@Override public <T> T parse(String compact, JwtHandler<T> handler) throws ExpiredJwtException, MalformedJwtException, SignatureException { Assert.notNull(handler, "JwtHandler argument cannot be null."); Assert.hasText(compact, "JWT String argument cannot be null or empty."); Jwt jwt = parse(compact); if (jwt instanceof Jws) { Jws jws = (Jws) jwt; Object body = jws.getBody(); if (body instanceof Claims) { return handler.onClaimsJws((Jws<Claims>) jws); } else { return handler.onPlaintextJws((Jws<String>) jws); } } else { Object body = jwt.getBody(); if (body instanceof Claims) { return handler.onClaimsJwt((Jwt<Header, Claims>) jwt); } else { return handler.onPlaintextJwt((Jwt<Header, String>) jwt); } } }
private void uncacheRevokedToken(Map<String, Object> data) { String token = data.get(OAuthTokenRevocationAttempt.TOKEN.getName()).toString(); int signatureIndex = token.lastIndexOf('.'); if (signatureIndex <= 0) { return; } Object typeObject = data.get(OAuthTokenRevocationAttempt.TOKEN_TYPE_HINT.getName()); String tokenTypeHint = null; if (typeObject instanceof String) { tokenTypeHint = typeObject.toString(); } try { String nonSignedToken = token.substring(0, signatureIndex + 1); Jwt<Header, Claims> jwt = Jwts.parser().parseClaimsJwt(nonSignedToken); Object stt = jwt.getHeader().get("stt"); String rti = null; Claims body = jwt.getBody(); if ("refresh".equals(stt) || "refresh_token".equals(tokenTypeHint)) { rti = body.getId(); } else if ("access".equals(stt) || "access_token".equals(tokenTypeHint)) { rti = body.get("rti", String.class); } if (rti != null) { String href = baseUrlResolver.getBaseUrl() + "/refreshTokens/" + rti; uncache(href, RefreshToken.class); } } catch (Exception e) {//ignored } }
private void uncacheRevokedToken(Map<String, Object> data) { String token = data.get(OAuthTokenRevocationAttempt.TOKEN.getName()).toString(); int signatureIndex = token.lastIndexOf('.'); if (signatureIndex <= 0) { return; } Object typeObject = data.get(OAuthTokenRevocationAttempt.TOKEN_TYPE_HINT.getName()); String tokenTypeHint = null; if (typeObject instanceof String) { tokenTypeHint = typeObject.toString(); } try { String nonSignedToken = token.substring(0, signatureIndex + 1); Jwt<Header, Claims> jwt = Jwts.parser().parseClaimsJwt(nonSignedToken); Object stt = jwt.getHeader().get("stt"); String rti = null; Claims body = jwt.getBody(); if ("refresh".equals(stt) || "refresh_token".equals(tokenTypeHint)) { rti = body.getId(); } else if ("access".equals(stt) || "access_token".equals(tokenTypeHint)) { rti = body.get("rti", String.class); } if (rti != null) { String href = baseUrlResolver.getBaseUrl() + "/refreshTokens/" + rti; uncache(href, RefreshToken.class); } } catch (Exception e) {//ignored } }
protected Map<String, Serializable> getPrincipal(Jwt jwt) { Map<String, Serializable> principal = new HashMap<>(); principal.put("jwt", (Serializable) jwt.getBody()); return principal; }
@SuppressWarnings("rawtypes") Jwt token, String oauthProvider, String redirectAfterLogin) { DefaultClaims claims = (DefaultClaims) token.getBody(); final String clientId = claims.getAudience();
.parse(splitToken[0] + "." + splitToken[1] + "."); Issuer issuer = whiteList.getIssuer(jwt.getBody().getIssuer()); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Issuer accepted [{}]", issuer.getIssuerId());
@Override public Map<String, String> untrusted(final String token) { final JwtParser parser = Jwts .parser() .requireIssuer(issuer) .setClock(this) .setAllowedClockSkewSeconds(clockSkewSec); // See: https://github.com/jwtk/jjwt/issues/135 final String withoutSignature = substringBeforeLast(token, DOT) + DOT; return parseClaims(() -> parser.parseClaimsJwt(withoutSignature).getBody()); }
public AuthenticationInfo loadAuthenticationInfo(JSONWebToken token) { Key key = getJWTKey(); Jwt jwt; try { jwt = Jwts.parser().setSigningKey(key).parse(token.getPrincipal()); } catch (JwtException e) { throw new AuthenticationException(e); } Map body = (Map) jwt.getBody(); String credentials = legacyHashing ? token.getCredentials() : encryptPassword(token.getCredentials()); String base64Principal = (String) body.get("serialized-principal"); byte[] serializedPrincipal = Base64.decode(base64Principal); Object principal; try { ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(serializedPrincipal)); principal = objectInputStream.readObject(); objectInputStream.close(); } catch (Exception e) { throw new AuthenticationException(e); } return new SimpleAuthenticationInfo(principal, credentials, getName()); }
@Override public <T> T parse(String compact, JwtHandler<T> handler) throws ExpiredJwtException, MalformedJwtException, SignatureException { Assert.notNull(handler, "JwtHandler argument cannot be null."); Assert.hasText(compact, "JWT String argument cannot be null or empty."); Jwt jwt = parse(compact); if (jwt instanceof Jws) { Jws jws = (Jws) jwt; Object body = jws.getBody(); if (body instanceof Claims) { return handler.onClaimsJws((Jws<Claims>) jws); } else { return handler.onPlaintextJws((Jws<String>) jws); } } else { Object body = jwt.getBody(); if (body instanceof Claims) { return handler.onClaimsJwt((Jwt<Header, Claims>) jwt); } else { return handler.onPlaintextJwt((Jwt<Header, String>) jwt); } } }
sendError(response, 401, "Cannot detect or instantiate user."); Claims claims = (Claims) jwtToken.getBody();
@Override public <T> T parse(String compact, JwtHandler<T> handler) throws ExpiredJwtException, MalformedJwtException, SignatureException { Assert.notNull(handler, "JwtHandler argument cannot be null."); Assert.hasText(compact, "JWT String argument cannot be null or empty."); Jwt jwt = parse(compact); if (jwt instanceof Jws) { Jws jws = (Jws) jwt; Object body = jws.getBody(); if (body instanceof Claims) { return handler.onClaimsJws((Jws<Claims>) jws); } else { return handler.onPlaintextJws((Jws<String>) jws); } } else { Object body = jwt.getBody(); if (body instanceof Claims) { return handler.onClaimsJwt((Jwt<Header, Claims>) jwt); } else { return handler.onPlaintextJwt((Jwt<Header, String>) jwt); } } }
} else { claims = parser.parseClaimsJwt(jwt).getBody();
} else { claims = parser.parseClaimsJwt(jwt).getBody();