• Home
• org.mycore
• mycore-base
• 2020.08
• source code
• MCRJWTResource.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.mycore.frontend.jersey.resources.MCRJWTResource Maven / Gradle / Ivy

/*
 * This file is part of ***  M y C o R e  ***
 * See http://www.mycore.de/ for details.
 *
 * MyCoRe is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * MyCoRe is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with MyCoRe.  If not, see .
 */

package org.mycore.frontend.jersey.resources;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import org.mycore.common.MCRSession;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRUserInformation;
import org.mycore.frontend.jersey.MCRCacheControl;
import org.mycore.frontend.jersey.MCRJWTUtil;
import org.mycore.frontend.jersey.MCRStaticContent;
import org.mycore.frontend.servlets.MCRServlet;

import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

/**
 * @author Thomas Scheffler (yagee)
 */
@Path("/jwt")
public class MCRJWTResource {

    public static final String AUDIENCE = "mcr:session";

    @Context
    HttpServletRequest request;

    @GET
    @Produces(MediaType.APPLICATION_JSON + "; charset=UTF-8")
    @MCRStaticContent
    @MCRCacheControl(noTransform = true,
        noStore = true,
        private_ = @MCRCacheControl.FieldArgument(active = true),
        noCache = @MCRCacheControl.FieldArgument(active = true))
    public Response getTokenFromSession() throws IOException {
        if (!Optional.ofNullable(request.getSession(false))
            .map(s -> s.getAttribute(MCRServlet.ATTR_MYCORE_SESSION))
            .isPresent()) {
            return MCRJWTUtil.getJWTLoginErrorResponse("No active MyCoRe session found.");
        }
        MCRSession mcrSession = MCRServlet.getSession(request);
        String jwt = getToken(mcrSession);
        return MCRJWTUtil.getJWTLoginSuccessResponse(jwt);
    }

    private String getToken(MCRSession mcrSession) throws UnsupportedEncodingException {
        MCRUserInformation userInformation = mcrSession.getUserInformation();
        String issuer = request.getRequestURL().toString();
        return MCRJWTUtil.getJWTBuilder(userInformation)
            .withJWTId(mcrSession.getID())
            .withIssuer(issuer)
            .withAudience(AUDIENCE)
            .withClaim(MCRJWTUtil.JWT_CLAIM_IP, mcrSession.getCurrentIP())
            .sign(MCRJWTUtil.getJWTAlgorithm());
    }

    public static void validate(String token) throws JWTVerificationException {
        if (!Optional.of(JWT.require(MCRJWTUtil.getJWTAlgorithm())
            .withAudience(AUDIENCE)
            .build().verify(token))
            .map(DecodedJWT::getId)
            .map(MCRSessionMgr::getSession)
            .isPresent()) {
            throw new JWTVerificationException("MCRSession is invalid.");
        }
    }

}