add verify signature

This commit is contained in:
DOHA 2018-02-18 14:18:20 +02:00
parent 798920d3a2
commit 76dbe454f5
1 changed files with 13 additions and 1 deletions

View File

@ -1,12 +1,14 @@
package org.baeldung.security;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@ -14,6 +16,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
@ -42,7 +45,7 @@ public class OpenIdConnectFilter extends AbstractAuthenticationProcessingFilter
}
try {
final String idToken = accessToken.getAdditionalInformation().get("id_token").toString();
final Jwt tokenDecoded = JwtHelper.decode(idToken);
final Jwt tokenDecoded = JwtHelper.decodeAndVerify(idToken, verifier());
System.out.println("===== : " + tokenDecoded.getClaims());
final Map<String, String> authInfo = new ObjectMapper().readValue(tokenDecoded.getClaims(), Map.class);
@ -60,6 +63,15 @@ public class OpenIdConnectFilter extends AbstractAuthenticationProcessingFilter
}
// details can be found at https://www.googleapis.com/oauth2/v2/certs
private RsaVerifier verifier() {
byte[] nbytes = Base64.decodeBase64("vmyoDT6ND_YJa1ItdvULuTJr2pw4MvN3Z5kmSiJBm9glVoakcDEBGF4b5crKiPW7WDh2PZ0_yXY9ikDaTux7hxtgUtmm96KjmdBn_FYwv3SlsBRnzZw1oAG-2OdjlFWvlx4rXOhAzZ04ngPb3ELywwtKoO90hCy2DrNOMMSCuSu8zrFLw5oREawPcUFEQReipy_KRFf02VxFbK4Tj2FHVdBPPLW3W1KJD4S-NNwPnoeDrI6zWMv7WWAeSLAT0hX36r5FM9dM2uXTxPRCZzs-nqrUiHxn4duFIGgzuxCVbyigDrnfsmHx-B5tG1m7ts74xwf2P_PJwNNJ8qRihMsS2Q==");
byte[] ebytes = Base64.decodeBase64("AQAB");
BigInteger n = new BigInteger(1, nbytes);
BigInteger e = new BigInteger(1, ebytes);
return new RsaVerifier(n, e);
}
private static class NoopAuthenticationManager implements AuthenticationManager {
@Override