Example 1 with InvalidClaimException
use of io.pravega.auth.InvalidClaimException in project pravega by pravega.
the class TokenVerifierImpl method verifyToken.
@Override
public JsonWebToken verifyToken(@NonNull String resource, String token, @NonNull AuthHandler.Permissions expectedLevel) throws TokenExpiredException, InvalidTokenException, InvalidClaimException, TokenException {
if (Strings.isNullOrEmpty(token)) {
throw new InvalidTokenException("Token is null or empty");
}
// All key value pairs inside the payload are returned, including standard fields such as sub (for subject),
// aud (for audience), iat, exp, as well as custom fields of the form "<resource> -> <permission>" set by
// Pravega.
JsonWebToken jwt = JwtParser.parse(token, tokenSigningKey);
Map<String, Object> permissionsByResource = jwt.getPermissionsByResource();
Optional<Map.Entry<String, Object>> matchingClaim = permissionsByResource.entrySet().stream().filter(entry -> resourceMatchesClaimKey(entry.getKey(), resource) && expectedLevel.compareTo(AuthHandler.Permissions.valueOf(entry.getValue().toString())) <= 0).findFirst();
if (!matchingClaim.isPresent()) {
log.debug(String.format("No matching claim found for resource [%s] and permission [%s] in token.", resource, expectedLevel));
throw new InvalidClaimException(String.format("No matching claim found for resource: [%s] and permission: [%s] in the delegation token.", resource, expectedLevel));
}
return jwt;
}
Also used :
InvalidClaimException(io.pravega.auth.InvalidClaimException)
TokenExpiredException(io.pravega.auth.TokenExpiredException)
NonNull(lombok.NonNull)
AuthHandler(io.pravega.auth.AuthHandler)
Exceptions(io.pravega.common.Exceptions)
JsonWebToken(io.pravega.shared.security.token.JsonWebToken)
Strings(com.google.common.base.Strings)
Slf4j(lombok.extern.slf4j.Slf4j)
JwtParser(io.pravega.shared.security.token.JwtParser)
InvalidTokenException(io.pravega.auth.InvalidTokenException)
Map(java.util.Map)
TokenException(io.pravega.auth.TokenException)
Optional(java.util.Optional)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Pattern(java.util.regex.Pattern)
InvalidTokenException(io.pravega.auth.InvalidTokenException)
InvalidClaimException(io.pravega.auth.InvalidClaimException)
JsonWebToken(io.pravega.shared.security.token.JsonWebToken)
Aggregations
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Strings (com.google.common.base.Strings)1
AuthHandler (io.pravega.auth.AuthHandler)1
InvalidClaimException (io.pravega.auth.InvalidClaimException)1
InvalidTokenException (io.pravega.auth.InvalidTokenException)1
TokenException (io.pravega.auth.TokenException)1
TokenExpiredException (io.pravega.auth.TokenExpiredException)1
Exceptions (io.pravega.common.Exceptions)1
JsonWebToken (io.pravega.shared.security.token.JsonWebToken)1
JwtParser (io.pravega.shared.security.token.JwtParser)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Pattern (java.util.regex.Pattern)1
NonNull (lombok.NonNull)1
Slf4j (lombok.extern.slf4j.Slf4j)1
