Search in sources :

Example 1 with JwtAuthException

use of org.sdase.commons.server.auth.error.JwtAuthException in project sda-dropwizard-commons by SDA-SE.

the class JwtAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("validateToken").withTag(COMPONENT, "JwtAuthFilter").withTag(AUTHENTICATED, false).start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        final MultivaluedMap<String, String> headers = requestContext.getHeaders();
        final String jwt = extractAuthorizationToken(headers);
        // validates the token and throws exception if invalid or expired
        boolean authenticated = authenticate(requestContext, Optional.ofNullable(jwt), SecurityContext.BASIC_AUTH);
        span.setTag(AUTHENTICATED, authenticated);
        if (!acceptAnonymous && !authenticated) {
            throw new JwtAuthException("Credentials are required to access this resource.");
        }
    } finally {
        span.finish();
    }
}
Also used : Scope(io.opentracing.Scope) JwtAuthException(org.sdase.commons.server.auth.error.JwtAuthException) Span(io.opentracing.Span)

Example 2 with JwtAuthException

use of org.sdase.commons.server.auth.error.JwtAuthException in project sda-dropwizard-commons by SDA-SE.

the class AuthRSA256Service method auth.

@Override
public Map<String, Claim> auth(String authorizationToken) {
    try {
        String keyId = JWT.decode(authorizationToken).getKeyId();
        if (keyId == null) {
            // check all keys without id
            List<LoadedPublicKey> keysWithoutId = rsaPublicKeyLoader.getKeysWithoutId();
            if (keysWithoutId.size() > 1) {
                LOG.warn("Verifying token without kid trying {} public keys", keysWithoutId.size());
            }
            Collections.reverse(keysWithoutId);
            return keysWithoutId.stream().map(k -> verifyJwtSignature(authorizationToken, k)).filter(Optional::isPresent).map(Optional::get).findFirst().orElseThrow(() -> new JwtAuthException("Could not verify JWT without kid.")).getClaims();
        } else {
            LoadedPublicKey loadedPublicKey = rsaPublicKeyLoader.getLoadedPublicKey(keyId);
            if (loadedPublicKey == null) {
                LOG.error("No key found for verification, matching the requested kid {}", keyId);
                throw new JwtAuthException("Could not verify JWT with the requested kid.");
            }
            DecodedJWT jwt = verifyJwtSignature(authorizationToken, loadedPublicKey).orElseThrow(() -> new JwtAuthException("Verifying token failed"));
            return jwt.getClaims();
        }
    } catch (JWTVerificationException e) {
        throw new JwtAuthException(e);
    }
}
Also used : JWT(com.auth0.jwt.JWT) Logger(org.slf4j.Logger) Verification(com.auth0.jwt.interfaces.Verification) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) LoadedPublicKey(org.sdase.commons.server.auth.key.LoadedPublicKey) LoggerFactory(org.slf4j.LoggerFactory) JwtAuthException(org.sdase.commons.server.auth.error.JwtAuthException) RsaPublicKeyLoader(org.sdase.commons.server.auth.key.RsaPublicKeyLoader) StringUtils(org.apache.commons.lang3.StringUtils) TokenExpiredException(com.auth0.jwt.exceptions.TokenExpiredException) Algorithm(com.auth0.jwt.algorithms.Algorithm) List(java.util.List) Validate(org.apache.commons.lang3.Validate) Map(java.util.Map) Optional(java.util.Optional) Claim(com.auth0.jwt.interfaces.Claim) Collections(java.util.Collections) JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) LoadedPublicKey(org.sdase.commons.server.auth.key.LoadedPublicKey) Optional(java.util.Optional) JwtAuthException(org.sdase.commons.server.auth.error.JwtAuthException) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)

Aggregations

JwtAuthException (org.sdase.commons.server.auth.error.JwtAuthException)2 JWT (com.auth0.jwt.JWT)1 Algorithm (com.auth0.jwt.algorithms.Algorithm)1 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)1 TokenExpiredException (com.auth0.jwt.exceptions.TokenExpiredException)1 Claim (com.auth0.jwt.interfaces.Claim)1 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)1 Verification (com.auth0.jwt.interfaces.Verification)1 Scope (io.opentracing.Scope)1 Span (io.opentracing.Span)1 Collections (java.util.Collections)1 List (java.util.List)1 Map (java.util.Map)1 Optional (java.util.Optional)1 StringUtils (org.apache.commons.lang3.StringUtils)1 Validate (org.apache.commons.lang3.Validate)1 LoadedPublicKey (org.sdase.commons.server.auth.key.LoadedPublicKey)1 RsaPublicKeyLoader (org.sdase.commons.server.auth.key.RsaPublicKeyLoader)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1