Package com.jalios.jcms.authentication.handlers

Class JWTAuthenticationHandler

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String AUTHENTICATION_FROM_JWT
      Name of request attribute indicating that this request was authenticated using JWT
      static java.lang.String JWT_CLAIM_DELEGATE_MEMBER_ID
      Name of claim to specify the delegate member id to be set if athenticated with specified JWT Token.
      static java.lang.String JWT_CLAIM_IP_MASK
      Name of claim containing the IP mask defining IPs authorized with the JWT token.
      static java.lang.String JWT_CLAIM_METHODS
      Name of claim containing the HTTP methods authorized with the JWT token.
      static java.lang.String JWT_CLAIM_REVOKABLE
      Name of claim requesting presence of an AccessToken record in the database, matching the token, in order to allow its use and revokation.
      static java.lang.String JWT_CLAIM_URL
      Name of claim containing the URL authorized to be access with the JWT token (can be an URL prefix prefix if claim JWT_CLAIM_URL_PREFIX_LENGTH was specified)
      static java.lang.String JWT_CLAIM_URL_PREFIX_LENGTH
      Name of claim containing the length of the URL authorized to be access with the JWT token (if unspecified, an exact URL match will be expected)
      static java.lang.String JWT_CLAIMS
      Name of request attribute used to store the JwtClaims that were validated for this request
      static int ORDER_CLIENT_CERTIFICATE_HANDLER  
      static java.lang.String POST_PARAMETER_NAME
      Name of the HTTP POST parameter used to read the JWT

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static JWTAuthenticationHandler getInstance()  
      static org.jose4j.jwt.JwtClaims getJwtClaims​(javax.servlet.http.HttpServletRequest request)
      Retrieve the JWT claims that were validated for this request (as long it was authenticated using JWT).
      static java.lang.String getJwtClaimsJson​(javax.servlet.http.HttpServletRequest request)
      Retrieve the JWT claims that were validated for this request (as long it was authenticated using JWT).
      static boolean isAuthenticatedWithJWT​(javax.servlet.http.HttpServletRequest request)
      Check if the specified request was authenticated using a JWT token
      boolean isEnabled()  
      void loadProperties()
      This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
      You can use it to reload properties that might have been changed.
      This method is called during initialization of the AuthenticationManager
      void login​(AuthenticationContext ctxt)
      Authenticate a member.

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • JWT_CLAIM_IP_MASK

        public static final java.lang.String JWT_CLAIM_IP_MASK
        Name of claim containing the IP mask defining IPs authorized with the JWT token.
        See Also:
        Constant Field Values

      • JWT_CLAIM_METHODS

        public static final java.lang.String JWT_CLAIM_METHODS
        Name of claim containing the HTTP methods authorized with the JWT token.
        See Also:
        Constant Field Values

      • JWT_CLAIM_URL

        public static final java.lang.String JWT_CLAIM_URL
        Name of claim containing the URL authorized to be access with the JWT token (can be an URL prefix prefix if claim JWT_CLAIM_URL_PREFIX_LENGTH was specified)
        See Also:
        Constant Field Values

      • JWT_CLAIM_URL_PREFIX_LENGTH

        public static final java.lang.String JWT_CLAIM_URL_PREFIX_LENGTH
        Name of claim containing the length of the URL authorized to be access with the JWT token (if unspecified, an exact URL match will be expected)
        See Also:
        Constant Field Values

      • JWT_CLAIM_REVOKABLE

        public static final java.lang.String JWT_CLAIM_REVOKABLE
        Name of claim requesting presence of an AccessToken record in the database, matching the token, in order to allow its use and revokation. Adding this claims allows invalidation of the JWT token from JPlatform, without revoking the certificate that was used to generate the token.
        Since:
        JCMS-4770
        See Also:
        Constant Field Values

      • JWT_CLAIM_DELEGATE_MEMBER_ID

        public static final java.lang.String JWT_CLAIM_DELEGATE_MEMBER_ID
        Name of claim to specify the delegate member id to be set if athenticated with specified JWT Token.

        Example to propagate the current delegate member : 

            JwtClaims claims = JwtManager.getInstance().generateDefaultClaims(someMember, [...]);
    claims.setClaim(JWTAuthenticationHandler.JWT_CLAIM_DELEGATE_MEMBER_ID, JcmsUtil.getId(Channel.getChannel().getCurrentDelegateMember()));
        Since:
        jcms-10.0.6 / JCMS-8856
        See Also:
        Constant Field Values

      • POST_PARAMETER_NAME

        public static final java.lang.String POST_PARAMETER_NAME
        Name of the HTTP POST parameter used to read the JWT
        Since:
        jcms-10.0.8 / JCMS-10597
        See Also:
        Constant Field Values

      • ORDER_CLIENT_CERTIFICATE_HANDLER

        public static final int ORDER_CLIENT_CERTIFICATE_HANDLER
        See Also:
        Constant Field Values

    • Method Detail

      • isEnabled

        public boolean isEnabled()

      • loadProperties

        public void loadProperties()
        Description copied from class: AuthenticationHandler
        This method will be called by the AuthenticationManager each time the Channel properties are loaded/reloaded.
        You can use it to reload properties that might have been changed.
        This method is called during initialization of the AuthenticationManager
        Overrides:
        loadProperties in class AuthenticationHandler

      • login

        public void login​(AuthenticationContext ctxt)
           throws java.io.IOException
        Description copied from class: AuthenticationHandler
        Authenticate a member.
        This method is invoked by the authentication chain on each request.
        A typical implementation of this method would follow the following pattern :
        1. Examine informations required to perform the authentication through the AuthenticationContext object (request, response, login.. etc)
        2. Perform your authentication before chain invokation and set the logged Member AuthenticationContext.setLoggedMember(com.jalios.jcms.Member)
        3. a) Either invoke the next entity in the chain using AuthenticationContext.doChain(),
        4. b) or else skip the chain invokation and block other authentication handler of the chain (do this with caution...)
        5. Perform redirection, set information/warning/error message or any other process, after chain invokation, using AuthenticationContext.

        Default implementation is to invoke the next handler in the chain.
        Overrides:
        login in class AuthenticationHandler
        Parameters:
        ctxt - the AuthenticationContext used for this login
        Throws:
        java.io.IOException

      • isAuthenticatedWithJWT

        public static boolean isAuthenticatedWithJWT​(javax.servlet.http.HttpServletRequest request)
        Check if the specified request was authenticated using a JWT token
        Parameters:
        request - the current HttpServletRequest, may be null
        Returns:
        true if request was authenticated with JWT, false otherwise
        Since:
        jcms-10.0.4 / JCMS-7781

      • getJwtClaimsJson

        public static java.lang.String getJwtClaimsJson​(javax.servlet.http.HttpServletRequest request)
        Retrieve the JWT claims that were validated for this request (as long it was authenticated using JWT).
        Parameters:
        request - the current HttpServletRequest, may be null
        Returns:
        the JWT claims as a raw JSON string (if request was authenticated with JWT), null otherwise
        Since:
        jcms-10.0.4 / JCMS-7443

      • getJwtClaims

        public static org.jose4j.jwt.JwtClaims getJwtClaims​(javax.servlet.http.HttpServletRequest request)
        Retrieve the JWT claims that were validated for this request (as long it was authenticated using JWT).
        Parameters:
        request - the current HttpServletRequest, may be null
        Returns:
        the JWT claims (if request was authenticated with JWT), null otherwise
        Since:
        jcms-10.0.4 / JCMS-7443