public class DefaultJWTConsumer extends Object implements JWTConsumer, org.springframework.beans.factory.InitializingBean
| Modifier and Type | Field and Description |
|---|---|
protected String |
authoritiesParameterName |
protected JWTAuthorityConnector |
jwtAuthorityConnector |
protected JWTRequestResponseHandler |
jwtRequestResponseHandler |
protected String |
sessionIdParameterName |
protected io.jsonwebtoken.SigningKeyResolver |
signingKeyResolver |
static String |
SPRING_SECURITY_JWT_AUTHORITIES_PARAMETER_NAME |
static String |
SPRING_SECURITY_JWT_SESSION_ID_PARAMETER_NAME |
static String |
SPRING_SECURITY_JWT_XSRF_PARAMETER_NAME |
protected static Integer |
TEN_YEARS_IN_SECONDS |
protected String |
xsrfParameterName |
| Constructor and Description |
|---|
DefaultJWTConsumer() |
DefaultJWTConsumer(JWTAuthorityConnector jwtAuthorityConnector) |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
JWTContext |
authenticateJWTRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authenticate HTTP request if the request contains JWT and related tokens are valid.
The created JWTAuthentication object (which is also the part of JWTContext) is implicitly
attached into SecurityContextHolder to inform spring security about the authenticated user. |
protected JWTContext |
createJWTContext(String principal,
String sessionId,
String xsrfToken,
Collection<? extends org.springframework.security.core.GrantedAuthority> authorities,
String jwtMode,
String jwtToken) |
protected String |
extractPrincipal(io.jsonwebtoken.Claims claims) |
protected String |
extractSessionId(io.jsonwebtoken.Claims claims) |
protected Collection<org.springframework.security.core.GrantedAuthority> |
getAuthorities(io.jsonwebtoken.Claims claims) |
protected String |
getJWTModeFromParameters(Parameters parameters) |
JWTRequestResponseHandler |
getJwtRequestResponseHandler() |
protected void |
handleJWTContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
JWTContext jwtContext) |
void |
setAuthoritiesParameterName(String authoritiesParameterName) |
void |
setJWTAuthorityConnector(JWTAuthorityConnector jwtAuthorityConnector) |
void |
setJwtRequestResponseHandler(JWTRequestResponseHandler jwtRequestResponseHandler) |
void |
setSessionIdParameterName(String sessionIdParameterName) |
void |
setSigningKeyResolver(io.jsonwebtoken.SigningKeyResolver signingKeyResolver) |
void |
setXsrfParameterName(String xsrfParameterName) |
JWTContext |
validate(TokenContainer tokenContainer,
Parameters parameters)
Validate tokens given in a
TokenContainer instance. |
protected void |
validateXSRF(io.jsonwebtoken.Claims claims,
String xsrfToken) |
protected static final Integer TEN_YEARS_IN_SECONDS
public static final String SPRING_SECURITY_JWT_XSRF_PARAMETER_NAME
public static final String SPRING_SECURITY_JWT_SESSION_ID_PARAMETER_NAME
public static final String SPRING_SECURITY_JWT_AUTHORITIES_PARAMETER_NAME
protected String authoritiesParameterName
protected String sessionIdParameterName
protected String xsrfParameterName
protected JWTAuthorityConnector jwtAuthorityConnector
protected io.jsonwebtoken.SigningKeyResolver signingKeyResolver
protected JWTRequestResponseHandler jwtRequestResponseHandler
public DefaultJWTConsumer()
public DefaultJWTConsumer(JWTAuthorityConnector jwtAuthorityConnector)
public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanExceptionpublic JWTContext authenticateJWTRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
JWTConsumerJWTAuthentication object (which is also the part of JWTContext) is implicitly
attached into SecurityContextHolder to inform spring security about the authenticated user.authenticateJWTRequest in interface JWTConsumerrequest - HTTP requestresponse - HTTP responseJWTContext object.public JWTContext validate(TokenContainer tokenContainer, Parameters parameters) throws InvalidTokenException, ExpiredTokenException
JWTConsumerTokenContainer instance. Validation procedure checks both JWT integrity and
also XSRF (a.k.a CSRF) token validity.validate in interface JWTConsumertokenContainer - TokenContainer instance which contains JWT and XSRF tokens.parameters - Additional parameters to customize processing of the request. Possible parameters and their effects
may differ depending on specific implementation. The parameters may be empty or null.JWTContext object.InvalidTokenException - if the token is not valid or its integrity is not ensured.ExpiredTokenException - if the token is expired.public void setSigningKeyResolver(io.jsonwebtoken.SigningKeyResolver signingKeyResolver)
public void setJWTAuthorityConnector(JWTAuthorityConnector jwtAuthorityConnector)
public void setJwtRequestResponseHandler(JWTRequestResponseHandler jwtRequestResponseHandler)
public JWTRequestResponseHandler getJwtRequestResponseHandler()
public void setAuthoritiesParameterName(String authoritiesParameterName)
public void setXsrfParameterName(String xsrfParameterName)
public void setSessionIdParameterName(String sessionIdParameterName)
protected void handleJWTContext(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
JWTContext jwtContext)
protected void validateXSRF(io.jsonwebtoken.Claims claims,
String xsrfToken)
protected String extractPrincipal(io.jsonwebtoken.Claims claims)
protected String extractSessionId(io.jsonwebtoken.Claims claims)
protected Collection<org.springframework.security.core.GrantedAuthority> getAuthorities(io.jsonwebtoken.Claims claims)
protected JWTContext createJWTContext(String principal, String sessionId, String xsrfToken, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities, String jwtMode, String jwtToken)
protected String getJWTModeFromParameters(Parameters parameters)
Copyright © 2017 S&C Software. All rights reserved.