Merge pull request #469 from dogeared/master
Add JJWT tutorial code to the tutorials repo
This commit is contained in:
commit
6b99ced529
|
@ -0,0 +1,3 @@
|
|||
.idea
|
||||
target
|
||||
*.iml
|
|
@ -0,0 +1,45 @@
|
|||
## JWT Fun
|
||||
|
||||
This tutorial walks you through the various features supported by the [JJWT](https://github.com/jwtk/jjwt) library - a fluent interface Java JWT building and parsing library.
|
||||
|
||||
### Build and Run
|
||||
|
||||
It's super easy to build and exercise this tutorial.
|
||||
|
||||
```
|
||||
mvn clean install
|
||||
java -jar target/*.jar
|
||||
```
|
||||
|
||||
That's it!
|
||||
|
||||
You can hit the home endpoint with your favorite command-line http client. My favorite is: [httpie](https://github.com/jkbrzt/httpie)
|
||||
|
||||
`http localhost:8080`
|
||||
|
||||
```
|
||||
Available commands (assumes httpie - https://github.com/jkbrzt/httpie):
|
||||
|
||||
http http://localhost:8080/
|
||||
This usage message
|
||||
|
||||
http http://localhost:8080/static-builder
|
||||
build JWT from hardcoded claims
|
||||
|
||||
http POST http://localhost:8080/dynamic-builder-general claim-1=value-1 ... [claim-n=value-n]
|
||||
build JWT from passed in claims (using general claims map)
|
||||
|
||||
http POST http://localhost:8080/dynamic-builder-specific claim-1=value-1 ... [claim-n=value-n]
|
||||
build JWT from passed in claims (using specific claims methods)
|
||||
|
||||
http POST http://localhost:8080/dynamic-builder-compress claim-1=value-1 ... [claim-n=value-n]
|
||||
build DEFLATE compressed JWT from passed in claims
|
||||
|
||||
http http://localhost:8080/parser?jwt=<jwt>
|
||||
Parse passed in JWT
|
||||
|
||||
http http://localhost:8080/parser-enforce?jwt=<jwt>
|
||||
Parse passed in JWT enforcing the 'iss' registered claim and the 'hasMotorcycle' custom claim
|
||||
```
|
||||
|
||||
The Baeldung post that compliments this repo can be found [here](http://www.baeldung.com/)
|
|
@ -0,0 +1,65 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwtfun</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<name>jjwtfun</name>
|
||||
<description>Exercising the JJWT</description>
|
||||
|
||||
<parent>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-parent</artifactId>
|
||||
<version>1.3.5.RELEASE</version>
|
||||
<relativePath/> <!-- lookup parent from repository -->
|
||||
</parent>
|
||||
|
||||
<properties>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<java.version>1.8</java.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-devtools</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt</artifactId>
|
||||
<version>0.6.0</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
|
||||
</project>
|
|
@ -0,0 +1,12 @@
|
|||
package io.jsonwebtoken.jjwtfun;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
@SpringBootApplication
|
||||
public class JJWTFunApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(JJWTFunApplication.class, args);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
package io.jsonwebtoken.jjwtfun.config;
|
||||
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
|
||||
@Configuration
|
||||
public class CSRFConfig {
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public CsrfTokenRepository jwtCsrfTokenRepository() {
|
||||
return new JWTCsrfTokenRepository(secretService.getHS256SecretBytes());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,68 @@
|
|||
package io.jsonwebtoken.jjwtfun.config;
|
||||
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.DefaultCsrfToken;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
|
||||
public class JWTCsrfTokenRepository implements CsrfTokenRepository {
|
||||
|
||||
private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = CSRFConfig.class.getName().concat(".CSRF_TOKEN");
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(JWTCsrfTokenRepository.class);
|
||||
private byte[] secret;
|
||||
|
||||
public JWTCsrfTokenRepository(byte[] secret) {
|
