EncapsulatedTokenLoginModule.java
3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* com.adobe.granite.oauth.jwt.JwsValidator
* javax.jcr.Credentials
* javax.jcr.SimpleCredentials
* org.apache.jackrabbit.api.security.authentication.token.TokenCredentials
* org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
* org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin
* org.apache.oltu.oauth2.jwt.ClaimsSet
* org.apache.oltu.oauth2.jwt.JWT
* org.apache.oltu.oauth2.jwt.io.JWTReader
* org.slf4j.Logger
* org.slf4j.LoggerFactory
*/
package com.day.crx.security.token.impl;
import com.adobe.granite.oauth.jwt.JwsValidator;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin;
import org.apache.oltu.oauth2.jwt.ClaimsSet;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/*
* This class specifies class file version 49.0 but uses Java 6 signatures. Assumed Java 6.
*/
public final class EncapsulatedTokenLoginModule
extends AbstractLoginModule {
private JwsValidator jwsValidator;
private final Logger log = LoggerFactory.getLogger(EncapsulatedTokenLoginModule.class);
private static final Set<Class> SUPPORTED_CREDENTIALS = Collections.singleton(TokenCredentials.class);
private String userId;
public EncapsulatedTokenLoginModule(JwsValidator jwsValidator) {
this.jwsValidator = jwsValidator;
}
protected Set<Class> getSupportedCredentials() {
return SUPPORTED_CREDENTIALS;
}
public boolean login() throws LoginException {
Credentials credentials = this.getCredentials();
if (credentials instanceof TokenCredentials) {
String token = ((TokenCredentials)credentials).getToken();
this.userId = this.parseToken(token);
if (this.userId == null) {
this.log.debug("Could not extract userId/credentials");
} else {
this.sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(this.userId));
this.sharedState.put("org.apache.jackrabbit.credentials", new SimpleCredentials(this.userId, new char[0]));
this.sharedState.put("javax.security.auth.login.name", this.userId);
this.log.debug("login succeeded with trusted user: {}", (Object)this.userId);
}
}
return false;
}
private String parseToken(String token) {
if (token != null && token.length() > 0 && this.jwsValidator.validate(token)) {
JWT jwt = (JWT)new JWTReader().read(token);
String scope = (String)jwt.getClaimsSet().getCustomField("scope", String.class);
if ("login".equals(scope)) {
return jwt.getClaimsSet().getSubject();
}
this.log.debug("the provided token has an invalid scope");
return null;
}
this.log.debug("invalid token");
return null;
}
public boolean commit() throws LoginException {
if (this.userId == null) {
this.clearState();
}
return false;
}
protected void clearState() {
this.userId = null;
super.clearState();
}
}