Search in sources :

Example 1 with IncorrectClaimException

use of io.jsonwebtoken.IncorrectClaimException in project ma-core-public by infiniteautomation.

the class MangoTokenAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof BearerAuthenticationToken)) {
        return null;
    }
    String bearerToken = (String) authentication.getCredentials();
    User user;
    Jws<Claims> jws;
    try {
        jws = tokenAuthenticationService.parse(bearerToken);
        user = tokenAuthenticationService.verify(jws);
    } catch (ExpiredJwtException e) {
        throw new CredentialsExpiredException(e.getMessage(), e);
    } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
        // assume that this is not a JWT, allow the next AuthenticationProvider to process it
        return null;
    } catch (SignatureException | MissingClaimException | IncorrectClaimException e) {
        throw new BadCredentialsException(e.getMessage(), e);
    } catch (NotFoundException e) {
        throw new BadCredentialsException("Invalid username", e);
    } catch (Exception e) {
        throw new InternalAuthenticationServiceException(e.getMessage(), e);
    }
    userDetailsChecker.check(user);
    if (log.isDebugEnabled()) {
        log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody());
    }
    return new PreAuthenticatedAuthenticationToken(user, bearerToken, user.getAuthorities());
}
Also used : User(com.serotonin.m2m2.vo.User) Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) NotFoundException(com.serotonin.m2m2.vo.exception.NotFoundException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) SignatureException(io.jsonwebtoken.SignatureException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) NotFoundException(com.serotonin.m2m2.vo.exception.NotFoundException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) MissingClaimException(io.jsonwebtoken.MissingClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.SignatureException) AuthenticationException(org.springframework.security.core.AuthenticationException) MissingClaimException(io.jsonwebtoken.MissingClaimException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Example 2 with IncorrectClaimException

use of io.jsonwebtoken.IncorrectClaimException in project jjwt by jwtk.

the class DefaultJwtParser method validateExpectedClaims.

private void validateExpectedClaims(Header header, Claims claims) {
    for (String expectedClaimName : expectedClaims.keySet()) {
        Object expectedClaimValue = normalize(expectedClaims.get(expectedClaimName));
        Object actualClaimValue = normalize(claims.get(expectedClaimName));
        if (expectedClaimValue instanceof Date) {
            try {
                actualClaimValue = claims.get(expectedClaimName, Date.class);
            } catch (Exception e) {
                String msg = "JWT Claim '" + expectedClaimName + "' was expected to be a Date, but its value " + "cannot be converted to a Date using current heuristics.  Value: " + actualClaimValue;
                throw new IncorrectClaimException(header, claims, msg);
            }
        }
        InvalidClaimException invalidClaimException = null;
        if (actualClaimValue == null) {
            String msg = String.format(ClaimJwtException.MISSING_EXPECTED_CLAIM_MESSAGE_TEMPLATE, expectedClaimName, expectedClaimValue);
            invalidClaimException = new MissingClaimException(header, claims, msg);
        } else if (!expectedClaimValue.equals(actualClaimValue)) {
            String msg = String.format(ClaimJwtException.INCORRECT_EXPECTED_CLAIM_MESSAGE_TEMPLATE, expectedClaimName, expectedClaimValue, actualClaimValue);
            invalidClaimException = new IncorrectClaimException(header, claims, msg);
        }
        if (invalidClaimException != null) {
            invalidClaimException.setClaimName(expectedClaimName);
            invalidClaimException.setClaimValue(expectedClaimValue);
            throw invalidClaimException;
        }
    }
}
Also used : MissingClaimException(io.jsonwebtoken.MissingClaimException) InvalidClaimException(io.jsonwebtoken.InvalidClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) Date(java.util.Date) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) WeakKeyException(io.jsonwebtoken.security.WeakKeyException) InvalidKeyException(io.jsonwebtoken.security.InvalidKeyException) ClaimJwtException(io.jsonwebtoken.ClaimJwtException) MissingClaimException(io.jsonwebtoken.MissingClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException) PrematureJwtException(io.jsonwebtoken.PrematureJwtException) InvalidClaimException(io.jsonwebtoken.InvalidClaimException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.security.SignatureException)

Example 3 with IncorrectClaimException

use of io.jsonwebtoken.IncorrectClaimException in project ma-core-public by infiniteautomation.

the class JwtSignerVerifier method verifyClaim.

protected void verifyClaim(Jws<Claims> token, String expectedClaimName, Object expectedClaimValue) {
    JwsHeader<?> header = token.getHeader();
    Claims claims = token.getBody();
    Object actualClaimValue = claims.get(expectedClaimName);
    if (actualClaimValue == null) {
        String msg = String.format(ClaimJwtException.MISSING_EXPECTED_CLAIM_MESSAGE_TEMPLATE, expectedClaimName, expectedClaimValue);
        throw new MissingClaimException(header, claims, msg);
    } else if (!expectedClaimValue.equals(actualClaimValue)) {
        String msg = String.format(ClaimJwtException.INCORRECT_EXPECTED_CLAIM_MESSAGE_TEMPLATE, expectedClaimName, expectedClaimValue, actualClaimValue);
        throw new IncorrectClaimException(header, claims, msg);
    }
}
Also used : Claims(io.jsonwebtoken.Claims) MissingClaimException(io.jsonwebtoken.MissingClaimException) IncorrectClaimException(io.jsonwebtoken.IncorrectClaimException)

Aggregations

IncorrectClaimException (io.jsonwebtoken.IncorrectClaimException)3 MissingClaimException (io.jsonwebtoken.MissingClaimException)3 Claims (io.jsonwebtoken.Claims)2 ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)2 MalformedJwtException (io.jsonwebtoken.MalformedJwtException)2 UnsupportedJwtException (io.jsonwebtoken.UnsupportedJwtException)2 User (com.serotonin.m2m2.vo.User)1 NotFoundException (com.serotonin.m2m2.vo.exception.NotFoundException)1 ClaimJwtException (io.jsonwebtoken.ClaimJwtException)1 InvalidClaimException (io.jsonwebtoken.InvalidClaimException)1 PrematureJwtException (io.jsonwebtoken.PrematureJwtException)1 SignatureException (io.jsonwebtoken.SignatureException)1 InvalidKeyException (io.jsonwebtoken.security.InvalidKeyException)1 SignatureException (io.jsonwebtoken.security.SignatureException)1 WeakKeyException (io.jsonwebtoken.security.WeakKeyException)1 Date (java.util.Date)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)1 InternalAuthenticationServiceException (org.springframework.security.authentication.InternalAuthenticationServiceException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1