Example 6 with JwtClaims
use of org.jose4j.jwt.JwtClaims in project cas by apereo.
the class BasePasswordManagementService method createToken.
@Override
public String createToken(final String to) {
try {
final String token = UUID.randomUUID().toString();
final JwtClaims claims = new JwtClaims();
claims.setJwtId(token);
claims.setIssuer(issuer);
claims.setAudience(issuer);
claims.setExpirationTimeMinutesInTheFuture(passwordManagementProperties.getReset().getExpirationMinutes());
claims.setIssuedAtToNow();
final ClientInfo holder = ClientInfoHolder.getClientInfo();
claims.setStringClaim("origin", holder.getServerIpAddress());
claims.setStringClaim("client", holder.getClientIpAddress());
claims.setSubject(to);
final String json = claims.toJson();
return this.cipherExecutor.encode(json);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
JwtClaims(org.jose4j.jwt.JwtClaims)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
Example 7 with JwtClaims
use of org.jose4j.jwt.JwtClaims in project blueocean-plugin by jenkinsci.
the class JwtImplTest method getToken.
@Test
public void getToken() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
User user = j.jenkins.getUser("alice");
user.setFullName("Alice Cooper");
user.addProperty(new Mailer.UserProperty("alice@jenkins-ci.org"));
JenkinsRule.WebClient webClient = j.createWebClient();
webClient.login("alice");
Page page = webClient.goTo("jwt-auth/token/", null);
String token = page.getWebResponse().getResponseHeaderValue("X-BLUEOCEAN-JWT");
Assert.assertNotNull(token);
JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
System.out.println(token);
System.out.println(jsw.toString());
String kid = jsw.getHeader("kid");
Assert.assertNotNull(kid);
page = webClient.goTo("jwt-auth/jwks/" + kid + "/", "application/json");
// for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
// System.out.println(valuePair);
// }
JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
System.out.println(jsonObject.toString());
RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject, null);
JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// allow some leeway in validating time based claims to account for clock skew
30).setRequireSubject().setVerificationKey(// verify the sign with the public key
rsaJsonWebKey.getKey()).build();
JwtClaims claims = jwtConsumer.processToClaims(token);
Assert.assertEquals("alice", claims.getSubject());
Map<String, Object> claimMap = claims.getClaimsMap();
Map<String, Object> context = (Map<String, Object>) claimMap.get("context");
Map<String, String> userContext = (Map<String, String>) context.get("user");
Assert.assertEquals("alice", userContext.get("id"));
Assert.assertEquals("Alice Cooper", userContext.get("fullName"));
Assert.assertEquals("alice@jenkins-ci.org", userContext.get("email"));
}
Also used :
User(hudson.model.User)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
Mailer(hudson.tasks.Mailer)
Page(com.gargoylesoftware.htmlunit.Page)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
JsonWebSignature(org.jose4j.jws.JsonWebSignature)
JSONObject(net.sf.json.JSONObject)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JSONObject(net.sf.json.JSONObject)
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
Map(java.util.Map)
JsonWebStructure(org.jose4j.jwx.JsonWebStructure)
Test(org.junit.Test)
Example 8 with JwtClaims
use of org.jose4j.jwt.JwtClaims in project blueocean-plugin by jenkinsci.
the class JwtAuthenticationToken method create.
public static Authentication create(StaplerRequest request) {
JwtClaims claims = validate(request);
String subject = null;
try {
subject = claims.getSubject();
if (subject.equals("anonymous")) {
//if anonymous, we don't look in user db
return Jenkins.getInstance().ANONYMOUS;
} else {
return new JwtAuthenticationToken(subject);
}
} catch (MalformedClaimException e) {
logger.error(String.format("Error reading sub header for token %s", claims.getRawJson()), e);
throw new ServiceException.UnauthorizedException("Invalid JWT token: malformed claim");
}
}
Also used :
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
JwtClaims(org.jose4j.jwt.JwtClaims)
Aggregations
JwtClaims (org.jose4j.jwt.JwtClaims)8
JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)3
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)3
JsonWebStructure (org.jose4j.jwx.JsonWebStructure)3
Page (com.gargoylesoftware.htmlunit.Page)2
ServiceException (io.jenkins.blueocean.commons.ServiceException)2
Map (java.util.Map)2
JSONObject (net.sf.json.JSONObject)2
OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)2
ClientInfo (org.apereo.inspektr.common.web.ClientInfo)2
RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)2
JsonWebSignature (org.jose4j.jws.JsonWebSignature)2
MalformedClaimException (org.jose4j.jwt.MalformedClaimException)2
NumericDate (org.jose4j.jwt.NumericDate)2
Test (org.junit.Test)2
User (hudson.model.User)1
Mailer (hudson.tasks.Mailer)1
JwtToken (io.jenkins.blueocean.auth.jwt.JwtToken)1
IOException (java.io.IOException)1
Arrays (java.util.Arrays)1
