Search in sources :

Example 1 with ClientAssertion

use of org.xdi.oxauth.model.token.ClientAssertion in project oxAuth by GluuFederation.

the class AuthenticationFilter method processJwtAuth.

private void processJwtAuth(HttpServletRequest servletRequest, HttpServletResponse servletResponse, FilterChain filterChain) {
    boolean authorized = false;
    try {
        if (servletRequest.getParameter("client_assertion") != null && servletRequest.getParameter("client_assertion_type") != null) {
            String clientId = servletRequest.getParameter("client_id");
            ClientAssertionType clientAssertionType = ClientAssertionType.fromString(servletRequest.getParameter("client_assertion_type"));
            String encodedAssertion = servletRequest.getParameter("client_assertion");
            if (clientAssertionType == ClientAssertionType.JWT_BEARER) {
                ClientAssertion clientAssertion = new ClientAssertion(appConfiguration, clientId, clientAssertionType, encodedAssertion);
                String username = clientAssertion.getSubjectIdentifier();
                String password = clientAssertion.getClientSecret();
                // Identity.username and user isn't authenticated
                if (!username.equals(identity.getCredentials().getUsername()) || !identity.isLoggedIn()) {
                    identity.getCredentials().setUsername(username);
                    identity.getCredentials().setPassword(password);
                    authenticator.authenticateWebService(true);
                    authorized = true;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    } catch (ServletException ex) {
        log.info("JWT authentication failed: {}", ex);
    } catch (IOException ex) {
        log.info("JWT authentication failed: {}", ex);
    } catch (InvalidJwtException ex) {
        log.info("JWT authentication failed: {}", ex);
    }
    try {
        if (!authorized) {
            sendError(servletResponse);
        }
    } catch (IOException ex) {
    }
}
Also used : ServletException(javax.servlet.ServletException) InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException) ClientAssertionType(org.xdi.oxauth.model.token.ClientAssertionType) IOException(java.io.IOException) ClientAssertion(org.xdi.oxauth.model.token.ClientAssertion)

Aggregations

IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)1 ClientAssertion (org.xdi.oxauth.model.token.ClientAssertion)1 ClientAssertionType (org.xdi.oxauth.model.token.ClientAssertionType)1