software.sandc.springframework.security.jwt.impl.authority

Class DefaultJWTAuthority

java.lang.Object

software.sandc.springframework.security.jwt.impl.consumer.DefaultJWTConsumer

software.sandc.springframework.security.jwt.impl.authority.DefaultJWTAuthority

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, JWTAuthority, JWTConsumer

public class DefaultJWTAuthority
extends DefaultJWTConsumer
implements JWTAuthority, org.springframework.beans.factory.InitializingBean

Field Summary

Fields

Modifier and Type	Field and Description
protected AuthorityKeyProvider	authorityKeyProvider
protected org.springframework.security.crypto.password.PasswordEncoder	passwordEncoder
protected boolean	refreshSessionOnAuthentication
protected boolean	refreshSessionOnRenewal
protected int	sessionInvalidationDelayInMinutes
protected SessionProvider	sessionProvider
protected int	tokenLifetimeInSeconds
protected org.springframework.security.core.userdetails.UserDetailsChecker	userDetailsChecker
protected org.springframework.security.core.userdetails.UserDetailsService	userDetailsService

Fields inherited from class software.sandc.springframework.security.jwt.impl.consumer.DefaultJWTConsumer

authoritiesParameterName, jwtAuthorityConnector, jwtRequestResponseHandler, sessionIdParameterName, signingKeyResolver, SPRING_SECURITY_JWT_AUTHORITIES_PARAMETER_NAME, SPRING_SECURITY_JWT_SESSION_ID_PARAMETER_NAME, SPRING_SECURITY_JWT_XSRF_PARAMETER_NAME, TEN_YEARS_IN_SECONDS, xsrfParameterName

Constructor Summary

Constructors

Constructor and Description
DefaultJWTAuthority(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
JWTContext	authenticateJWTRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticate HTTP request if the request contains JWT and related tokens are valid. The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.
JWTContext	authenticateLoginRequest(Credentials credentials, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticate login request if the provided credentials are valid. The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.
protected String	convertToString(Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
JWTContext	create(String principal, Parameters parameters) Creates JWTContext for given principal.
JWTContext	createAndAttach(String principal, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Parameters parameters) Create a fully fledged JWTContext for given principal and attach it into given HTTP Response.
protected String	generateXSRFToken()
protected List<String>	getAuthorityListAsString(Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
protected org.springframework.security.core.userdetails.UserDetails	getUserDetails(String principal)
org.springframework.security.core.userdetails.UserDetailsService	getUserDetailsService()
protected void	handleJWTContext(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, JWTContext jwtContext)
boolean	isTokenRenewalEnabled()
protected boolean	isXSRFProtectionDisabled(Parameters parameters)
protected void	refreshSession(JWTContext jwtContext)
JWTContext	renew(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Authenticate HTTP request if the request contains JWT and renew it if renewable.
JWTContext	renew(TokenContainer tokenContainer, Parameters parameters) Renew tokens given in the TokenContainer object.
void	setAuthorityKeyProvider(AuthorityKeyProvider authorityKeyProvider)
void	setPasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder) Set custom password encoder.
void	setRefreshSessionOnAuthentication(boolean refreshSessionOnAuthentication) Refresh related session on each JWT authentication step.
void	setRefreshSessionOnRenewal(boolean refreshSessionOnRenewal) Refresh related session on each JWT renewal.
void	setSessionInvalidationDelayInMinutes(int sessionInvalidationDelayInMinutes) Set session invalidation delay in minutes.
void	setSessionProvider(SessionProvider sessionProvider)
void	setTokenLifetimeInSeconds(int tokenLifetimeInSeconds) Set token lifetime in seconds.
void	setUserDetailsChecker(org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker) Set UserDetailsChecker which will be used to validate the loaded UserDetails object.
void	setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Methods inherited from class software.sandc.springframework.security.jwt.impl.consumer.DefaultJWTConsumer

createJWTContext, extractPrincipal, extractSessionId, getAuthorities, getJWTModeFromParameters, getJwtRequestResponseHandler, setAuthoritiesParameterName, setJWTAuthorityConnector, setJwtRequestResponseHandler, setSessionIdParameterName, setSigningKeyResolver, setXsrfParameterName, validate, validateXSRF

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.sandc.springframework.security.jwt.consumer.JWTConsumer

validate

Field Detail

userDetailsService

protected org.springframework.security.core.userdetails.UserDetailsService userDetailsService

sessionProvider

protected SessionProvider sessionProvider

userDetailsChecker

protected org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker

tokenLifetimeInSeconds

protected int tokenLifetimeInSeconds

sessionInvalidationDelayInMinutes

protected int sessionInvalidationDelayInMinutes

passwordEncoder

protected org.springframework.security.crypto.password.PasswordEncoder passwordEncoder

authorityKeyProvider

protected AuthorityKeyProvider authorityKeyProvider

refreshSessionOnAuthentication

protected boolean refreshSessionOnAuthentication

refreshSessionOnRenewal

protected boolean refreshSessionOnRenewal

Constructor Detail

DefaultJWTAuthority

public DefaultJWTAuthority(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Detail

authenticateJWTRequest

public JWTContext authenticateJWTRequest(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)

Description copied from interface: JWTConsumer

Authenticate HTTP request if the request contains JWT and related tokens are valid.

The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.