||||
this.secret = secret;
|
||||
}
|
||||
|
||||
@Override
|
||||
public CsrfToken generateToken(HttpServletRequest request) {
|
||||
String id = UUID.randomUUID().toString().replace("-", "");
|
||||
|
||||
Date now = new Date();
|
||||
Date exp = new Date(System.currentTimeMillis() + (1000*30)); // 30 seconds
|
||||
|
||||
String token = Jwts.builder()
|
||||
.setId(id)
|
||||
.setIssuedAt(now)
|
||||
.setNotBefore(now)
|
||||
.setExpiration(exp)
|
||||
.signWith(SignatureAlgorithm.HS256, secret)
|
||||
.compact();
|
||||
|
||||
return new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", token);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
|
||||
if (token == null) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null) {
|
||||
session.removeAttribute(DEFAULT_CSRF_TOKEN_ATTR_NAME);
|
||||
}
|
||||
}
|
||||
else {
|
||||
HttpSession session = request.getSession();
|
||||
session.setAttribute(DEFAULT_CSRF_TOKEN_ATTR_NAME, token);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public CsrfToken loadToken(HttpServletRequest request) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session == null || "GET".equals(request.getMethod())) {
|
||||
return null;
|
||||
}
|
||||
return (CsrfToken) session.getAttribute(DEFAULT_CSRF_TOKEN_ATTR_NAME);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,85 @@
|
|||
package io.jsonwebtoken.jjwtfun.config;
|
||||
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.RequestDispatcher;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
||||
@Configuration
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
CsrfTokenRepository jwtCsrfTokenRepository;
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
|
||||
// ordered so we can use binary search below
|
||||
private String[] ignoreCsrfAntMatchers = {
|
||||
"/dynamic-builder-compress",
|
||||
"/dynamic-builder-general",
|
||||
"/dynamic-builder-specific",
|
||||
"/set-secrets"
|
||||
};
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class)
|
||||
.csrf()
|
||||
.csrfTokenRepository(jwtCsrfTokenRepository)
|
||||
.ignoringAntMatchers(ignoreCsrfAntMatchers)
|
||||
.and().authorizeRequests()
|
||||
.antMatchers("/**")
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
private class JwtCsrfValidatorFilter extends OncePerRequestFilter {
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
||||
// NOTE: A real implementation should have a nonce cache so the token cannot be reused
|
||||
|
||||
CsrfToken token = (CsrfToken) request.getAttribute("_csrf");
|
||||
|
||||
if (
|
||||
// only care if it's a POST
|
||||
"POST".equals(request.getMethod()) &&
|
||||
// ignore if the request path is in our list
|
||||
Arrays.binarySearch(ignoreCsrfAntMatchers, request.getServletPath()) < 0 &&
|
||||
// make sure we have a token
|
||||
token != null
|
||||
) {
|
||||
// CsrfFilter already made sure the token matched. Here, we'll make sure it's not expired
|
||||
try {
|
||||
Jwts.parser()
|
||||
.setSigningKeyResolver(secretService.getSigningKeyResolver())
|
||||
.parseClaimsJws(token.getToken());
|
||||
} catch (JwtException e) {
|
||||
// most likely an ExpiredJwtException, but this will handle any
|
||||
request.setAttribute("exception", e);
|
||||
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
|
||||
RequestDispatcher dispatcher = request.getRequestDispatcher("expired-jwt");
|
||||
dispatcher.forward(request, response);
|
||||
}
|
||||
}
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.MalformedJwtException;
|
||||
import io.jsonwebtoken.SignatureException;
|
||||
import io.jsonwebtoken.jjwtfun.model.JwtResponse;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
public class BaseController {
|
||||
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
@ExceptionHandler({SignatureException.class, MalformedJwtException.class, JwtException.class})
|
||||
public JwtResponse exception(Exception e) {
|
||||
JwtResponse response = new JwtResponse();
|
||||
response.setStatus(JwtResponse.Status.ERROR);
