public JwtAuthenticator(final SignatureConfiguration signatureConfiguration, final EncryptionConfiguration encryptionConfiguration) { setSignatureConfiguration(signatureConfiguration); setEncryptionConfiguration(encryptionConfiguration); }
public void setEncryptionConfiguration(final EncryptionConfiguration encryptionConfiguration) { addEncryptionConfiguration(encryptionConfiguration); }
public JwtAuthenticator(final SignatureConfiguration signatureConfiguration) { setSignatureConfiguration(signatureConfiguration); }
final JwtAuthenticator a = new JwtAuthenticator(); a.setSignatureConfiguration(new SecretSignatureConfiguration(signingSecret, signingAlg)); a.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, encAlg, encMethod)); } else { LOGGER.warn("JWT authentication is configured to share a single key for both signing/encryption");
/** * JWT校验器,也就是目前设置的ParameterClient进行的校验器,是rest/或者前后端分离的核心校验器 * * @return */ @Bean protected JwtAuthenticator jwtAuthenticator() { JwtAuthenticator jwtAuthenticator = new JwtAuthenticator(); jwtAuthenticator.addSignatureConfiguration(new SecretSignatureConfiguration(salt)); jwtAuthenticator.addEncryptionConfiguration(new SecretEncryptionConfiguration(salt)); return jwtAuthenticator; }
@Override protected Authenticator getAuthenticator(final Credential credential) { final TokenCredential tokenCredential = (TokenCredential) credential; logger.debug("Locating token secret for service [{}]", tokenCredential.getService()); final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService()); final String signingSecret = getRegisteredServiceJwtSigningSecret(service); final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service); if (StringUtils.isNotBlank(signingSecret)) { if (StringUtils.isBlank(encryptionSecret)) { logger.warn("JWT authentication is configured to share a single key for both signing/encryption"); return new JwtAuthenticator(signingSecret); } return new JwtAuthenticator(signingSecret, encryptionSecret); } logger.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service", service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING); return null; }
public void setSignatureConfiguration(final SignatureConfiguration signatureConfiguration) { addSignatureConfiguration(signatureConfiguration); }
@Override public void validate(final TokenCredentials credentials, final WebContext context) { init(); final String token = credentials.getToken(); createJwtProfile(credentials, jwt);
/** * Validates the token and returns the corresponding user profile. * * @param token the JWT * @return the corresponding user profile */ public Map<String, Object> validateTokenAndGetClaims(final String token) { final CommonProfile profile = validateToken(token); final Map<String, Object> claims = new HashMap<>(profile.getAttributes()); claims.put(JwtClaims.SUBJECT, profile.getId()); return claims; }
@Override protected void internalInit() { assertNotBlank("realmName", this.realmName); defaultProfileDefinition(new CommonProfileDefinition<>(x -> new JwtProfile())); if (signatureConfigurations.isEmpty()) { logger.warn("No signature configurations have been defined: non-signed JWT will be accepted!"); } }
/** * Validates the token and returns the corresponding user profile. * * @param token the JWT * @return the corresponding user profile */ public CommonProfile validateToken(final String token) { final TokenCredentials credentials = new TokenCredentials(token); try { validate(credentials, null); } catch (final HttpAction e) { throw new TechnicalException(e); } catch (final CredentialsException e) { logger.info("Failed to retrieve or validate credentials: {}", e.getMessage()); logger.debug("Failed to retrieve or validate credentials", e); return null; } return credentials.getUserProfile(); }
attributes.remove(JwtGenerator.INTERNAL_PERMISSIONS); final CommonProfile profile = ProfileHelper.restoreOrBuildProfile(getProfileDefinition(), subject, attributes, null);
val jwtAuthenticator = new JwtAuthenticator(); val secretBytes = getSecretBytes(signingSecret, secretsAreBase64Encoded); jwtAuthenticator.setSignatureConfiguration(new SecretSignatureConfiguration(secretBytes, signingAlg)); jwtAuthenticator.setEncryptionConfiguration(new SecretEncryptionConfiguration(encSecretBytes, encAlg, encMethod)); } else { LOGGER.warn("JWT authentication is configured to share jwtAuthenticator single key for both signing/encryption");
ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(new SecretSignatureConfiguration(salt))); parameterClient.setSupportGetRequest(true); parameterClient.setSupportPostRequest(false);
final JwtAuthenticator authenticator = new JwtAuthenticator(); authenticator.setSignatureConfiguration(secretSignatureConfiguration); authenticator.setEncryptionConfiguration(secretEncryptionConfiguration); ParameterClient parameterClient = new ParameterClient("token", authenticator); parameterClient.setSupportGetRequest(true);