static private String signClaims(Claims claims) { // Header Map<String, Object> header = new HashMap<>(); header.put(Header.TYPE, Header.JWT_TYPE); header.put(JwsHeader.ALGORITHM, signatureAlgorithm); // Signature key Key key = new SecretKeySpec(getSecretKey(), signatureAlgorithm.getJcaName()); String ret = Jwts.builder(). setHeader(header). setClaims(claims). signWith(signatureAlgorithm, key). compact(); return ret; }
@Override public CompressionCodec resolveCompressionCodec(Header header) { String cmpAlg = getAlgorithmFromHeader(header); final boolean hasCompressionAlgorithm = Strings.hasText(cmpAlg); if (!hasCompressionAlgorithm) { return null; } if (CompressionCodecs.DEFLATE.getAlgorithmName().equalsIgnoreCase(cmpAlg)) { return CompressionCodecs.DEFLATE; } if (CompressionCodecs.GZIP.getAlgorithmName().equalsIgnoreCase(cmpAlg)) { return CompressionCodecs.GZIP; } throw new CompressionException("Unsupported compression algorithm '" + cmpAlg + "'"); }
protected void validateJwtToken(String token, String username) { Assert.assertNotNull(token); Assert.assertFalse(token.isEmpty()); int i = token.lastIndexOf('.'); Assert.assertTrue(i > 0); String withoutSignature = token.substring(0, i + 1); Jwt<Header, Claims> jwsClaims = Jwts.parser().parseClaimsJwt(withoutSignature); Claims claims = jwsClaims.getBody(); String subject = claims.getSubject(); Assert.assertEquals(username, subject); }
@Override public Map<String, Object> onPlaintextJwt(@SuppressWarnings("rawtypes") Jwt<Header, String> jwt) { if (config.getRequireSigned()) { super.onPlaintextJwt(jwt); } return Collections.emptyMap(); }
public String createTokenForUser(UserAuthentication user) { return Jwts.builder() .setSubject(user.getInternalId() != null ? user.getInternalId() + "" : null) .setHeaderParam(Header.TYPE, Header.JWT_TYPE) .claim(CLAIM_AUTH_PROVIDER, user.getAuthProvider()) .claim(CLAIM_EXTERNAL_ID, user.getExternalId()) .claim(CLAIM_GIVEN_NAME, user.getGivenName()) .claim(CLAIM_SURNAME, user.getSurname()) .claim(CLAIM_EMAIL, user.getEmail()) .claim(CLAIM_AUTHORITIES, user.getAuthorities().stream().map(a -> a.getAuthority()).collect(Collectors.toList())) .setIssuedAt(new Date()) .setExpiration(new Date(new Date().getTime() + DAY_DURATION)) .signWith(SignatureAlgorithm.HS256, secretKey) .compact(); }
public String createTokenForUser(UserAuthentication user) { return Jwts.builder() .setSubject(user.getName()) .setHeaderParam(Header.TYPE, Header.JWT_TYPE) .claim(CLAIM_AUTH_PROVIDER, user.getAuthProvider()) .claim(CLAIM_EXTERNAL_ID, user.getExternalId()) .claim(CLAIM_GIVEN_NAME, user.getGivenName()) .claim(CLAIM_SURNAME, user.getSurname()) .claim(CLAIM_EMAIL, user.getEmail()) .setIssuedAt(new Date()) .setExpiration(new Date(new Date().getTime() + DAY_DURATION)) .signWith(SignatureAlgorithm.HS256, secretKey) .compact(); }
@Override public Jwt<Header, String> parsePlaintextJwt(String plaintextJwt) { return parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() { @Override public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) { return jwt; } }); }
@Override public Jwt<Header, Claims> parseClaimsJwt(String claimsJwt) { try { return parse(claimsJwt, new JwtHandlerAdapter<Jwt<Header, Claims>>() { @Override public Jwt<Header, Claims> onClaimsJwt(Jwt<Header, Claims> jwt) { return jwt; } }); } catch (IllegalArgumentException iae) { throw new UnsupportedJwtException("Signed JWSs are not supported.", iae); } }
@SuppressWarnings("rawtypes") public String getIdentityId(final String keycloakToken) throws JsonProcessingException, IOException { Jwt<Header, Claims> jwt = getJwt(keycloakToken); return jwt.getBody().getSubject(); }
@SuppressWarnings("rawtypes") public String getSessionState(final String keycloakToken) throws JsonProcessingException, IOException { Jwt<Header, Claims> jwt = getJwt(keycloakToken); return jwt.getBody().get(SESSION_STATE).toString(); }
@SuppressWarnings("rawtypes") private Jwt<Header, Claims> getJwt(final String keycloakToken) { String jwt = keycloakToken.replaceFirst(TOKEN_PREFIX, ""); String tokenWithoutSignature = getJWSWithoutSignature(jwt); return Jwts.parser().parseClaimsJwt(tokenWithoutSignature); }
public static Map<String, Object> getTokenBody(String jwsToken) { String jwtToken = jwsToken.substring(0, jwsToken.lastIndexOf(".") + 1); Jwt<Header, Claims> untrusted = Jwts.parser().parseClaimsJwt(jwtToken); return untrusted.getBody(); }
@Override public Map<String, Object> onClaimsJwt(@SuppressWarnings("rawtypes") Jwt<Header, Claims> jwt) { return config.getRequireSigned() ? super.onClaimsJwt(jwt) : jwt.getBody(); }
public DefaultJwt(Header header, B body) { this.header = header; this.body = body; }
@Override public Header getHeader() { return header; }
private String getAlgorithmFromHeader(Header header) { Assert.notNull(header, "header cannot be null."); return header.getCompressionAlgorithm(); }
