Package media.pepperpot.tca.authenticator

Class JwtAuthenticator

java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
media.pepperpot.tca.authenticator.JwtAuthenticator
All Implemented Interfaces:
MBeanRegistration, javax.security.auth.message.config.RegistrationListener, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.Valve
public class JwtAuthenticator extends org.apache.catalina.authenticator.AuthenticatorBase
If a JWT Bearer token is included with the request, validate the token and return the token subject as the principal.
Author:
minfrin

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    org.apache.catalina.authenticator.AuthenticatorBase.AllowCorsPreflight

    Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

    org.apache.catalina.Lifecycle.SingleUse

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    ALLOW_PLAIN
    Constant ALLOW_PLAIN="media.pepperpot.jwt.allowPlain"
    static final String
    BEARER
    Constant BEARER="BEARER"
    static final String
    DEFAULT_ALLOW_PLAIN
    Constant DEFAULT_ALLOW_PLAIN="Boolean.FALSE.toString()"
    static final String
    JWE_ALGORITHM
    Constant JWE_ALGORITHM="media.pepperpot.jwt.JWEAlgorithm"
    static final String
    JWE_ENCRYPTION_METHOD
    Constant JWE_ENCRYPTION_METHOD="media.pepperpot.jwt.JWEEncryptionMethod"
    static final String
    JWE_JWK_SET_FILE
    Constant JWE_JWK_SET_FILE="media.pepperpot.jwe.JwkSetFile"
    static final String
    JWE_REMOTE_JWK_SET_URL
    Constant JWE_REMOTE_JWK_SET_URL="media.pepperpot.jwe.RemoteJwkSetUrl"
    static final String
    JWE_SECRET_FILE
    Constant JWE_SECRET_FILE="media.pepperpot.jwe.SecretFile"
    static final String
    JWS_ALGORITHM
    Constant JWS_ALGORITHM="media.pepperpot.jwt.JWSAlgorithm"
    static final String
    JWS_JWK_SET_FILE
    Constant JWS_JWK_SET_FILE="media.pepperpot.jws.JwkSetFile"
    static final String
    JWS_REMOTE_JWK_SET_URL
    Constant JWS_REMOTE_JWK_SET_URL="media.pepperpot.jws.RemoteJwkSetUrl"
    static final String
    JWS_SECRET_FILE
    Constant JWS_SECRET_FILE="media.pepperpot.jws.SecretFile"
    static final String
    JWT_ACCEPTED_AUDIENCE
    Constant JWT_ACCEPTED_AUDIENCE="media.pepperpot.jwt.AcceptedAudience"
    static final String
    JWT_MAX_CLOCK_SKEW
    Constant JWT_MAX_CLOCK_SKEW="media.pepperpot.jwt.MaxClockSkew"
    static final String
    JWT_MAX_CLOCK_SKEW_DEFAULT
    Constant JWT_MAX_CLOCK_SKEW_DEFAULT="60"
    static final String
    JWT_PROHIBITED_CLAIMS
    Constant JWT_PROHIBITED_CLAIMS="media.pepperpot.jwt.ProhibitedClaims"
    static final String
    JWT_REQUIRED_CLAIMS
    Constant JWT_REQUIRED_CLAIMS="media.pepperpot.jwt.RequiredClaims"
    protected Properties
    properties
    Properties passed to the authenticator.

    Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

    Fields inherited from class org.apache.catalina.valves.ValveBase

    asyncSupported, container, containerLog, next

    Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

    mserver

    Fields inherited from interface org.apache.catalina.Lifecycle

    AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

  • Constructor Summary

    Constructors
    Constructor
    Description
    JwtAuthenticator()
    Constructor for JwtAuthenticator.
    JwtAuthenticator(Properties properties)
    Constructor for JwtAuthenticator.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
    protected String
    getAuthMethod()
    protected static String
    parseAuthorization(Properties properties, org.apache.catalina.connector.Request request, String claimName)
    Parse the Authorization header, and extract the sub from the first valid JWT found.

    Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isPreemptiveAuthPossible, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

    Methods inherited from class org.apache.catalina.valves.ValveBase

    backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

    Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

    destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

    Methods inherited from class org.apache.catalina.util.LifecycleBase

    addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

    • BEARER

      public static final String BEARER
      Constant BEARER="BEARER"
      See Also:

    • ALLOW_PLAIN

      public static final String ALLOW_PLAIN
      Constant ALLOW_PLAIN="media.pepperpot.jwt.allowPlain"
      See Also:

    • DEFAULT_ALLOW_PLAIN

      public static final String DEFAULT_ALLOW_PLAIN
      Constant DEFAULT_ALLOW_PLAIN="Boolean.FALSE.toString()"

    • JWS_SECRET_FILE

      public static final String JWS_SECRET_FILE
      Constant JWS_SECRET_FILE="media.pepperpot.jws.SecretFile"
      See Also:

    • JWS_JWK_SET_FILE

      public static final String JWS_JWK_SET_FILE
      Constant JWS_JWK_SET_FILE="media.pepperpot.jws.JwkSetFile"
      See Also:

    • JWS_REMOTE_JWK_SET_URL

      public static final String JWS_REMOTE_JWK_SET_URL
      Constant JWS_REMOTE_JWK_SET_URL="media.pepperpot.jws.RemoteJwkSetUrl"
      See Also:

    • JWS_ALGORITHM

      public static final String JWS_ALGORITHM
      Constant JWS_ALGORITHM="media.pepperpot.jwt.JWSAlgorithm"
      See Also:

    • JWE_SECRET_FILE

      public static final String JWE_SECRET_FILE
      Constant JWE_SECRET_FILE="media.pepperpot.jwe.SecretFile"
      See Also:

    • JWE_JWK_SET_FILE

      public static final String JWE_JWK_SET_FILE
      Constant JWE_JWK_SET_FILE="media.pepperpot.jwe.JwkSetFile"
      See Also:

    • JWE_REMOTE_JWK_SET_URL

      public static final String JWE_REMOTE_JWK_SET_URL
      Constant JWE_REMOTE_JWK_SET_URL="media.pepperpot.jwe.RemoteJwkSetUrl"
      See Also:

    • JWE_ALGORITHM

      public static final String JWE_ALGORITHM
      Constant JWE_ALGORITHM="media.pepperpot.jwt.JWEAlgorithm"
      See Also:

    • JWE_ENCRYPTION_METHOD

      public static final String JWE_ENCRYPTION_METHOD
      Constant JWE_ENCRYPTION_METHOD="media.pepperpot.jwt.JWEEncryptionMethod"
      See Also:

    • JWT_MAX_CLOCK_SKEW

      public static final String JWT_MAX_CLOCK_SKEW
      Constant JWT_MAX_CLOCK_SKEW="media.pepperpot.jwt.MaxClockSkew"
      See Also:

    • JWT_MAX_CLOCK_SKEW_DEFAULT

      public static final String JWT_MAX_CLOCK_SKEW_DEFAULT
      Constant JWT_MAX_CLOCK_SKEW_DEFAULT="60"
      See Also:

    • JWT_ACCEPTED_AUDIENCE

      public static final String JWT_ACCEPTED_AUDIENCE
      Constant JWT_ACCEPTED_AUDIENCE="media.pepperpot.jwt.AcceptedAudience"
      See Also:

    • JWT_REQUIRED_CLAIMS

      public static final String JWT_REQUIRED_CLAIMS
      Constant JWT_REQUIRED_CLAIMS="media.pepperpot.jwt.RequiredClaims"
      See Also:

    • JWT_PROHIBITED_CLAIMS

      public static final String JWT_PROHIBITED_CLAIMS
      Constant JWT_PROHIBITED_CLAIMS="media.pepperpot.jwt.ProhibitedClaims"
      See Also:

    • properties

      protected Properties properties
      Properties passed to the authenticator.

  • Constructor Details

    • JwtAuthenticator

      public JwtAuthenticator()

      Constructor for JwtAuthenticator.

    • JwtAuthenticator

      public JwtAuthenticator(Properties properties)

      Constructor for JwtAuthenticator.

      Parameters:
      properties - a Properties object.

  • Method Details

    • parseAuthorization

      protected static String parseAuthorization(Properties properties, org.apache.catalina.connector.Request request, String claimName)
      Parse the Authorization header, and extract the sub from the first valid JWT found.
      Parameters:
      request - a Request object.
      properties - a Properties object.
      claimName - a String object.
      Returns:
      a String object.

    • getAuthMethod

      protected String getAuthMethod()
      Specified by:
      getAuthMethod in class org.apache.catalina.authenticator.AuthenticatorBase

    • doAuthenticate

      protected boolean doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response) throws IOException
      Specified by:
      doAuthenticate in class org.apache.catalina.authenticator.AuthenticatorBase
      Throws:
      IOException