Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
- <dependency>
- <groupId>com.googlecode.jsontoken</groupId>
- <artifactId>jsontoken</artifactId>
- <version>1.0</version>
- </dependency>
- import java.security.InvalidKeyException;
- import java.security.SignatureException;
- import java.util.Calendar;
- import java.util.List;
- import net.oauth.jsontoken.JsonToken;
- import net.oauth.jsontoken.JsonTokenParser;
- import net.oauth.jsontoken.crypto.HmacSHA256Signer;
- import net.oauth.jsontoken.crypto.HmacSHA256Verifier;
- import net.oauth.jsontoken.crypto.SignatureAlgorithm;
- import net.oauth.jsontoken.crypto.Verifier;
- import net.oauth.jsontoken.discovery.VerifierProvider;
- import net.oauth.jsontoken.discovery.VerifierProviders;
- import org.apache.commons.lang3.StringUtils;
- import org.bson.types.ObjectId;
- import org.joda.time.DateTime;
- import com.google.common.collect.Lists;
- import com.google.gson.JsonObject;
- import com.google.wallet.online.jwt.util.IgnoreAudience;
- /**
- * Provides static methods for creating and verifying access tokens and such.
- * @author davidm
- *
- */
- public class AuthHelper {
- private static final String AUDIENCE = "NotReallyImportant";
- private static final String ISSUER = "YourCompanyOrAppNameHere";
- private static final String SIGNING_KEY = "PutAPrettyLongAndHardToGuessValueHereShouldIncludeSpecialCharacters";
- /**
- * Creates a json web token which is a digitally signed token that contains a payload (e.g. userId to identify
- * the user). The signing key is secret. That ensures that the token is authentic and has not been modified.
- * Using a jwt eliminates the need to store authentication session information in a database.
- * @param userId
- * @param durationDays
- * @return
- */
- public static String createJsonWebToken(String userId, Long durationDays) {
- //Current time and signing algorithm
- Calendar cal = Calendar.getInstance();
- HmacSHA256Signer signer;
- try {
- signer = new HmacSHA256Signer(ISSUER, null, SIGNING_KEY.getBytes());
- } catch (InvalidKeyException e) {
- throw new RuntimeException(e);
- }
- //Configure JSON token
- JsonToken token = new net.oauth.jsontoken.JsonToken(signer);
- token.setAudience(AUDIENCE);
- token.setIssuedAt(new org.joda.time.Instant(cal.getTimeInMillis()));
- token.setExpiration(new org.joda.time.Instant(cal.getTimeInMillis() + 1000L * 60L * 60L * 24L * durationDays));
- //Configure request object, which provides information of the item
- JsonObject request = new JsonObject();
- request.addProperty("userId", userId);
- JsonObject payload = token.getPayloadAsJsonObject();
- payload.add("info", request);
- try {
- return token.serializeAndSign();
- } catch (SignatureException e) {
- throw new RuntimeException(e);
- }
- }
- /**
- * Verifies a json web token's validity and extracts the user id and other information from it.
- * @param token
- * @return
- * @throws SignatureException
- * @throws InvalidKeyException
- */
- public static TokenInfo verifyToken(String token)
- {
- try {
- final Verifier hmacVerifier = new HmacSHA256Verifier(SIGNING_KEY.getBytes());
- VerifierProvider hmacLocator = new VerifierProvider() {
- @Override
- public List<Verifier> findVerifier(String id, String key){
- return Lists.newArrayList(hmacVerifier);
- }
- };
- VerifierProviders locators = new VerifierProviders();
- locators.setVerifierProvider(SignatureAlgorithm.HS256, hmacLocator);
- //Ignore Audience does not mean that the Signature is ignored
- JsonTokenParser parser = new JsonTokenParser(locators,
- new IgnoreAudience());
- JsonToken jt;
- try {
- jt = parser.verifyAndDeserialize(token);
- } catch (SignatureException e) {
- throw new RuntimeException(e);
- }
- JsonObject payload = jt.getPayloadAsJsonObject();
- TokenInfo t = new TokenInfo();
- String issuer = payload.getAsJsonPrimitive("iss").getAsString();
- String userIdString = payload.getAsJsonObject("info").getAsJsonPrimitive("userId").getAsString();
- if (issuer.equals(ISSUER) && !StringUtils.isBlank(userIdString))
- {
- t.setUserId(new ObjectId(userIdString));
- t.setIssued(new DateTime(payload.getAsJsonPrimitive("iat").getAsLong()));
- t.setExpires(new DateTime(payload.getAsJsonPrimitive("exp").getAsLong()));
- return t;
- }
- else
- {
- return null;
- }
- } catch (InvalidKeyException e1) {
- throw new RuntimeException(e1);
- }
- }
- }
- public class TokenInfo {
- private ObjectId userId;
- private DateTime issued;
- private DateTime expires;
- public ObjectId getUserId() {
- return userId;
- }
- public void setUserId(ObjectId userId) {
- this.userId = userId;
- }
- public DateTime getIssued() {
- return issued;
- }
- public void setIssued(DateTime issued) {
- this.issued = issued;
- }
- public DateTime getExpires() {
- return expires;
- }
- public void setExpires(DateTime expires) {
- this.expires = expires;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement