Example 1 with JWT
use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.
the class JWTAccessTokenAssertionFilter method getAccessToken.
private String getAccessToken(final String principalName, String serviceName, long expires) {
String accessToken = null;
Principal p = new Principal() {
@Override
public String getName() {
// TODO Auto-generated method stub
return principalName;
}
};
JWT token = null;
try {
token = authority.issueToken(p, serviceName, "RS256", expires);
// Coverity CID 1327961
if (token != null) {
accessToken = token.toString();
}
} catch (TokenServiceException e) {
log.unableToIssueToken(e);
}
return accessToken;
}
Also used :
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
Principal(java.security.Principal)
TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)
Example 2 with JWT
use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.
the class JWTAuthCodeAssertionFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Subject subject = Subject.getSubject(AccessController.getContext());
String principalName = getPrincipalName(subject);
principalName = mapper.mapUserPrincipal(principalName);
JWT authCode;
try {
authCode = authority.issueToken(subject, "RS256");
// get the url for the token service
String url = null;
if (sr != null) {
url = sr.lookupServiceURL("token", "TGS");
}
HashMap<String, Object> map = new HashMap<>();
// Coverity CID 1327960
if (authCode != null) {
map.put("iss", authCode.getIssuer());
map.put("sub", authCode.getPrincipal());
map.put("aud", authCode.getAudience());
map.put("exp", authCode.getExpires());
map.put("code", authCode.toString());
}
if (url != null) {
map.put("tke", url);
}
String jsonResponse = JsonUtils.renderAsJsonString(map);
response.getWriter().write(jsonResponse);
// KNOX-685: response.getWriter().flush();
} catch (TokenServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// break filter chain
return;
}
Also used :
HashMap(java.util.HashMap)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
Subject(javax.security.auth.Subject)
TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)
Example 3 with JWT
use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.
the class JWTFederationFilter method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String header = ((HttpServletRequest) request).getHeader("Authorization");
String wireToken = null;
if (header != null && header.startsWith(BEARER)) {
// what follows the bearer designator should be the JWT token being used to request or as an access token
wireToken = header.substring(BEARER.length());
} else {
// check for query param
wireToken = ((HttpServletRequest) request).getParameter(paramName);
}
if (wireToken != null) {
try {
JWT token = new JWTToken(wireToken);
if (validateToken((HttpServletRequest) request, (HttpServletResponse) response, chain, token)) {
Subject subject = createSubjectFromToken(token);
continueWithEstablishedSecurityContext(subject, (HttpServletRequest) request, (HttpServletResponse) response, chain);
}
} catch (ParseException ex) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
} else {
// no token provided in header
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ParseException(java.text.ParseException)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
Subject(javax.security.auth.Subject)
Example 4 with JWT
use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.
the class SSOCookieFederationFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String wireToken = null;
HttpServletRequest req = (HttpServletRequest) request;
String loginURL = constructLoginURL(req);
wireToken = getJWTFromCookie(req);
if (wireToken == null) {
if (req.getMethod().equals("OPTIONS")) {
// CORS preflight requests to determine allowed origins and related config
// must be able to continue without being redirected
Subject sub = new Subject();
sub.getPrincipals().add(new PrimaryPrincipal("anonymous"));
continueWithEstablishedSecurityContext(sub, req, (HttpServletResponse) response, chain);
}
log.sendRedirectToLoginURL(loginURL);
((HttpServletResponse) response).sendRedirect(loginURL);
} else {
try {
JWT token = new JWTToken(wireToken);
if (validateToken((HttpServletRequest) request, (HttpServletResponse) response, chain, token)) {
Subject subject = createSubjectFromToken(token);
continueWithEstablishedSecurityContext(subject, (HttpServletRequest) request, (HttpServletResponse) response, chain);
}
} catch (ParseException ex) {
((HttpServletResponse) response).sendRedirect(loginURL);
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ParseException(java.text.ParseException)
JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken)
Subject(javax.security.auth.Subject)
Example 5 with JWT
use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.
the class DefaultTokenAuthorityServiceTest method testTokenCreationAudience.
@Test
public void testTokenCreationAudience() throws Exception {
Principal principal = EasyMock.createNiceMock(Principal.class);
EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
MasterService ms = EasyMock.createNiceMock(MasterService.class);
EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
AliasService as = EasyMock.createNiceMock(AliasService.class);
EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
EasyMock.replay(principal, config, ms, as);
KeystoreService ks = new DefaultKeystoreService();
((DefaultKeystoreService) ks).setMasterService(ms);
((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
JWTokenAuthority ta = new DefaultTokenAuthorityService();
((DefaultTokenAuthorityService) ta).setAliasService(as);
((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
JWT token = ta.issueToken(principal, "https://login.example.com", "RS256");
assertEquals("KNOXSSO", token.getIssuer());
assertEquals("john.doe@example.com", token.getSubject());
assertEquals("https://login.example.com", token.getAudience());
assertTrue(ta.verifyToken(token));
}
Also used :
AliasService(org.apache.knox.gateway.services.security.AliasService)
DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority)
DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)
KeystoreService(org.apache.knox.gateway.services.security.KeystoreService)
File(java.io.File)
MasterService(org.apache.knox.gateway.services.security.MasterService)
Principal(java.security.Principal)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
Test(org.junit.Test)
Aggregations
JWT (org.apache.knox.gateway.services.security.token.impl.JWT)27
Principal (java.security.Principal)23
JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)22
HttpServletRequest (javax.servlet.http.HttpServletRequest)20
Test (org.junit.Test)20
JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)19
HttpServletResponse (javax.servlet.http.HttpServletResponse)18
GatewayServices (org.apache.knox.gateway.services.GatewayServices)18
ServletContext (javax.servlet.ServletContext)16
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10
PrintWriter (java.io.PrintWriter)9
StringWriter (java.io.StringWriter)9
Response (javax.ws.rs.core.Response)9
TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)9
Date (java.util.Date)8
ServletOutputStream (javax.servlet.ServletOutputStream)7
Cookie (javax.servlet.http.Cookie)7
TokenServiceException (org.apache.knox.gateway.services.security.token.TokenServiceException)5
File (java.io.File)4
GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)4
