use of org.sonatype.nexus.security.JwtHelper.JWT_COOKIE_NAME in project nexus-public by sonatype.
the class JwtFilter method preHandle.
@Override
protected boolean preHandle(final ServletRequest request, final ServletResponse response) throws Exception {
Cookie[] cookies = ((HttpServletRequest) request).getCookies();
if (cookies != null) {
Optional<Cookie> jwtCookie = stream(cookies).filter(cookie -> cookie.getName().equals(JWT_COOKIE_NAME)).findFirst();
if (jwtCookie.isPresent()) {
Cookie cookie = jwtCookie.get();
String jwt = cookie.getValue();
if (!Strings2.isEmpty(jwt)) {
Cookie refreshedToken;
try {
refreshedToken = jwtHelper.verifyAndRefreshJwtCookie(jwt);
} catch (JwtVerificationException e) {
// expire the cookie in case of any issues while JWT verification
cookie.setValue("");
cookie.setMaxAge(0);
WebUtils.toHttp(response).addCookie(cookie);
return false;
}
WebUtils.toHttp(response).addCookie(refreshedToken);
}
}
}
return true;
}
use of org.sonatype.nexus.security.JwtHelper.JWT_COOKIE_NAME in project nexus-public by sonatype.
the class JwtSecurityFilter method createSubject.
@Override
protected WebSubject createSubject(final ServletRequest request, final ServletResponse response) {
Cookie[] cookies = ((HttpServletRequest) request).getCookies();
if (cookies != null) {
Optional<Cookie> jwtCookie = stream(cookies).filter(cookie -> cookie.getName().equals(JWT_COOKIE_NAME)).findFirst();
if (jwtCookie.isPresent()) {
Cookie cookie = jwtCookie.get();
SimpleSession session = new SimpleSession(request.getRemoteHost());
DecodedJWT decodedJwt;
String jwt = cookie.getValue();
if (!Strings2.isEmpty(jwt)) {
try {
decodedJwt = jwtHelper.verifyJwt(jwt);
} catch (JwtVerificationException e) {
log.debug("Expire and reset the JWT cookie due to the error: {}", e.getMessage());
cookie.setValue("");
cookie.setMaxAge(0);
WebUtils.toHttp(response).addCookie(cookie);
return super.createSubject(request, response);
}
Claim user = decodedJwt.getClaim(USER);
Claim realm = decodedJwt.getClaim(REALM);
PrincipalCollection principals = new SimplePrincipalCollection(user.asString(), realm.asString());
session.setTimeout(TimeUnit.SECONDS.toMillis(jwtHelper.getExpirySeconds()));
session.setAttribute(JWT_COOKIE_NAME, jwt);
return new WebDelegatingSubject(principals, true, request.getRemoteHost(), session, true, request, response, getSecurityManager());
}
}
}
return super.createSubject(request, response);
}
Aggregations