|
||||
response.setMessage(e.getMessage());
|
||||
response.setExceptionType(e.getClass().getName());
|
||||
|
||||
return response;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,108 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import io.jsonwebtoken.JwtBuilder;
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.impl.compression.CompressionCodecs;
|
||||
import io.jsonwebtoken.jjwtfun.model.JwtResponse;
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.POST;
|
||||
|
||||
@RestController
|
||||
public class DynamicJWTController extends BaseController {
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
|
||||
@RequestMapping(value = "/dynamic-builder-general", method = POST)
|
||||
public JwtResponse dynamicBuilderGeneric(@RequestBody Map<String, Object> claims) throws UnsupportedEncodingException {
|
||||
String jws = Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.signWith(
|
||||
SignatureAlgorithm.HS256,
|
||||
secretService.getHS256SecretBytes()
|
||||
)
|
||||
.compact();
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/dynamic-builder-compress", method = POST)
|
||||
public JwtResponse dynamicBuildercompress(@RequestBody Map<String, Object> claims) throws UnsupportedEncodingException {
|
||||
String jws = Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.compressWith(CompressionCodecs.DEFLATE)
|
||||
.signWith(
|
||||
SignatureAlgorithm.HS256,
|
||||
secretService.getHS256SecretBytes()
|
||||
)
|
||||
.compact();
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/dynamic-builder-specific", method = POST)
|
||||
public JwtResponse dynamicBuilderSpecific(@RequestBody Map<String, Object> claims) throws UnsupportedEncodingException {
|
||||
JwtBuilder builder = Jwts.builder();
|
||||
|
||||
claims.forEach((key, value) -> {
|
||||
switch (key) {
|
||||
case "iss":
|
||||
ensureType(key, value, String.class);
|
||||
builder.setIssuer((String) value);
|
||||
break;
|
||||
case "sub":
|
||||
ensureType(key, value, String.class);
|
||||
builder.setSubject((String) value);
|
||||
break;
|
||||
case "aud":
|
||||
ensureType(key, value, String.class);
|
||||
builder.setAudience((String) value);
|
||||
break;
|
||||
case "exp":
|
||||
ensureType(key, value, Long.class);
|
||||
builder.setExpiration(Date.from(Instant.ofEpochSecond(Long.parseLong(value.toString()))));
|
||||
break;
|
||||
case "nbf":
|
||||
ensureType(key, value, Long.class);
|
||||
builder.setNotBefore(Date.from(Instant.ofEpochSecond(Long.parseLong(value.toString()))));
|
||||
break;
|
||||
case "iat":
|
||||
ensureType(key, value, Long.class);
|
||||
builder.setIssuedAt(Date.from(Instant.ofEpochSecond(Long.parseLong(value.toString()))));
|
||||
break;
|
||||
case "jti":
|
||||
ensureType(key, value, String.class);
|
||||
builder.setId((String) value);
|
||||
break;
|
||||
default:
|
||||
builder.claim(key, value);
|
||||
}
|
||||
});
|
||||
|
||||
builder.signWith(SignatureAlgorithm.HS256, secretService.getHS256SecretBytes());
|
||||
|
||||
return new JwtResponse(builder.compact());
|
||||
}
|
||||
|
||||
private void ensureType(String registeredClaim, Object value, Class expectedType) {
|
||||
boolean isCorrectType =
|
||||
expectedType.isInstance(value) ||
|
||||
expectedType == Long.class && value instanceof Integer;
|
||||
|
||||
if (!isCorrectType) {
|
||||
String msg = "Expected type: " + expectedType.getCanonicalName() + " for registered claim: '" +
|
||||
registeredClaim + "', but got value: " + value + " of type: " + value.getClass().getCanonicalName();
|
||||
throw new JwtException(msg);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.GET;
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.POST;
|
||||
|
||||
@Controller
|
||||
public class FormController {
|
||||
|
||||
@RequestMapping(value = "/jwt-csrf-form", method = GET)
|
||||
public String csrfFormGet() {
|
||||
return "jwt-csrf-form";
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/jwt-csrf-form", method = POST)
