/** * Construct a default JwtClaims * @param expiresIn expires in * @return JwtClaims */ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(expiresIn/60); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
/** * Construct a default JwtClaims * * @return JwtClaims */ public static JwtClaims getDefaultJwtClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes()); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
public JsonWebToken setIssuedAtToNow() { claims.setIssuedAtToNow(); return this; }
@Override public String createToken(final String to) { try { val token = UUID.randomUUID().toString(); val claims = new JwtClaims(); claims.setJwtId(token); claims.setIssuer(issuer); claims.setAudience(issuer); claims.setExpirationTimeMinutesInTheFuture(properties.getReset().getExpirationMinutes()); claims.setIssuedAtToNow(); val holder = ClientInfoHolder.getClientInfo(); if (holder != null) { claims.setStringClaim("origin", holder.getServerIpAddress()); claims.setStringClaim("client", holder.getClientIpAddress()); } claims.setSubject(to); LOGGER.debug("Creating password management token for [{}]", to); val json = claims.toJson(); LOGGER.debug("Encoding the generated JSON token..."); return this.cipherExecutor.encode(json); } catch (final Exception e) { LOGGER.error(e.getMessage(), e); } return null; }
@NotNull public static String createToken(@NotNull JsonWebEncryption jwe, @NotNull User user, @NotNull NumericDate expireAt) { try { JwtClaims claims = new JwtClaims(); claims.setExpirationTime(expireAt); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(0.5f); // time before which the token is not yet valid (30 seconds ago) if (!user.isAnonymous()) { claims.setSubject(user.getUserName()); // the subject/principal is whom the token is about setClaim(claims, "email", user.getEmail()); setClaim(claims, "name", user.getRealName()); setClaim(claims, "external", user.getExternalId()); } jwe.setPayload(claims.toJson()); return jwe.getCompactSerialization(); } catch (JoseException e) { throw new IllegalStateException(e); } }
expirationDate.addSeconds(timeoutInSeconds); claims.setExpirationTime(expirationDate); claims.setIssuedAtToNow(); claims.setSubject(profile.getId());
public static String getJwt(Map<String, Object> userMap, Boolean rememberMe) throws JoseException { String jwt = null; JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer); claims.setAudience(audience); claims.setExpirationTimeMinutesInTheFuture(rememberMe ? rememberMin : expireMin); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(clockSkewMin); claims.setSubject(subject); claims.setClaim("userId", userMap.get("userId")); claims.setClaim("clientId", userMap.get("clientId")); claims.setStringListClaim("roles", (List<String>)userMap.get("roles")); if(userMap.get("host") != null) claims.setClaim("host", userMap.get("host")); JsonWebSignature jws = new JsonWebSignature(); // The payload of the JWS is JSON content of the JWT Claims jws.setPayload(claims.toJson()); // The JWT is signed using the sender's private key jws.setKey(privateKey); // Set the signature algorithm on the JWT/JWS that will integrity protect the claims jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS // representation, which is a string consisting of three dot ('.') separated // base64url-encoded parts in the form Header.Payload.Signature jwt = jws.getCompactSerialization(); //System.out.println("JWT: " + jwt); return jwt; }
/** * Construct a default JwtClaims * @param expiresIn expires in * @return JwtClaims */ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(expiresIn/60); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
/** * Construct a default JwtClaims * * @return JwtClaims */ public static JwtClaims getDefaultJwtClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer(jwtConfig.getIssuer()); claims.setAudience(jwtConfig.getAudience()); claims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes()); claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setClaim("version", jwtConfig.getVersion()); return claims; }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
@Override public void setUser(DemoiselleUser user, String issuer, String audience) { long time = (org.jose4j.jwt.NumericDate.now().getValueInMillis() + (config.getTimetoLiveMilliseconds())); try { JwtClaims claims = new JwtClaims(); claims.setIssuer(issuer != null ? issuer : config.getIssuer()); claims.setExpirationTime(org.jose4j.jwt.NumericDate.fromMilliseconds(time)); claims.setAudience(audience != null ? audience : config.getAudience()); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(1); claims.setClaim("identity", (user.getIdentity())); claims.setClaim("name", (user.getName())); claims.setClaim("roles", (user.getRoles())); claims.setClaim("permissions", (user.getPermissions())); claims.setClaim("params", (user.getParams())); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(privateKey); jws.setKeyIdHeaderValue("demoiselle-security-jwt"); jws.setAlgorithmHeaderValue(config.getAlgorithmIdentifiers()); token.setKey(jws.getCompactSerialization()); token.setType(TokenType.JWT); } catch (JoseException ex) { throw new DemoiselleSecurityException(bundle.general(), Response.Status.UNAUTHORIZED.getStatusCode(), ex); } }
claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)