added JWT support
This commit is contained in:
@ -15,11 +15,20 @@
|
||||
<name>shared-jeeutil</name>
|
||||
|
||||
<properties>
|
||||
<endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.inversoft</groupId>
|
||||
<artifactId>prime-jwt</artifactId>
|
||||
<version>1.3.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax</groupId>
|
||||
<artifactId>javaee-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
@ -37,8 +46,8 @@
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax</groupId>
|
||||
<artifactId>javaee-api</artifactId>
|
||||
<groupId>org.apache.shiro</groupId>
|
||||
<artifactId>shiro-web</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
@ -52,31 +61,6 @@
|
||||
<ejbVersion>3.1</ejbVersion>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<version>2.1</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>validate</phase>
|
||||
<goals>
|
||||
<goal>copy</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${endorsed.dir}</outputDirectory>
|
||||
<silent>true</silent>
|
||||
<artifactItems>
|
||||
<artifactItem>
|
||||
<groupId>javax</groupId>
|
||||
<artifactId>javaee-endorsed-api</artifactId>
|
||||
<version>6.0</version>
|
||||
<type>jar</type>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
|
||||
@ -0,0 +1,84 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package de.muehlencord.shared.jeeutil.jwt;
|
||||
|
||||
import java.time.ZonedDateTime;
|
||||
import org.primeframework.jwt.Verifier;
|
||||
import org.primeframework.jwt.domain.JWT;
|
||||
import org.primeframework.jwt.domain.JWTException;
|
||||
import org.primeframework.jwt.hmac.HMACVerifier;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Joern Muehlencord <joern at muehlencord.de>
|
||||
*/
|
||||
public class JWTDecoder {
|
||||
|
||||
private boolean parsedSuccessfully = false;
|
||||
private JWT jwt = null;
|
||||
|
||||
public JWTDecoder(String password, String issuer, String jwtString) throws JWTException {
|
||||
if ((password == null) || (issuer == null) || (jwtString == null)) {
|
||||
throw new JWTException("password, issuer and jwt must not be null");
|
||||
}
|
||||
Verifier verifier = HMACVerifier.newVerifier(password);
|
||||
// Verifier verifier = RSAVerifier.newVerifier(new String(Files.readAllBytes(Paths.get("public_key.pem"))));
|
||||
try {
|
||||
jwt = JWT.getDecoder().decode(jwtString, verifier);
|
||||
parsedSuccessfully = jwt.issuer.equals(issuer);
|
||||
} catch (JWTException ex) {
|
||||
jwt = null;
|
||||
}
|
||||
}
|
||||
|
||||
public String getIssuer() {
|
||||
if (jwt == null) {
|
||||
return null;
|
||||
} else {
|
||||
return jwt.issuer;
|
||||
}
|
||||
}
|
||||
|
||||
public ZonedDateTime getIssuedAt() {
|
||||
if (jwt == null) {
|
||||
return null;
|
||||
} else {
|
||||
return jwt.issuedAt;
|
||||
}
|
||||
}
|
||||
|
||||
public String getSubject() {
|
||||
if (jwt == null) {
|
||||
return null;
|
||||
} else {
|
||||
return jwt.subject;
|
||||
}
|
||||
}
|
||||
|
||||
public String getUniqueId() {
|
||||
if (jwt == null) {
|
||||
return null;
|
||||
} else {
|
||||
return jwt.uniqueId;
|
||||
}
|
||||
}
|
||||
|
||||
public ZonedDateTime getExpiration() {
|
||||
if (jwt == null) {
|
||||
return null;
|
||||
} else {
|
||||
return jwt.expiration;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isValid() {
|
||||
if ((jwt == null) || (jwt.isExpired())) {
|
||||
return false;
|
||||
} else {
|
||||
return this.parsedSuccessfully;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,36 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package de.muehlencord.shared.jeeutil.jwt;
|
||||
|
||||
import java.time.ZonedDateTime;
|
||||
import org.primeframework.jwt.Signer;
|
||||
import org.primeframework.jwt.domain.JWT;
|
||||
import org.primeframework.jwt.hmac.HMACSigner;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Joern Muehlencord <joern at muehlencord.de>
|
||||
*/
|
||||
public abstract class JWTEncoder {
|
||||
|
||||
public static String encode(String password, String issuer, ZonedDateTime issuedAt, String subject, String uniqueId, short expirationInMinutes ) throws JWTException {
|
||||
if ((password == null) || (issuer == null)) {
|
||||
throw new JWTException("password and issuer must not be null");
|
||||
}
|
||||
Signer signer = HMACSigner.newSHA256Signer(password);
|
||||
// Signer signer = RSASigner.newSHA256Signer(new String(Files.readAllBytes(Paths.get("private_key.pem"))));
|
||||
|
||||
|
||||
JWT jwt = new JWT().setIssuer(issuer) // FIXME - make configurable
|
||||
.setIssuedAt(issuedAt)
|
||||
.setSubject(subject)
|
||||
.setUniqueId(uniqueId)
|
||||
.setExpiration(issuedAt.plusMinutes(expirationInMinutes));
|
||||
return JWT.getEncoder().encode(jwt, signer);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,40 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
package de.muehlencord.shared.jeeutil.jwt;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Joern Muehlencord <joern at muehlencord.de>
|
||||
*/
|
||||
public class JWTException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = 423992803027530544L;
|
||||
|
||||
/**
|
||||
* Creates a new instance of <code>JWTException</code> without detail message.
|
||||
*/
|
||||
public JWTException() {
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Constructs an instance of <code>JWTException</code> with the specified detail message.
|
||||
* @param msg the detail message.
|
||||
*/
|
||||
public JWTException(String msg) {
|
||||
super(msg);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs an instance of <code>JWTException</code> with the specified detail message and root cause.
|
||||
* @param msg the detail message.
|
||||
* @param th the root cause
|
||||
*/
|
||||
public JWTException(String msg, Throwable th) {
|
||||
super(msg,th);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
package de.muehlencord.shared.jeeutil.jwt;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Joern Muehlencord <joern at muehlencord.de>
|
||||
*/
|
||||
public class JWTGuard extends AuthenticationFilter {
|
||||
|
||||
@Override
|
||||
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
|
||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user