use of org.sdase.commons.server.auth.error.JwtAuthException in project sda-dropwizard-commons by SDA-SE.
the class JwtAuthFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) {
Span span = tracer.buildSpan("validateToken").withTag(COMPONENT, "JwtAuthFilter").withTag(AUTHENTICATED, false).start();
try (Scope ignored = tracer.scopeManager().activate(span)) {
final MultivaluedMap<String, String> headers = requestContext.getHeaders();
final String jwt = extractAuthorizationToken(headers);
// validates the token and throws exception if invalid or expired
boolean authenticated = authenticate(requestContext, Optional.ofNullable(jwt), SecurityContext.BASIC_AUTH);
span.setTag(AUTHENTICATED, authenticated);
if (!acceptAnonymous && !authenticated) {
throw new JwtAuthException("Credentials are required to access this resource.");
}
} finally {
span.finish();
}
}
use of org.sdase.commons.server.auth.error.JwtAuthException in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256Service method auth.
@Override
public Map<String, Claim> auth(String authorizationToken) {
try {
String keyId = JWT.decode(authorizationToken).getKeyId();
if (keyId == null) {
// check all keys without id
List<LoadedPublicKey> keysWithoutId = rsaPublicKeyLoader.getKeysWithoutId();
if (keysWithoutId.size() > 1) {
LOG.warn("Verifying token without kid trying {} public keys", keysWithoutId.size());
}
Collections.reverse(keysWithoutId);
return keysWithoutId.stream().map(k -> verifyJwtSignature(authorizationToken, k)).filter(Optional::isPresent).map(Optional::get).findFirst().orElseThrow(() -> new JwtAuthException("Could not verify JWT without kid.")).getClaims();
} else {
LoadedPublicKey loadedPublicKey = rsaPublicKeyLoader.getLoadedPublicKey(keyId);
if (loadedPublicKey == null) {
LOG.error("No key found for verification, matching the requested kid {}", keyId);
throw new JwtAuthException("Could not verify JWT with the requested kid.");
}
DecodedJWT jwt = verifyJwtSignature(authorizationToken, loadedPublicKey).orElseThrow(() -> new JwtAuthException("Verifying token failed"));
return jwt.getClaims();
}
} catch (JWTVerificationException e) {
throw new JwtAuthException(e);
}
}
Aggregations