1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.spring.security;
20
21 import com.nimbusds.jwt.JWTClaimsSet;
22 import java.util.Date;
23 import org.springframework.security.authentication.AuthenticationProvider;
24 import org.springframework.security.authentication.CredentialsExpiredException;
25 import org.springframework.security.core.Authentication;
26 import org.springframework.security.core.AuthenticationException;
27
28
29
30
31
32 public class JWTAuthenticationProvider implements AuthenticationProvider {
33
34 protected final AuthDataAccessor dataAccessor;
35
36 public JWTAuthenticationProvider(final AuthDataAccessor dataAccessor) {
37 this.dataAccessor = dataAccessor;
38 }
39
40 @Override
41 public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
42 JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication;
43
44 JWTClaimsSet claims = jwtAuthentication.getClaims();
45 long referenceTime = System.currentTimeMillis();
46
47 Date expirationTime = claims.getExpirationTime();
48 if (expirationTime != null && expirationTime.getTime() < referenceTime) {
49 dataAccessor.removeExpired(claims.getJWTID());
50 throw new CredentialsExpiredException("JWT is expired");
51 }
52
53 Date notBefore = claims.getNotBeforeTime();
54 if (notBefore != null && notBefore.getTime() > referenceTime) {
55 throw new CredentialsExpiredException("JWT not valid yet");
56 }
57
58 jwtAuthentication.setAuthenticated(true);
59 return jwtAuthentication;
60 }
61
62 @Override
63 public boolean supports(final Class<?> authentication) {
64 return JWTAuthentication.class.isAssignableFrom(authentication);
65 }
66 }