Added endpoints to demonstrate claim enforcement and JWT compression. Updated usage endpoint.
This commit is contained in:
parent
38e829ef35
commit
50509bf42b
|
@ -28,7 +28,6 @@ public class JWTCsrfTokenRepository implements CsrfTokenRepository {
|
|||
|
||||
@Override
|
||||
public CsrfToken generateToken(HttpServletRequest request) {
|
||||
|
||||
String id = UUID.randomUUID().toString().replace("-", "");
|
||||
|
||||
Date now = new Date();
|
||||
|
|
|
@ -3,7 +3,6 @@ package io.jsonwebtoken.jjwtfun.config;
|
|||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
@ -37,6 +36,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.csrfTokenRepository(jwtCsrfTokenRepository)
|
||||
.ignoringAntMatchers("/dynamic-builder-general")
|
||||
.ignoringAntMatchers("/dynamic-builder-specific")
|
||||
.ignoringAntMatchers("/dynamic-builder-compress")
|
||||
.and().authorizeRequests()
|
||||
.antMatchers("/**")
|
||||
.permitAll();
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jws;
|
||||
import io.jsonwebtoken.JwtBuilder;
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.impl.compression.CompressionCodecs;
|
||||
import io.jsonwebtoken.jjwtfun.model.JwtResponse;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
@ -16,6 +20,7 @@ import java.util.Date;
|
|||
import java.util.Map;
|
||||
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.POST;
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.GET;
|
||||
|
||||
@RestController
|
||||
public class DynamicJWTController extends BaseController {
|
||||
|
@ -34,6 +39,19 @@ public class DynamicJWTController extends BaseController {
|
|||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/dynamic-builder-compress", method = POST)
|
||||
public JwtResponse dynamicBuildercompress(@RequestBody Map<String, Object> claims) throws UnsupportedEncodingException {
|
||||
String jws = Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.compressWith(CompressionCodecs.DEFLATE)
|
||||
.signWith(
|
||||
SignatureAlgorithm.HS256,
|
||||
secret.getBytes("UTF-8")
|
||||
)
|
||||
.compact();
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/dynamic-builder-specific", method = POST)
|
||||
public JwtResponse dynamicBuilderSpecific(@RequestBody Map<String, Object> claims) throws UnsupportedEncodingException {
|
||||
JwtBuilder builder = Jwts.builder();
|
||||
|
|
|
@ -14,9 +14,11 @@ public class HomeController {
|
|||
return "Available commands (assumes httpie - https://github.com/jkbrzt/httpie):\n" +
|
||||
" http " + requestUrl + "/\n\tThis usage message\n" +
|
||||
" http " + requestUrl + "/static-builder\n\tbuild JWT from hardcoded claims\n" +
|
||||
" http " + requestUrl + "/dynamic-builder-general claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using general claims map)\n" +
|
||||
" http " + requestUrl + "/dynamic-builder-specific claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using specific claims methods)\n" +
|
||||
" http " + requestUrl + "/parser?jwt=<jwt>\n\tParse passed in JWT\n";
|
||||
" http POST " + requestUrl + "/dynamic-builder-general claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using general claims map)\n" +
|
||||
" http POST " + requestUrl + "/dynamic-builder-specific claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using specific claims methods)\n" +
|
||||
" http POST " + requestUrl + "/dynamic-builder-compress claim-1=value-1 ... [claim-n=value-n]\n\tbuild DEFLATE compressed JWT from passed in claims\n" +
|
||||
" http " + requestUrl + "/parser?jwt=<jwt>\n\tParse passed in JWT\n" +
|
||||
" http " + requestUrl + "/parser-enforce?jwt=<jwt>\n\tParse passed in JWT enforcing the 'iss' registered claim and the 'hasMotorcycle' custom claim\n";
|
||||
}
|
||||
|
||||
private String getUrl(HttpServletRequest req) {
|
||||
|
|
|
@ -49,4 +49,15 @@ public class StaticJWTController extends BaseController {
|
|||
|
||||
return new JwtResponse(claims);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/parser-enforce", method = GET)
|
||||
public JwtResponse parserEnforce(@RequestParam String jwt) throws UnsupportedEncodingException {
|
||||
Jws<Claims> claims = Jwts.parser()
|
||||
.requireIssuer("Stormpath")
|
||||
.require("hasMotorcycle", true)
|
||||
.setSigningKey(secret.getBytes("UTF-8"))
|
||||
.parseClaimsJws(jwt);
|
||||
|
||||
return new JwtResponse(claims);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue