Package org.apache.ofbiz.webapp.control

Class JWTManager

java.lang.Object

org.apache.ofbiz.webapp.control.JWTManager

public class JWTManager
extends java.lang.Object

This class manages the single sign-on authentication through JWT tokens between OFBiz applications.

Constructor Summary

Constructors

Constructor	Description
JWTManager()

Method Summary

Modifier and Type	Method	Description
static java.lang.String	checkJWTLogin(HttpServletRequest request, HttpServletResponse response)	OFBiz controller preprocessor event.
static java.lang.String	createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims)	Create and return a JWT token using the claims of the provided map and the configured expiration time.
static java.lang.String	createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, int expireTime)	Create and return a JWT token using the claims of the provided map and the provided expiration time.
static java.lang.String	createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, java.lang.String keySalt, int expireTime)	Create and return a JWT token using the claims of the provided map and the provided expiration time.
static java.lang.String	getAuthenticationToken(HttpServletRequest request, HttpServletResponse response)	Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.
static java.lang.String	getHeaderAuthBearerToken(HttpServletRequest request)	Gets the authentication token from the "Authorization" header if it is in the form Bearer <token>.
static java.lang.String	getJWTKey(Delegator delegator)	Get the JWT secret key from database or security.properties.
static java.lang.String	getJWTKey(Delegator delegator, java.lang.String salt)	Get the JWT secret key from database or security.properties.
static java.util.Map<java.lang.String,java.lang.Object>	validateToken(java.lang.String jwtToken, java.lang.String key)	Validates the provided token using the secret key.
static java.util.Map<java.lang.String,java.lang.Object>	validateToken(Delegator delegator, java.lang.String jwtToken, java.lang.String keySalt)	Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JWTManager

public JWTManager()

Method Detail

checkJWTLogin

public static java.lang.String checkJWTLogin(HttpServletRequest request,
                                             HttpServletResponse response)

OFBiz controller preprocessor event. The method is designed to be used in a chain of controller preprocessor event: it always returns "success" even when the Authorization token is missing or the Authorization fails. This in order to move the processing to the next event in the chain. This works in a similar same way than externalLoginKey but between 2 servers on 2 different domains, not 2 webapps on the same server. The OFBiz internal Single Sign On (SSO) is ensured by a JWT token, then all is handled as normal by a session on the reached server. The servers may or may not share a database but the 2 loginUserIds must be the same. In case of a multitenancy usage, the tenant is verified.

Parameters:

request - The HTTPRequest object for the current request

response - The HTTPResponse object for the current request

Returns:

String always "success"

getJWTKey

public static java.lang.String getJWTKey(Delegator delegator)

Get the JWT secret key from database or security.properties.

Parameters:

delegator - the delegator

Returns:

the JWT secret key

getJWTKey

public static java.lang.String getJWTKey(Delegator delegator,
                                         java.lang.String salt)

Get the JWT secret key from database or security.properties.

Parameters:

delegator - the delegator

Returns:

the JWT secret key

getAuthenticationToken

public static java.lang.String getAuthenticationToken(HttpServletRequest request,
                                                      HttpServletResponse response)

Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.

Parameters:

request - the http request in which the authentication token is searched and stored

Returns:

the authentication token

getHeaderAuthBearerToken

public static java.lang.String getHeaderAuthBearerToken(HttpServletRequest request)

Gets the authentication token from the "Authorization" header if it is in the form Bearer <token>. Public for API access from third party code.

Parameters:

request - the request to get the token from

Returns:

the bare JWT token

validateToken

public static java.util.Map<java.lang.String,java.lang.Object> validateToken(java.lang.String jwtToken,
                                                                                   java.lang.String key)

Validates the provided token using the secret key. If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error. Public for API access from third party code.

Parameters:

jwtToken - the JWT token

key - the server side key to verify the signature

Returns:

Map of the claims contained in the token or an error

validateToken

public static java.util.Map<java.lang.String,java.lang.Object> validateToken(Delegator delegator,
                                                                                   java.lang.String jwtToken,
                                                                                   java.lang.String keySalt)

Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error.

Parameters:

delegator -

jwtToken -

keySalt -

Returns:

Map of the claims contained in the token or an error

createJwt

public static java.lang.String createJwt(Delegator delegator,
                                         java.util.Map<java.lang.String,java.lang.String> claims)

Create and return a JWT token using the claims of the provided map and the configured expiration time.

Parameters:

delegator - the delegator

claims - the map containing the JWT claims

Returns:

a JWT token

createJwt

public static java.lang.String createJwt(Delegator delegator,
                                         java.util.Map<java.lang.String,java.lang.String> claims,
                                         int expireTime)

Create and return a JWT token using the claims of the provided map and the provided expiration time.

Parameters:

delegator -

claims - the map containing the JWT claims

expireTime - the expiration time in seconds

Returns:

a JWT token

createJwt

public static java.lang.String createJwt(Delegator delegator,
                                         java.util.Map<java.lang.String,java.lang.String> claims,
                                         java.lang.String keySalt,
                                         int expireTime)

Create and return a JWT token using the claims of the provided map and the provided expiration time.

Parameters:

delegator -

claims - the map containing the JWT claims

keySalt - salt to use as prefix on the encrypt key

expireTime - the expiration time in seconds

Returns:

a JWT token