View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.spring.security;
20  
21  import com.nimbusds.jwt.JWTClaimsSet;
22  import java.util.Date;
23  import org.springframework.security.authentication.AuthenticationProvider;
24  import org.springframework.security.authentication.CredentialsExpiredException;
25  import org.springframework.security.core.Authentication;
26  import org.springframework.security.core.AuthenticationException;
27  
28  /**
29   * Attempts to authenticate the passed {@link JWTAuthentication} object, returning a fully populated
30   * {@link Authentication} object (including granted authorities) if successful.
31   */
32  public class JWTAuthenticationProvider implements AuthenticationProvider {
33  
34      protected final AuthDataAccessor dataAccessor;
35  
36      public JWTAuthenticationProvider(final AuthDataAccessor dataAccessor) {
37          this.dataAccessor = dataAccessor;
38      }
39  
40      @Override
41      public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
42          JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication;
43  
44          JWTClaimsSet claims = jwtAuthentication.getClaims();
45          long referenceTime = System.currentTimeMillis();
46  
47          Date expirationTime = claims.getExpirationTime();
48          if (expirationTime != null && expirationTime.getTime() < referenceTime) {
49              dataAccessor.removeExpired(claims.getJWTID());
50              throw new CredentialsExpiredException("JWT is expired");
51          }
52  
53          Date notBefore = claims.getNotBeforeTime();
54          if (notBefore != null && notBefore.getTime() > referenceTime) {
55              throw new CredentialsExpiredException("JWT not valid yet");
56          }
57  
58          jwtAuthentication.setAuthenticated(true);
59          return jwtAuthentication;
60      }
61  
62      @Override
63      public boolean supports(final Class<?> authentication) {
64          return JWTAuthentication.class.isAssignableFrom(authentication);
65      }
66  }