@POST @Path("{sessionId}") @Consumes(APPLICATION_FORM_URLENCODED) @JWTTokenNeeded @ApiOperation(value = "Allows an attendee to rate a talk") @ApiResponses(value = { @ApiResponse(code = 201, message = "Session rated"), @ApiResponse(code = 400, message = "Invalid input"), @ApiResponse(code = 401, message = "Needs to authenticate first") }) public Response rate(@PathParam("sessionId") @NotEmpty String sessionId, @FormParam("mark") @Min(1) @Max(5) Integer mark, @Context HttpHeaders headers) { // Gets the login from the token String token = headers.getHeaderString(HttpHeaders.AUTHORIZATION).substring("Bearer".length()).trim(); String login = Jwts.parser().setSigningKey(keyGenerator.generateKey()).parseClaimsJws(token).getBody().getSubject(); Rating rating = new Rating(sessionId, login, mark); logger.info("#### rating : " + rating); Rating created = ratingRepository.rateSession(rating); return Response.created(getURIForSelf(created)).entity(created).build(); }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // Get the HTTP Authorization header from the request String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION); logger.info("#### authorizationHeader : " + authorizationHeader); // Check if the HTTP Authorization header is present and formatted correctly if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) { logger.severe("#### invalid authorizationHeader : " + authorizationHeader); throw new NotAuthorizedException("Authorization header must be provided"); } // Extract the token from the HTTP Authorization header String token = authorizationHeader.substring("Bearer".length()).trim(); try { // Validate the token Key key = keyGenerator.generateKey(); Jwts.parser().setSigningKey(key).parseClaimsJws(token); logger.info("#### valid token : " + token); } catch (Exception e) { logger.severe("#### invalid token : " + token); requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build()); } } }
private String issueToken(String login) { Key key = keyGenerator.generateKey(); String jwtToken = Jwts.builder() .setSubject(login) .setIssuer(getUriInfo().getAbsolutePath().toString()) .setIssuedAt(new Date()) .setExpiration(toDate(LocalDateTime.now().plusMinutes(15L))) .signWith(SignatureAlgorithm.HS512, key) .compact(); logger.info("#### generating token for a key : " + jwtToken); return jwtToken; }