|
||||
public String csrfFormPost(@RequestParam(name = "_csrf") String csrf, Model model) {
|
||||
model.addAttribute("csrf", csrf);
|
||||
return "jwt-csrf-form-result";
|
||||
}
|
||||
|
||||
@RequestMapping("/expired-jwt")
|
||||
public String expiredJwt() {
|
||||
return "expired-jwt";
|
||||
}
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@RestController
|
||||
public class HomeController {
|
||||
|
||||
@RequestMapping("/")
|
||||
public String home(HttpServletRequest req) {
|
||||
String requestUrl = getUrl(req);
|
||||
return "Available commands (assumes httpie - https://github.com/jkbrzt/httpie):\n\n" +
|
||||
" http " + requestUrl + "/\n\tThis usage message\n\n" +
|
||||
" http " + requestUrl + "/static-builder\n\tbuild JWT from hardcoded claims\n\n" +
|
||||
" http POST " + requestUrl + "/dynamic-builder-general claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using general claims map)\n\n" +
|
||||
" http POST " + requestUrl + "/dynamic-builder-specific claim-1=value-1 ... [claim-n=value-n]\n\tbuild JWT from passed in claims (using specific claims methods)\n\n" +
|
||||
" http POST " + requestUrl + "/dynamic-builder-compress claim-1=value-1 ... [claim-n=value-n]\n\tbuild DEFLATE compressed JWT from passed in claims\n\n" +
|
||||
" http " + requestUrl + "/parser?jwt=<jwt>\n\tParse passed in JWT\n\n" +
|
||||
" http " + requestUrl + "/parser-enforce?jwt=<jwt>\n\tParse passed in JWT enforcing the 'iss' registered claim and the 'hasMotorcycle' custom claim\n\n" +
|
||||
" http " + requestUrl + "/get-secrets\n\tShow the signing keys currently in use.\n\n" +
|
||||
" http " + requestUrl + "/refresh-secrets\n\tGenerate new signing keys and show them.\n\n" +
|
||||
" http POST " + requestUrl + "/set-secrets HS256=base64-encoded-value HS384=base64-encoded-value HS512=base64-encoded-value\n\tExplicitly set secrets to use in the application.";
|
||||
}
|
||||
|
||||
private String getUrl(HttpServletRequest req) {
|
||||
return req.getScheme() + "://" +
|
||||
req.getServerName() +
|
||||
((req.getServerPort() == 80 || req.getServerPort() == 443) ? "" : ":" + req.getServerPort());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.GET;
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.POST;
|
||||
|
||||
@RestController
|
||||
public class SecretsController extends BaseController {
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
|
||||
@RequestMapping(value = "/get-secrets", method = GET)
|
||||
public Map<String, String> getSecrets() {
|
||||
return secretService.getSecrets();
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/refresh-secrets", method = GET)
|
||||
public Map<String, String> refreshSecrets() {
|
||||
return secretService.refreshSecrets();
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/set-secrets", method = POST)
|
||||
public Map<String, String> setSecrets(@RequestBody Map<String, String> secrets) {
|
||||
secretService.setSecrets(secrets);
|
||||
return secretService.getSecrets();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
package io.jsonwebtoken.jjwtfun.controller;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jws;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.jjwtfun.model.JwtResponse;
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
|
||||
import static org.springframework.web.bind.annotation.RequestMethod.GET;
|
||||
|
||||
@RestController
|
||||
public class StaticJWTController extends BaseController {
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
|
||||
@RequestMapping(value = "/static-builder", method = GET)
|
||||
public JwtResponse fixedBuilder() throws UnsupportedEncodingException {
|
||||
String jws = Jwts.builder()
|
||||
.setIssuer("Stormpath")
|
||||
.setSubject("msilverman")
|
||||
.claim("name", "Micah Silverman")
|
||||
.claim("scope", "admins")
|
||||
.setIssuedAt(Date.from(Instant.ofEpochSecond(1466796822L))) // Fri Jun 24 2016 15:33:42 GMT-0400 (EDT)
|
||||
