use of io.pravega.auth.InvalidTokenException in project pravega by pravega.
the class TokenVerifierImpl method verifyToken.
@Override
public JsonWebToken verifyToken(@NonNull String resource, String token, @NonNull AuthHandler.Permissions expectedLevel) throws TokenExpiredException, InvalidTokenException, InvalidClaimException, TokenException {
if (Strings.isNullOrEmpty(token)) {
throw new InvalidTokenException("Token is null or empty");
}
// All key value pairs inside the payload are returned, including standard fields such as sub (for subject),
// aud (for audience), iat, exp, as well as custom fields of the form "<resource> -> <permission>" set by
// Pravega.
JsonWebToken jwt = JwtParser.parse(token, tokenSigningKey);
Map<String, Object> permissionsByResource = jwt.getPermissionsByResource();
Optional<Map.Entry<String, Object>> matchingClaim = permissionsByResource.entrySet().stream().filter(entry -> resourceMatchesClaimKey(entry.getKey(), resource) && expectedLevel.compareTo(AuthHandler.Permissions.valueOf(entry.getValue().toString())) <= 0).findFirst();
if (!matchingClaim.isPresent()) {
log.debug(String.format("No matching claim found for resource [%s] and permission [%s] in token.", resource, expectedLevel));
throw new InvalidClaimException(String.format("No matching claim found for resource: [%s] and permission: [%s] in the delegation token.", resource, expectedLevel));
}
return jwt;
}
use of io.pravega.auth.InvalidTokenException in project pravega by pravega.
the class JwtParser method parse.
public static JsonWebToken parse(String token, byte[] signingKey) {
Claims claims = parseClaims(token, signingKey);
if (claims == null) {
throw new InvalidTokenException("Token has no claims.");
}
final Map<String, Object> permissionsByResource = new HashMap<>();
claims.entrySet().forEach(entry -> {
if (!CLAIMS_TO_FILTER.contains(entry.getKey())) {
permissionsByResource.put(entry.getKey(), entry.getValue());
}
});
return new JsonWebToken(claims.getSubject(), claims.getAudience(), signingKey, claims.getExpiration(), permissionsByResource);
}
use of io.pravega.auth.InvalidTokenException in project pravega by pravega.
the class AdminRequestProcessorAuthFailedTest method setUp.
@Before
public void setUp() throws Exception {
StreamSegmentStore store = mock(StreamSegmentStore.class);
connection = mock(ServerConnection.class);
processor = new AdminRequestProcessorImpl(store, mock(TableStore.class), new TrackedConnection(connection), SegmentStatsRecorder.noOp(), TableSegmentStatsRecorder.noOp(), (resource, token, expectedLevel) -> {
throw new InvalidTokenException("Token verification failed.");
}, false);
}
use of io.pravega.auth.InvalidTokenException in project pravega by pravega.
the class AppendProcessorAuthFailedTest method setUp.
@Before
public void setUp() throws Exception {
StreamSegmentStore store = mock(StreamSegmentStore.class);
connection = mock(ServerConnection.class);
processor = AppendProcessor.defaultBuilder().store(store).connection(new TrackedConnection(connection)).tokenVerifier((resource, token, expectedLevel) -> {
throw new InvalidTokenException("Token verification failed.");
}).build();
}
Aggregations