Java Code Examples for org.springframework.security.jwt.JwtHelper#decode()

public String getAccessToken() {
    if (accessToken == null) {
        retrieveNewAccessToken();
    }

    Jwt jwt = JwtHelper.decode(accessToken);
    String claims = jwt.getClaims();
    JsonParser jsonParser = JsonParserFactory.getJsonParser();
    Map<String, Object> claimMap = jsonParser.parseMap(claims);
    Integer exp = (Integer) claimMap.get("exp");
    int now = (int) (System.currentTimeMillis() / 1000L);

    if (exp < now) {
        retrieveNewAccessToken();
    }

    return accessToken;
}
 

@SuppressWarnings({"rawtypes", "unchecked"})
@Test
public void getJwtTokenByClientCredentialForUser() throws JsonParseException, JsonMappingException, IOException {
    ResponseEntity<String> response = new TestRestTemplate("trusted-app", "secret").postForEntity("http://localhost:" + port + "/oauth/token?grant_type=password&username=user&password=password", null, String.class);
    String responseText = response.getBody();
    assertEquals(HttpStatus.OK, response.getStatusCode());
    HashMap jwtMap = new ObjectMapper().readValue(responseText, HashMap.class);

    assertEquals("bearer", jwtMap.get("token_type"));
    assertEquals("read write", jwtMap.get("scope"));
    assertTrue(jwtMap.containsKey("access_token"));
    assertTrue(jwtMap.containsKey("expires_in"));
    assertTrue(jwtMap.containsKey("jti"));
    String accessToken = (String) jwtMap.get("access_token");

    Jwt jwtToken = JwtHelper.decode(accessToken);
    String claims = jwtToken.getClaims();
    HashMap claimsMap = new ObjectMapper().readValue(claims, HashMap.class);
    assertEquals("spring-boot-application", ((List<String>) claimsMap.get("aud")).get(0));
    assertEquals("trusted-app", claimsMap.get("client_id"));
    assertEquals("user", claimsMap.get("user_name"));
    assertEquals("read", ((List<String>) claimsMap.get("scope")).get(0));
    assertEquals("write", ((List<String>) claimsMap.get("scope")).get(1));
    assertEquals("ROLE_USER", ((List<String>) claimsMap.get("authorities")).get(0));
}
 

@SuppressWarnings({"rawtypes", "unchecked"})
@Test
public void getJwtTokenByClientCredentialForAdmin() throws JsonParseException, JsonMappingException, IOException {
    ResponseEntity<String> response = new TestRestTemplate("trusted-app", "secret").postForEntity("http://localhost:" + port + "/oauth/token?grant_type=password&username=admin&password=password", null, String.class);
    String responseText = response.getBody();
    assertEquals(HttpStatus.OK, response.getStatusCode());
    HashMap jwtMap = new ObjectMapper().readValue(responseText, HashMap.class);

    assertEquals("bearer", jwtMap.get("token_type"));
    assertEquals("read write", jwtMap.get("scope"));
    assertTrue(jwtMap.containsKey("access_token"));
    assertTrue(jwtMap.containsKey("expires_in"));
    assertTrue(jwtMap.containsKey("jti"));
    String accessToken = (String) jwtMap.get("access_token");

    Jwt jwtToken = JwtHelper.decode(accessToken);
    String claims = jwtToken.getClaims();
    HashMap claimsMap = new ObjectMapper().readValue(claims, HashMap.class);
    assertEquals("spring-boot-application", ((List<String>) claimsMap.get("aud")).get(0));
    assertEquals("trusted-app", claimsMap.get("client_id"));
    assertEquals("admin", claimsMap.get("user_name"));
    assertEquals("read", ((List<String>) claimsMap.get("scope")).get(0));
    assertEquals("write", ((List<String>) claimsMap.get("scope")).get(1));
    assertEquals("ROLE_ADMIN", ((List<String>) claimsMap.get("authorities")).get(0));
}
 

public static boolean invalidJwtAccessToken(String authentication) {
	//verifier = Optional.ofNullable(verifier).orElse(new MacSigner(signingKey));
	//是否无效true表示无效
	boolean invalid = Boolean.TRUE;
	try {
		String pubKey = JWTAuthentication.getPubKey(PUBLIC_KEY);
		RsaVerifier rsaVerifier = new RsaVerifier(pubKey);
		Jwt jwt = JwtHelper.decode(authentication);
		jwt.verifySignature(rsaVerifier);
		invalid = Boolean.FALSE;
	} catch (InvalidSignatureException | IllegalArgumentException ex) {
		LogBack.error("user token has expired or signature error");
	}
	return invalid;
}
 