Specified by:

authenticateJWTRequest in interface JWTConsumer

Overrides:

authenticateJWTRequest in class DefaultJWTConsumer

Parameters:

request - HTTP request

response - HTTP response

Returns:

A fully fledged JWTContext object.

authenticateLoginRequest

public JWTContext authenticateLoginRequest(Credentials credentials,
                                           javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response)

Description copied from interface: JWTAuthority

Authenticate login request if the provided credentials are valid.

The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.

Specified by:

authenticateLoginRequest in interface JWTAuthority

Parameters:

credentials - Credentials instance which contains principal (unique user identifier like user name, user id, email address etc.) and password.

request - HTTP request

response - HTTP response

Returns:

A fully fledged JWTContext object.

createAndAttach

public JWTContext createAndAttach(String principal,
                                  javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  Parameters parameters)

Description copied from interface: JWTAuthority

Create a fully fledged JWTContext for given principal and attach it into given HTTP Response.

The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.

Specified by:

createAndAttach in interface JWTAuthority

Parameters:

principal - Unique user identifier. This can be the user name or user id according to underlying implementation.

request - HTTP request (may be used to read clients preferences for token handling)

response - HTTP response

parameters - Additional parameters to customize processing of the request. Possible parameters and their effects may differ depending on specific implementation. The parameters may be empty or null.

Returns:

A fully fledged JWTContext object.

create

public JWTContext create(String principal,
                         Parameters parameters)
                  throws UserNotFoundException

Creates JWTContext for given principal. A JWTContext contains all relevant tokens (like JWT or XSRF Tokens) and JWTAuthentication object, which is relevant for Spring-Security.

Specified by:

create in interface JWTAuthority

Parameters:

principal - Unique user identifier. This can be the user name or user id according to underlying implementation.

parameters - Additional parameters to customize processing of the request. Possible parameters and their effects may differ depending on specific implementation. The parameters may be empty or null.

Returns:

Fully fledged JWTContext object.

Throws:

UserNotFoundException - if the user identified with given principal cannot be found.

renew

public JWTContext renew(javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response)

Description copied from interface: JWTAuthority

Authenticate HTTP request if the request contains JWT and renew it if renewable.

The created JWTAuthentication object (which is also the part of JWTContext) is implicitly attached into SecurityContextHolder to inform spring security about the authenticated user.

Renewed token will be attached automatically into the response object.

Specified by:

renew in interface JWTAuthority

Parameters:

request - HTTP request (may be used to read clients preferences for token handling)

response - HTTP response

Returns:

A fully fledged JWTContext object.

renew

public JWTContext renew(TokenContainer tokenContainer,
                        Parameters parameters)

Description copied from interface: JWTAuthority

Renew tokens given in the TokenContainer object.

Specified by:

renew in interface JWTAuthority

Parameters:

tokenContainer - TokenContainer instance which contains JWT and XSRF tokens.

parameters - Additional parameters to customize processing of the request. Possible parameters and their effects may differ depending on specific implementation. The parameters may be empty or null.

Returns:

A fully fledged JWTContext object.

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class DefaultJWTConsumer

Throws:

Exception

isTokenRenewalEnabled

public boolean isTokenRenewalEnabled()

getUserDetailsService

public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()

setUserDetailsService

public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

setSessionProvider

public void setSessionProvider(SessionProvider sessionProvider)

setAuthorityKeyProvider

public void setAuthorityKeyProvider(AuthorityKeyProvider authorityKeyProvider)

setUserDetailsChecker

public void setUserDetailsChecker(org.springframework.security.core.userdetails.UserDetailsChecker userDetailsChecker)

Set UserDetailsChecker which will be used to validate the loaded UserDetails object.

Parameters:

userDetailsChecker - An instance of user details checker implementation.

setTokenLifetimeInSeconds

public void setTokenLifetimeInSeconds(int tokenLifetimeInSeconds)

Set token lifetime in seconds.

Parameters:

tokenLifetimeInSeconds - Token lifetime in seconds.

setSessionInvalidationDelayInMinutes

public void setSessionInvalidationDelayInMinutes(int sessionInvalidationDelayInMinutes)

Set session invalidation delay in minutes.

Parameters:

sessionInvalidationDelayInMinutes - Session invalidation delay in minutes.

setPasswordEncoder

public void setPasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)

Set custom password encoder.

Parameters:

passwordEncoder - Password encoder

setRefreshSessionOnAuthentication

public void setRefreshSessionOnAuthentication(boolean refreshSessionOnAuthentication)

Refresh related session on each JWT authentication step. If you enable this, you can track user activity (by saving last touch date and other user related data) more precisely but this may cause increased database overhead.

Default value is false

Parameters:

refreshSessionOnAuthentication -

setRefreshSessionOnRenewal

public void setRefreshSessionOnRenewal(boolean refreshSessionOnRenewal)

Refresh related session on each JWT renewal. If you disable this, you cannot track user activity (by saving last touch date and other user related data) via user sessions.

Default value is true

Parameters:

refreshSessionOnRenewal -

generateXSRFToken

protected String generateXSRFToken()

convertToString

protected String convertToString(Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

getUserDetails

protected org.springframework.security.core.userdetails.UserDetails getUserDetails(String principal)

getAuthorityListAsString

protected List<String> getAuthorityListAsString(Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

refreshSession

protected void refreshSession(JWTContext jwtContext)

handleJWTContext

protected void handleJWTContext(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                JWTContext jwtContext)

Overrides:

handleJWTContext in class DefaultJWTConsumer

isXSRFProtectionDisabled

protected boolean isXSRFProtectionDisabled(Parameters parameters)