.setExpiration(Date.from(Instant.ofEpochSecond(4622470422L))) // Sat Jun 24 2116 15:33:42 GMT-0400 (EDT)
|
||||
.signWith(
|
||||
SignatureAlgorithm.HS256,
|
||||
secretService.getHS256SecretBytes()
|
||||
)
|
||||
.compact();
|
||||
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/parser", method = GET)
|
||||
public JwtResponse parser(@RequestParam String jwt) throws UnsupportedEncodingException {
|
||||
|
||||
Jws<Claims> jws = Jwts.parser()
|
||||
.setSigningKeyResolver(secretService.getSigningKeyResolver())
|
||||
.parseClaimsJws(jwt);
|
||||
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/parser-enforce", method = GET)
|
||||
public JwtResponse parserEnforce(@RequestParam String jwt) throws UnsupportedEncodingException {
|
||||
Jws<Claims> jws = Jwts.parser()
|
||||
.requireIssuer("Stormpath")
|
||||
.require("hasMotorcycle", true)
|
||||
.setSigningKeyResolver(secretService.getSigningKeyResolver())
|
||||
.parseClaimsJws(jwt);
|
||||
|
||||
return new JwtResponse(jws);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
package io.jsonwebtoken.jjwtfun.model;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jws;
|
||||
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
public class JwtResponse {
|
||||
private String message;
|
||||
private Status status;
|
||||
private String exceptionType;
|
||||
private String jwt;
|
||||
private Jws<Claims> jws;
|
||||
|
||||
public enum Status {
|
||||
SUCCESS, ERROR
|
||||
}
|
||||
|
||||
public JwtResponse() {}
|
||||
|
||||
public JwtResponse(String jwt) {
|
||||
this.jwt = jwt;
|
||||
this.status = Status.SUCCESS;
|
||||
}
|
||||
|
||||
public JwtResponse(Jws<Claims> jws) {
|
||||
this.jws = jws;
|
||||
this.status = Status.SUCCESS;
|
||||
}
|
||||
|
||||
public String getMessage() {
|
||||
return message;
|
||||
}
|
||||
|
||||
public void setMessage(String message) {
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
public Status getStatus() {
|
||||
return status;
|
||||
}
|
||||
|
||||
public void setStatus(Status status) {
|
||||
this.status = status;
|
||||
}
|
||||
|
||||
public String getExceptionType() {
|
||||
return exceptionType;
|
||||
}
|
||||
|
||||
public void setExceptionType(String exceptionType) {
|
||||
this.exceptionType = exceptionType;
|
||||
}
|
||||
|
||||
public String getJwt() {
|
||||
return jwt;
|
||||
}
|
||||
|
||||
public void setJwt(String jwt) {
|
||||
this.jwt = jwt;
|
||||
}
|
||||
|
||||
public Jws<Claims> getJws() {
|
||||
return jws;
|
||||
}
|
||||
|
||||
public void setJws(Jws<Claims> jws) {
|
||||
this.jws = jws;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,74 @@
|
|||
package io.jsonwebtoken.jjwtfun.service;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.JwsHeader;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.SigningKeyResolver;
|
||||
import io.jsonwebtoken.SigningKeyResolverAdapter;
|
||||
import io.jsonwebtoken.impl.TextCodec;
|
||||
import io.jsonwebtoken.impl.crypto.MacProvider;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.crypto.SecretKey;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@Service
|
||||
public class SecretService {
|
||||
|
||||
private Map<String, String> secrets = new HashMap<>();
|
||||
|
||||
private SigningKeyResolver signingKeyResolver = new SigningKeyResolverAdapter() {
|
||||
@Override
|
||||
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
|
||||
return TextCodec.BASE64.decode(secrets.get(header.getAlgorithm()));
|
||||
}
|
||||
};
|
||||
|
||||
@PostConstruct
|
||||
public void setup() {
|
||||
refreshSecrets();
|
||||
}
|
||||
|
||||
public SigningKeyResolver getSigningKeyResolver() {
|
||||
return signingKeyResolver;
|
||||
}
|
||||
|
||||
public Map<String, String> getSecrets() {
|
||||
return secrets;
|
||||
}
|
||||
|
||||
public void setSecrets(Map<String, String> secrets) {
|
||||
Assert.notNull(secrets);
|
||||
Assert.hasText(secrets.get(SignatureAlgorithm.HS256.getValue()));
|
||||
Assert.hasText(secrets.get(SignatureAlgorithm.HS384.getValue()));