/**
 * Retrieve the given claim from the given token.
 *
 * @param refreshToken the JWT token to examine.
 * @param claimName    name of the claim to get.
 * @param clazz        the Class we expect to find there.
 * @return the desired claim.
 * @throws InvalidTokenException if we cannot find the claim in the token or it is of wrong type.
 */
@SuppressWarnings("unchecked")
private <T> T getClaim(String refreshToken, String claimName, Class<T> clazz) {
    Jwt jwt = JwtHelper.decode(refreshToken);
    String claims = jwt.getClaims();
    Map<String, Object> claimsMap = jsonParser.parseMap(claims);
    Object claimValue = claimsMap.get(claimName);
    if (claimValue == null) {
        return null;
    }
    if (!clazz.isAssignableFrom(claimValue.getClass())) {
        throw new InvalidTokenException("claim is not of expected type: " + claimName);
    }
    return (T) claimValue;
}
 

public static boolean invalidJwtAccessToken(String authentication) {
	//verifier = Optional.ofNullable(verifier).orElse(new MacSigner(signingKey));
	//是否无效true表示无效
	boolean invalid = Boolean.TRUE;
	try {
		String pubKey = JWTAuthentication.getPubKey(PUBLIC_KEY);
		RsaVerifier rsaVerifier = new RsaVerifier(pubKey);
		Jwt jwt = JwtHelper.decode(authentication);
		jwt.verifySignature(rsaVerifier);
		invalid = Boolean.FALSE;
	} catch (InvalidSignatureException | IllegalArgumentException ex) {
		LogBack.error("user token has expired or signature error");
	}
	return invalid;
}
 

public static Claims createFrom(ObjectMapper jsonMapper, OAuth2AccessToken accessToken) {
    try {
        String idToken = accessToken.getAdditionalInformation().get("id_token").toString();
        Jwt decodedToken = JwtHelper.decode(idToken);
        return jsonMapper.readValue(decodedToken.getClaims(), Claims.class);

    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
 

public static Claims createFrom(ObjectMapper jsonMapper, OAuth2AccessToken accessToken) {
    try {
        String idToken = accessToken.getAdditionalInformation().get("id_token").toString();
        Jwt decodedToken = JwtHelper.decode(idToken);
        return jsonMapper.readValue(decodedToken.getClaims(), Claims.class);

    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
 

@SuppressWarnings({"rawtypes", "unchecked"})
@Test
public void getJwtTokenByTrustedClient() throws JsonParseException, JsonMappingException, IOException {
    ResponseEntity<String> response = new TestRestTemplate("trusted-app", "secret").postForEntity("http://localhost:" + port + "/oauth/token?client_id=trusted-app&grant_type=client_credentials", null, String.class);
    String responseText = response.getBody();
    assertEquals(HttpStatus.OK, response.getStatusCode());
    HashMap jwtMap = new ObjectMapper().readValue(responseText, HashMap.class);

    assertEquals("bearer", jwtMap.get("token_type"));
    assertEquals("read write", jwtMap.get("scope"));
    assertTrue(jwtMap.containsKey("access_token"));
    assertTrue(jwtMap.containsKey("expires_in"));
    assertTrue(jwtMap.containsKey("jti"));
    String accessToken = (String) jwtMap.get("access_token");

    Jwt jwtToken = JwtHelper.decode(accessToken);

    String claims = jwtToken.getClaims();
    logJson(claims);

    HashMap claimsMap = new ObjectMapper().readValue(claims, HashMap.class);
    assertEquals("spring-boot-application", ((List<String>) claimsMap.get("aud")).get(0));
    assertEquals("trusted-app", claimsMap.get("client_id"));
    assertEquals("read", ((List<String>) claimsMap.get("scope")).get(0));
    assertEquals("write", ((List<String>) claimsMap.get("scope")).get(1));
    List<String> authorities = (List<String>) claimsMap.get("authorities");
    assertEquals(1, authorities.size());
    assertEquals("ROLE_TRUSTED_CLIENT", authorities.get(0));
}
 

private static OAuthToken parseJwtToken(String jwtToken) {
    try {
        Jwt jwt = JwtHelper.decode(jwtToken);
        ObjectMapper mapper = new ObjectMapper();
        return mapper.readValue(jwt.getClaims().getBytes(), OAuthToken.class);
    } catch (IOException e) {
        throw new AuthenticationException("Invalid OAuth2 Token", e);
    }
}
 

/**
 * Retrieve the given claim from the given token.
 *
 * @param refreshToken the JWT token to examine.
 * @param claimName    name of the claim to get.
 * @param clazz        the Class we expect to find there.
 * @return the desired claim.
 * @throws InvalidTokenException if we cannot find the claim in the token or it is of wrong type.
 */
@SuppressWarnings("unchecked")
private <T> T getClaim(String refreshToken, String claimName, Class<T> clazz) {
    Jwt jwt = JwtHelper.decode(refreshToken);
    String claims = jwt.getClaims();
    Map<String, Object> claimsMap = jsonParser.parseMap(claims);
    Object claimValue = claimsMap.get(claimName);
    if (claimValue == null) {
        return null;
    }
    if (!clazz.isAssignableFrom(claimValue.getClass())) {
        throw new InvalidTokenException("claim is not of expected type: " + claimName);
    }
    return (T) claimValue;
}
 

public Jwt getJwt(String authentication) {
    return JwtHelper.decode(authentication);
}
 

public Jwt getJwt(String authentication) {
    return JwtHelper.decode(authentication);
}
 

@Override
public Jwt getJwt(String authentication) {
    return JwtHelper.decode(StringUtils.substring(authentication, BEARER_BEGIN_INDEX));
}
 

private Jwt getParsedToken(String accessToken) {
    return JwtHelper.decode(accessToken.split(" ")[1]);
}