@Override protected boolean shouldProcess(HttpServletRequest request) { String jwtToken = JwtUtil.extractJwt(request); if (!StringUtils.isEmpty(jwtToken)) { try { Jwt jwt = new SimpleJwtParser().parse(jwtToken); boolean wasIssuedByHost = jwtWasIssuedByHost(jwt.getIssuer()); log.debug("wasIssuedByHost={}", wasIssuedByHost); return wasIssuedByHost; } catch (Exception e) { // one of the many possible JWT reading exceptions was thrown - log for debugging and let the invoking test fail log.error(String.format("Failed to read JWT token '%s' due to exception: ", jwtToken), e); } } log.debug("JWT token was empty: should not process request"); return false; }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { final Jwt unvalidatedJwt; try { unvalidatedJwt = new SimpleJwtParser().parse(authentication.getCredentials().toString()); } catch (JwtParseException e) { throw new BadCredentialsException("Invalid JWT", e); } final TenantContext tenantContext = clientRegistry.get(unvalidatedJwt.getIssuer()).get(); final String rawJwt = (String) authentication.getCredentials(); NimbusMacJwtReader reader = new NimbusMacJwtReader(tenantContext.getSharedSecret()); try { final com.atlassian.jwt.Jwt verifiedJwt = reader.readAndVerify(rawJwt, Collections.<String, JwtClaimVerifier>emptyMap()); final TenantRequestContext tenantRequestContext = TenantRequestContext.initialise(tenantContext, verifiedJwt); final JwtAuthentication jwtAuthentication = new JwtAuthentication(authentication.getPrincipal().toString(), verifiedJwt, tenantRequestContext); log.info("Authenticated with JWT as principal {} from issuer {}", jwtAuthentication.getPrincipal(), verifiedJwt.getIssuer()); return jwtAuthentication; } catch (JwtParseException | JwtVerificationException e) { throw new BadCredentialsException("Invalid JWT", e); } } }