|
||||
Assert.hasText(secrets.get(SignatureAlgorithm.HS512.getValue()));
|
||||
|
||||
this.secrets = secrets;
|
||||
}
|
||||
|
||||
public byte[] getHS256SecretBytes() {
|
||||
return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS256.getValue()));
|
||||
}
|
||||
|
||||
public byte[] getHS384SecretBytes() {
|
||||
return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS384.getValue()));
|
||||
}
|
||||
|
||||
public byte[] getHS512SecretBytes() {
|
||||
return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS384.getValue()));
|
||||
}
|
||||
|
||||
|
||||
public Map<String, String> refreshSecrets() {
|
||||
SecretKey key = MacProvider.generateKey(SignatureAlgorithm.HS256);
|
||||
secrets.put(SignatureAlgorithm.HS256.getValue(), TextCodec.BASE64.encode(key.getEncoded()));
|
||||
key = MacProvider.generateKey(SignatureAlgorithm.HS384);
|
||||
secrets.put(SignatureAlgorithm.HS384.getValue(), TextCodec.BASE64.encode(key.getEncoded()));
|
||||
key = MacProvider.generateKey(SignatureAlgorithm.HS512);
|
||||
secrets.put(SignatureAlgorithm.HS512.getValue(), TextCodec.BASE64.encode(key.getEncoded()));
|
||||
return secrets;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
<head>
|
||||
<!--/*/ <th:block th:include="fragments/head :: head"/> /*/-->
|
||||
</head>
|
||||
<body>
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
<div class="box col-md-6 col-md-offset-3">
|
||||
<h1>JWT CSRF Token expired</h1>
|
||||
<h3 th:text="${exception.message}"></h3>
|
||||
|
||||
<a href="/jwt-csrf-form" class="btn btn-primary">Back</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE html>
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
<head th:fragment="head">
|
||||
<meta charset="utf-8"/>
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
||||
<meta name="viewport" content="width=device-width"/>
|
||||
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300italic,300,400italic,400,600italic,600,700italic,700,800italic,800" rel="stylesheet" type="text/css"/>
|
||||
<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
|
||||
|
||||
<style>
|
||||
body {
|
||||
margin-top: 60px;
|
||||
}
|
||||
.box {
|
||||
padding: 50px;
|
||||
text-align: center;
|
||||
vertical-align: middle;
|
||||
}
|
||||
</style>
|
||||
|
||||
<!--[if lt IE 9]>
|
||||
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.2/html5shiv.js"></script>
|
||||
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
|
||||
<![endif]-->
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
|
||||
<script src="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<p>Nothing to see here, move along.</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" xmlns:th="http://www.thymeleaf.org">
|
||||
<head>
|
||||
<!--/*/ <th:block th:include="fragments/head :: head"/> /*/-->
|
||||
</head>
|
||||
<body>
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
<div class="box col-md-6 col-md-offset-3">
|
||||
<h1>You made it!</h1>
|
||||
<div style="overflow: scroll">
|
||||
<h4 th:text="${csrf}">BLARG</h4>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" xmlns:th="http://www.thymeleaf.org">
|
||||
<head>
|
||||
<!--/*/ <th:block th:include="fragments/head :: head"/> /*/-->
|
||||
</head>
|
||||
<body>
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
<div class="box col-md-6 col-md-offset-3">
|
||||
<p/>
|
||||
<form method="post" th:action="@{/jwt-csrf-form}">
|
||||
<input type="submit" class="btn btn-primary" value="Click Me!"/>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,18 @@
|
|||
package io.jsonwebtoken.jjwtfun;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.boot.test.SpringApplicationConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@SpringApplicationConfiguration(classes = JJWTFunApplication.class)
|
||||
@WebAppConfiguration
|
||||
public class DemoApplicationTests {
|
||||
|
||||
@Test
|
||||
public void contextLoads() {
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue