Java Code Examples for com.nimbusds.jwt.JWTClaimsSet#getIssuer()
The following examples show how to use
com.nimbusds.jwt.JWTClaimsSet#getIssuer() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: OpenIdConnectJwtValidation.java From remote-monitoring-services-java with MIT License | 6 votes |
|
/**
* Check whether the token has been released by the expected issuer
*/
private Boolean validateTokenIssuer(JWTClaimsSet claims) {
String issuer = claims.getIssuer();
if (issuer == null) {
log.error("The authorization token doesn't have an issuer (iss)");
return false;
}
if (issuer.toLowerCase().equals(this.issuer)) {
return true;
}
log.error("The authorization token issuer `{}` doesn't match the expected issuer `{}`",
issuer, this.issuer);
return false;
}
Example 2
| Source File: OpenIdConnectJwtValidation.java From remote-monitoring-services-java with MIT License | 6 votes |
|
/**
* Check whether the token has been released by the expected issuer
*/
private Boolean validateTokenIssuer(JWTClaimsSet claims) {
String issuer = claims.getIssuer();
if (issuer == null) {
log.error("The authorization token doesn't have an issuer (iss)");
return false;
}
if (issuer.toLowerCase().equals(this.issuer)) {
return true;
}
log.error("The authorization token issuer `{}` doesn't match the expected issuer `{}`",
issuer, this.issuer);
return false;
}
Example 3
| Source File: OpenIdConnectJwtValidation.java From remote-monitoring-services-java with MIT License | 6 votes |
|
/**
* Check whether the token has been released by the expected issuer
*/
private Boolean validateTokenIssuer(JWTClaimsSet claims) {
String issuer = claims.getIssuer();
if (issuer == null) {
log.error("The authorization token doesn't have an issuer (iss)");
return false;
}
if (issuer.toLowerCase().equals(this.issuer)) {
return true;
}
log.error("The authorization token issuer `{}` doesn't match the expected issuer `{}`",
issuer, this.issuer);
return false;
}
Example 4
| Source File: CellerySignedJWTValidator.java From cellery-security with Apache License 2.0 | 5 votes |
|
private IdentityProvider getTrustedIdp(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception {
String jwtIssuer = claimsSet.getIssuer();
String tenantDomain = getTenantDomain(claimsSet);
IdentityProvider identityProvider;
try {
identityProvider = IdentityProviderManager.getInstance().getIdPByName(jwtIssuer, tenantDomain);
if (identityProvider != null) {
// if no IDPs were found for a given name, the IdentityProviderManager returns a dummy IDP with the
// name "default". We need to handle this case.
if (StringUtils.equalsIgnoreCase(identityProvider.getIdentityProviderName(), "default")) {
// Check whether this jwt was issued by our local idp
identityProvider = getLocalIdpForIssuer(jwtIssuer, tenantDomain);
}
}
if (identityProvider == null) {
throw new IdentityOAuth2Exception("No trusted IDP registered with the issuer: " + jwtIssuer
+ " in tenantDomain: " + tenantDomain);
} else {
return identityProvider;
}
} catch (IdentityProviderManagementException e) {
throw new IdentityOAuth2Exception("Error while retrieving trusted IDP information for issuer: " + jwtIssuer
+ " in tenantDomain: " + tenantDomain);
}
}
Example 5
| Source File: SelfContainedTokenValidator.java From cellery-security with Apache License 2.0 | 4 votes |
|
private void validateIssuer(JWTClaimsSet claimsSet, CellStsRequest request) throws TokenValidationFailureException {
if (!CellStsConfiguration.getInstance().isIssuerValidationEnabled()) {
log.debug("Issuer validation turned off.");
return;
}
String issuer = globalIssuer;
String workload = request.getSource().getWorkload();
String issuerInToken = claimsSet.getIssuer();
if (StringUtils.isNotEmpty(request.getSource().getCellInstanceName())) {
String sourceSTSNamespace = CellStsUtils.getNamespaceFromAddress(request.getSource().getWorkload());
if (StringUtils.isNotEmpty(issuerInToken) && compositeIssuer.equalsIgnoreCase(issuerInToken)) {
sourceSTSNamespace = Constants.SYSTEM_NAMESPACE;
log.debug("Composite issuer found. Hence changing source issuer ns to " + Constants.SYSTEM_NAMESPACE);
}
issuer = CellStsUtils.getIssuerName(request.getSource().getCellInstanceName(),
sourceSTSNamespace);
} else if (StringUtils.isNotEmpty(workload) && workload.matches(KNATIVE_ACTIVATOR_WORKLOAD_REGEX)) {
try {
log.debug("Request is received from the knative activator. Setting issuer to this cell");
issuer = CellStsUtils.getIssuerName(CellStsUtils.getMyCellName(),
CellStsUtils.getNamespaceFromAddress(request.getSource().getWorkload()));
} catch (CelleryCellSTSException e) {
throw new TokenValidationFailureException("Cannot infer the issuer", e);
}
}
if (StringUtils.isEmpty(issuerInToken)) {
throw new TokenValidationFailureException("No issuer found in the JWT");
}
String gatewayIssuer = CellStsUtils.getGatewayIssuer(request.getSource().getCellInstanceName());
// In web cells the issuer will be the gateway of it's own cell.
if (StringUtils.equalsIgnoreCase(issuerInToken, gatewayIssuer)) {
return;
}
if (!StringUtils.equalsIgnoreCase(issuerInToken, issuer)) {
throw new TokenValidationFailureException("Issuer validation failed. Expected issuer : " + issuer + ". " +
"Received issuer: " + issuerInToken);
}
log.debug("Issuer validated successfully. Issuer : {}", issuer);
}
