private Optional<Token> validateToken(String tokenEncoded, HttpServletRequest request, HttpServletResponse response) { Optional<Claims> claims = jwtSerializer.decode(tokenEncoded); if (!claims.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); Claims token = claims.get(); if (now.after(addSeconds(token.getIssuedAt(), SESSION_DISCONNECT_IN_SECONDS))) { return Optional.empty(); } jwtCsrfVerifier.verifyState(request, (String) token.get(CSRF_JWT_PARAM), token.getSubject()); if (now.after(addSeconds(getLastRefreshDate(token), SESSION_REFRESH_IN_SECONDS))) { refreshToken(token, request, response); } Optional<UserDto> user = selectUserFromUuid(token.getSubject()); if (!user.isPresent()) { return Optional.empty(); } return Optional.of(new Token(user.get(), claims.get())); }
private Optional<UserDto> getUserFromToken(HttpServletRequest request, HttpServletResponse response) { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); if (!token.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); int refreshIntervalInMinutes = Integer.parseInt(settingsByKey.get(SONAR_WEB_SSO_REFRESH_INTERVAL_IN_MINUTES.getKey())); Long lastFreshTime = (Long) token.get().getProperties().get(LAST_REFRESH_TIME_TOKEN_PARAM); if (lastFreshTime == null || now.after(addMinutes(new Date(lastFreshTime), refreshIntervalInMinutes))) { return Optional.empty(); } return Optional.of(token.get().getUserDto()); }
private Optional<Token> validateToken(String tokenEncoded, HttpServletRequest request, HttpServletResponse response) { Optional<Claims> claims = jwtSerializer.decode(tokenEncoded); if (!claims.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); Claims token = claims.get(); if (now.after(addSeconds(token.getIssuedAt(), SESSION_DISCONNECT_IN_SECONDS))) { return Optional.empty(); } jwtCsrfVerifier.verifyState(request, (String) token.get(CSRF_JWT_PARAM), token.getSubject()); if (now.after(addSeconds(getLastRefreshDate(token), SESSION_REFRESH_IN_SECONDS))) { refreshToken(token, request, response); } Optional<UserDto> user = selectUserFromDb(token.getSubject()); if (!user.isPresent()) { return Optional.empty(); } return Optional.of(new Token(user.get(), claims.get())); }
private Optional<UserDto> getUserFromToken(HttpServletRequest request, HttpServletResponse response) { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); if (!token.isPresent()) { return Optional.empty(); } Date now = new Date(system2.now()); int refreshIntervalInMinutes = Integer.parseInt(settingsByKey.get(SONAR_WEB_SSO_REFRESH_INTERVAL_IN_MINUTES.getKey())); Long lastFreshTime = (Long) token.get().getProperties().get(LAST_REFRESH_TIME_TOKEN_PARAM); if (lastFreshTime == null || now.after(addMinutes(new Date(lastFreshTime), refreshIntervalInMinutes))) { return Optional.empty(); } return Optional.of(token.get().getUserDto()); }
/** * The generation of the authentication event should not prevent the removal of JWT cookie, that's why it's done in a separate method */ private void generateAuthenticationEvent(HttpServletRequest request, HttpServletResponse response) { try { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); String userLogin = token.isPresent() ? token.get().getUserDto().getLogin() : null; authenticationEvent.logoutSuccess(request, userLogin); } catch (AuthenticationException e) { authenticationEvent.logoutFailure(request, e.getMessage()); } }
public Optional<UserDto> validateToken(HttpServletRequest request, HttpServletResponse response) { Optional<Token> token = getToken(request, response); if (token.isPresent()) { return Optional.of(token.get().getUserDto()); } return Optional.empty(); }
private void setUser(UserDto user) { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) .thenReturn(Optional.of(new JwtHttpHandler.Token(user, Collections.emptyMap()))); }
private void setUserInToken(UserDto user, @Nullable Long lastRefreshTime) { when(jwtHttpHandler.getToken(any(HttpServletRequest.class), any(HttpServletResponse.class))) .thenReturn(Optional.of(new JwtHttpHandler.Token( user, lastRefreshTime == null ? Collections.emptyMap() : ImmutableMap.of("ssoLastRefreshTime", lastRefreshTime)))); }
public Optional<UserDto> validateToken(HttpServletRequest request, HttpServletResponse response) { Optional<Token> token = getToken(request, response); if (token.isPresent()) { return Optional.of(token.get().getUserDto()); } return Optional.empty(); }
/** * The generation of the authentication event should not prevent the removal of JWT cookie, that's why it's done in a separate method */ private void generateAuthenticationEvent(HttpServletRequest request, HttpServletResponse response) { try { Optional<JwtHttpHandler.Token> token = jwtHttpHandler.getToken(request, response); String userLogin = token.isPresent() ? token.get().getUserDto().getLogin() : null; authenticationEvent.logoutSuccess(request, userLogin); } catch (AuthenticationException e) { authenticationEvent.logoutFailure(request, e.getMessage()); } }