API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 28th, 2018
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.27 KB | None | 0 0
raw download clone embed print report
  1. package pl.gda.pg.eti.kask.javaee.enterprise.auth;
  2.  
  3. import io.jsonwebtoken.*;
  4. import pl.gda.pg.eti.kask.javaee.jsf.business.CryptUtils;
  5. import pl.gda.pg.eti.kask.javaee.jsf.business.boundary.UserService;
  6. import pl.gda.pg.eti.kask.javaee.jsf.business.entities.User;
  7.  
  8. import javax.enterprise.context.ApplicationScoped;
  9. import javax.enterprise.context.spi.CreationalContext;
  10. import javax.enterprise.inject.spi.Bean;
  11. import javax.enterprise.inject.spi.BeanManager;
  12. import javax.inject.Named;
  13. import javax.naming.InitialContext;
  14. import javax.naming.NamingException;
  15. import javax.security.auth.Subject;
  16. import javax.security.auth.callback.*;
  17. import javax.security.auth.login.CredentialExpiredException;
  18. import javax.security.auth.login.FailedLoginException;
  19. import javax.security.auth.login.LoginException;
  20. import javax.security.auth.spi.LoginModule;
  21. import java.io.IOException;
  22. import java.security.Principal;
  23. import java.security.acl.Group;
  24. import java.util.List;
  25. import java.util.Map;
  26. import java.util.Set;
  27.  
  28. @ApplicationScoped
  29. @Named
  30. public class JwtLoginModule implements LoginModule {
  31.  
  32. public static final String SIGNING_KEY = "czNjcjN0";
  33.  
  34. private Subject subject;
  35. private CallbackHandler callbackHandler;
  36.  
  37. private Principal identity;
  38. private Group roles;
  39.  
  40. private UserService userService;
  41.  
  42. @Override
  43. public void initialize(final Subject subject, final CallbackHandler callbackHandler,
  44. final Map<String, ?> sharedState, final Map<String, ?> options) {
  45. this.subject = subject;
  46. this.callbackHandler = callbackHandler;
  47.  
  48. this.userService = getUserService();
  49. }
  50.  
  51. @Override
  52. public boolean login() throws LoginException {
  53. try {
  54.  
  55. NameCallback nameCallback = new NameCallback("name:");
  56. PasswordCallback passwordCallback = new PasswordCallback(" password: ", false);
  57. callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
  58. String password = String.valueOf(passwordCallback.getPassword());
  59.  
  60. if(password.isEmpty()){
  61. return processToken(nameCallback.getName());
  62. }
  63.  
  64. User usr = userService.findUserByCredentials(nameCallback.getName(), CryptUtils.sha256(password));
  65. if(usr == null)
  66. return false;
  67.  
  68. identity = () -> usr.getLogin();
  69. roles = new RolesGroup(usr.getRoles());
  70.  
  71. return true;
  72.  
  73. } catch ( UnsupportedCallbackException |IOException|SignatureException | MalformedJwtException | UnsupportedJwtException | IllegalArgumentException e) {
  74. throw new FailedLoginException("Invalid token");
  75. } catch (ExpiredJwtException e) {
  76. throw new CredentialExpiredException("Token expired");
  77. }
  78. }
  79.  
  80. private UserService getUserService() {
  81. try {
  82. BeanManager beanManager = InitialContext.doLookup( "java:comp/BeanManager" );
  83. Set<Bean<?>> beans = beanManager.getBeans( UserService.class );
  84. if ( beans.isEmpty() ) {
  85. throw new RuntimeException( "Failed looking up CDI Bean " + UserService.class.getName()
  86. + ": Found " + beans.size() + " " );
  87. }
  88. Bean<?> bean = beans.iterator().next();
  89. CreationalContext<?> context = beanManager.createCreationalContext( bean );
  90. return (UserService) beanManager.getReference( bean, UserService.class, context );
  91. } catch ( NamingException e ) {
  92. throw new RuntimeException( e );
  93. }
  94. }
  95.  
  96.  
  97. private boolean processToken(String jwt){
  98. Jws<Claims> claims = Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(jwt);
  99.  
  100. identity = getIdentity(claims);
  101. roles = getRoles(claims);
  102.  
  103. return true;
  104. }
  105.  
  106. @Override
  107. public boolean commit() throws LoginException {
  108. Set<Principal> principals = subject.getPrincipals();
  109. principals.add(identity);
  110. principals.add(roles);
  111. return true;
  112. }
  113.  
  114. @Override
  115. public boolean abort() throws LoginException {
  116. identity = roles = null;
  117. return true;
  118. }
  119.  
  120. @Override
  121. public boolean logout() throws LoginException {
  122. identity = roles = null;
  123. return true;
  124. }
  125.  
  126. private Principal getIdentity(Jws<Claims> claims) {
  127. String username = claims.getBody().getSubject();
  128. return () -> username;
  129. }
  130.  
  131. private Group getRoles(Jws<Claims> claims) {
  132. List<String> roleNames = claims.getBody().get("roles", List.class);
  133. RolesGroup roles = new RolesGroup(roleNames);
  134. return roles;
  135. }
  136.  
  137. private String getJwt() throws LoginException {
  138. NameCallback nameCallback = new NameCallback("name:");
  139. PasswordCallback passwordCallback = new PasswordCallback(" password: ", false);
  140.  
  141.  
  142. try {
  143. callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
  144. String name = nameCallback.getName();
  145.  
  146. if (name == null) {
  147. throw new LoginException();
  148. }
  149.  
  150. return name;
  151.  
  152. } catch (IOException | UnsupportedCallbackException e) {
  153. throw new LoginException();
  154. }
  155. }
  156. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!