Search in sources :

Example 16 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project tutorials by eugenp.

the class JWTFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    try {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String jwt = resolveToken(httpServletRequest);
        if (StringUtils.hasText(jwt) && this.tokenProvider.validateToken(jwt)) {
            Authentication authentication = this.tokenProvider.getAuthentication(jwt);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    } catch (ExpiredJwtException eje) {
        log.info("Security exception for user {} - {}", eje.getClaims().getSubject(), eje.getMessage());
        log.trace("Security exception trace: {}", eje);
        ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) Authentication(org.springframework.security.core.Authentication)

Example 17 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project tutorials by eugenp.

the class JWTFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    try {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String jwt = resolveToken(httpServletRequest);
        if (StringUtils.hasText(jwt) && this.tokenProvider.validateToken(jwt)) {
            Authentication authentication = this.tokenProvider.getAuthentication(jwt);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    } catch (ExpiredJwtException eje) {
        log.info("Security exception for user {} - {}", eje.getClaims().getSubject(), eje.getMessage());
        log.trace("Security exception trace: {}", eje);
        ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) Authentication(org.springframework.security.core.Authentication)

Example 18 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project nifi-registry by apache.

the class JwtService method parseTokenFromBase64EncodedString.

private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
    try {
        return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {

            @Override
            public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
                final String identity = claims.getSubject();
                // Get the key based on the key id in the claims
                final String keyId = claims.get(KEY_ID_CLAIM, String.class);
                final Key key = keyService.getKey(keyId);
                // Ensure we were able to find a key that was previously issued by this key service for this user
                if (key == null || key.getKey() == null) {
                    throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
                }
                return key.getKey().getBytes(StandardCharsets.UTF_8);
            }
        }).parseClaimsJws(base64EncodedToken);
    } catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) {
        // TODO: Exercise all exceptions to ensure none leak key material to logs
        final String errorMessage = "Unable to validate the access token.";
        throw new JwtException(errorMessage, e);
    }
}
Also used : Claims(io.jsonwebtoken.Claims) SigningKeyResolverAdapter(io.jsonwebtoken.SigningKeyResolverAdapter) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) JwsHeader(io.jsonwebtoken.JwsHeader) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) JwtException(io.jsonwebtoken.JwtException) SignatureException(io.jsonwebtoken.SignatureException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) Key(org.apache.nifi.registry.security.key.Key) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Example 19 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project spring-security-jwt-csrf by alexatiks.

the class JWTAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException {
    try {
        Authentication authentication = TokenAuthenticationHelper.getAuthentication(request);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Token expired");
    }
}
Also used : ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) Authentication(org.springframework.security.core.Authentication) SignatureException(io.jsonwebtoken.SignatureException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Aggregations

ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)19 Claims (io.jsonwebtoken.Claims)10 UnsupportedJwtException (io.jsonwebtoken.UnsupportedJwtException)9 MalformedJwtException (io.jsonwebtoken.MalformedJwtException)8 SignatureException (io.jsonwebtoken.SignatureException)8 Authentication (org.springframework.security.core.Authentication)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 JwsHeader (io.jsonwebtoken.JwsHeader)3 JwtException (io.jsonwebtoken.JwtException)3 Date (java.util.Date)3 ServiceException (com.zimbra.common.service.ServiceException)2 AccountServiceException (com.zimbra.cs.account.AccountServiceException)2 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)2 SigningKeyResolverAdapter (io.jsonwebtoken.SigningKeyResolverAdapter)2 SignatureException (io.jsonwebtoken.security.SignatureException)2 Key (java.security.Key)2 SecretKeySpec (javax.crypto.spec.SecretKeySpec)2 Cookie (javax.servlet.http.Cookie)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 User (com.aidanwhiteley.books.domain.User)1