Errors.Collector collector = Errors.collector(); jwtValidator.accept(signed, collector); Errors validationErrors = jwt.validate(oidcConfig.issuer(), oidcConfig.audience()); if (errors.isValid() && validationErrors.isValid()) { errors.log(LOGGER); Subject subject = buildSubject(jwt, signed); if (LOGGER.isLoggable(Level.FINEST)) { errors.log(LOGGER); validationErrors.log(LOGGER);
Errors.Collector collector = Errors.collector(); collector.collect().checkValid(); JsonObject contentJson = parseJson(payloadJsonString, collector, "JWT payload"); collector.collect().checkValid();
/** * Process the messages collected into an {@link Errors} instance. * Clear this collector (e.g. it can be used to collect new messages). * * @return new {@link Errors} instance built with messages collected by this collecto */ public Errors collect() { Errors errors = new Errors(this); clear(); return errors; }
AuthenticationResponse authenticate(ProviderRequest providerRequest, LoginConfig loginConfig) { return atnTokenHandler.extractToken(providerRequest.env().headers()) .map(token -> { SignedJwt signedJwt = SignedJwt.parseToken(token); Errors errors = signedJwt.verifySignature(verifyKeys, defaultJwk); if (errors.isValid()) { Jwt jwt = signedJwt.getJwt(); // verify the audience is correct Errors validate = jwt.validate(expectedIssuer, expectedAudience); if (validate.isValid()) { return AuthenticationResponse.success(buildSubject(jwt, signedJwt)); } else { return AuthenticationResponse.failed("Audience is invalid or missing: " + expectedAudience); } } else { return AuthenticationResponse.failed(errors.toString()); } }).orElseGet(() -> { if (optional) { return AuthenticationResponse.abstain(); } else { return AuthenticationResponse.failed("Header not available or in a wrong format"); } }); }
/** * Validate this JWT against provided validators. * * @param validators Validators to validate with. Obtain them through (e.g.) {@link #defaultTimeValidators()} * , {@link #addAudienceValidator(Collection, String, boolean)} * , {@link #addIssuerValidator(Collection, String, boolean)} * @return errors instance to check if valid and access error messages */ public Errors validate(List<Validator<Jwt>> validators) { Errors.Collector collector = Errors.collector(); validators.forEach(it -> it.validate(this, collector)); return collector.collect(); }
private Optional<SignedJwt> getCachedAppToken() { if (null == appToken) { return Optional.empty(); } if (appJwt.validate(Jwt.defaultTimeValidators()).isValid()) { return Optional.of(appToken); } appToken = null; appJwt = null; return Optional.empty(); }
private Errors(Collector collector) { this.addAll(collector.errors); this.hasFatal = collector.hasFatal; this.hasWarning = collector.hasWarning; this.hasHint = collector.hasHint; }
@Override protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) { if (!authenticate) { return AuthenticationResponse.abstain(); } return atnTokenHandler.extractToken(providerRequest.env().headers()) .map(token -> { SignedJwt signedJwt = SignedJwt.parseToken(token); Errors errors = signedJwt.verifySignature(verifyKeys); if (errors.isValid()) { Jwt jwt = signedJwt.getJwt(); // verify the audience is correct Errors validate = jwt.validate(null, expectedAudience); if (validate.isValid()) { return AuthenticationResponse.success(buildSubject(jwt, signedJwt)); } else { return AuthenticationResponse.failed("Audience is invalid or missing: " + expectedAudience); } } else { return AuthenticationResponse.failed(errors.toString()); } }).orElseGet(() -> { if (optional) { return AuthenticationResponse.abstain(); } else { return AuthenticationResponse.failed("Header not available or in a wrong format"); } }); }
Errors.Collector collector = Errors.collector();
private Errors(Collector collector) { this.addAll(collector.errors); this.hasFatal = collector.hasFatal; this.hasWarning = collector.hasWarning; this.hasHint = collector.hasHint; }
AuthenticationResponse authenticate(ProviderRequest providerRequest, LoginConfig loginConfig) { return atnTokenHandler.extractToken(providerRequest.env().headers()) .map(token -> { SignedJwt signedJwt = SignedJwt.parseToken(token); Errors errors = signedJwt.verifySignature(verifyKeys, defaultJwk); if (errors.isValid()) { Jwt jwt = signedJwt.getJwt(); // verify the audience is correct Errors validate = jwt.validate(expectedIssuer, expectedAudience); if (validate.isValid()) { return AuthenticationResponse.success(buildSubject(jwt, signedJwt)); } else { return AuthenticationResponse.failed("Audience is invalid or missing: " + expectedAudience); } } else { return AuthenticationResponse.failed(errors.toString()); } }).orElseGet(() -> { if (optional) { return AuthenticationResponse.abstain(); } else { return AuthenticationResponse.failed("Header not available or in a wrong format"); } }); }
Errors.Collector collector = Errors.collector(); collector.collect().checkValid(); collector = Errors.collector(); collector.collect().checkValid();
/** * Validate this JWT against provided validators. * * @param validators Validators to validate with. Obtain them through (e.g.) {@link #defaultTimeValidators()} * , {@link #addAudienceValidator(Collection, String, boolean)} * , {@link #addIssuerValidator(Collection, String, boolean)} * @return errors instance to check if valid and access error messages */ public Errors validate(List<Validator<Jwt>> validators) { Errors.Collector collector = Errors.collector(); validators.forEach(it -> it.validate(this, collector)); return collector.collect(); }
/** * Process the messages collected into an {@link Errors} instance. * Clear this collector (e.g. it can be used to collect new messages). * * @return new {@link Errors} instance built with messages collected by this collecto */ public Errors collect() { Errors errors = new Errors(this); clear(); return errors; }
@Override protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) { if (!authenticate) { return AuthenticationResponse.abstain(); } return atnTokenHandler.extractToken(providerRequest.env().headers()) .map(token -> { SignedJwt signedJwt = SignedJwt.parseToken(token); Errors errors = signedJwt.verifySignature(verifyKeys); if (errors.isValid()) { Jwt jwt = signedJwt.getJwt(); // verify the audience is correct Errors validate = jwt.validate(null, expectedAudience); if (validate.isValid()) { return AuthenticationResponse.success(buildSubject(jwt, signedJwt)); } else { return AuthenticationResponse.failed("Audience is invalid or missing: " + expectedAudience); } } else { return AuthenticationResponse.failed(errors.toString()); } }).orElseGet(() -> { if (optional) { return AuthenticationResponse.abstain(); } else { return AuthenticationResponse.failed("Header not available or in a wrong format"); } }); }
Errors.Collector collector = Errors.collector(); collector.collect().checkValid(); JsonObject contentJson = parseJson(payloadJsonString, collector, "JWT payload"); collector.collect().checkValid();
Errors.Collector collector = Errors.collector();