImplTest method testUpnFromSub.
@Test
void testUpnFromSub() {
String name = "me@example.org";
Jwt jwt = Jwt.builder().subject(name).build();
SignedJwt signed = SignedJwt.sign(jwt, Jwk.NONE_JWK);
JsonWebTokenImpl impl = JsonWebTokenImpl.create(signed);
assertThat(impl.getName(), is(name));
assertThat(impl.getClaim(Claims.upn.name()), is(name));
}Aggregations
Jwt (io.helidon.security.jwt.Jwt)20
SignedJwt (io.helidon.security.jwt.SignedJwt)20
Test (org.junit.jupiter.api.Test)11
Principal (io.helidon.security.Principal)10
Subject (io.helidon.security.Subject)9
AuthenticationResponse (io.helidon.security.AuthenticationResponse)8
EndpointConfig (io.helidon.security.EndpointConfig)8
OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)8
ProviderRequest (io.helidon.security.ProviderRequest)8
SecurityEnvironment (io.helidon.security.SecurityEnvironment)8
JwtException (io.helidon.security.jwt.JwtException)7
Instant (java.time.Instant)7
SecurityContext (io.helidon.security.SecurityContext)6
HashMap (java.util.HashMap)6
List (java.util.List)6
Jwk (io.helidon.security.jwt.jwk.Jwk)5
IdentityHashMap (java.util.IdentityHashMap)5
Errors (io.helidon.common.Errors)4
JwkKeys (io.helidon.security.jwt.jwk.JwkKeys)4
LinkedList (java.util.LinkedList)4
