Package org.apache.ofbiz.webapp.control
Class JWTManager
- java.lang.Object
-
- org.apache.ofbiz.webapp.control.JWTManager
-
public class JWTManager extends java.lang.Object
This class manages the single sign-on authentication through JWT tokens between OFBiz applications.
-
-
Constructor Summary
Constructors Constructor Description JWTManager()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.String
checkJWTLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
OFBiz controller preprocessor event.static java.lang.String
createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims)
Create and return a JWT token using the claims of the provided map and the configured expiration time.static java.lang.String
createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, int expireTime)
Create and return a JWT token using the claims of the provided map and the provided expiration time.static java.lang.String
createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, java.lang.String keySalt, int expireTime)
Create and return a JWT token using the claims of the provided map and the provided expiration time.static java.lang.String
getAuthenticationToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.static java.lang.String
getHeaderAuthBearerToken(javax.servlet.http.HttpServletRequest request)
Gets the authentication token from the "Authorization" header if it is in the formBearer <token>
.static java.lang.String
getJWTKey(Delegator delegator)
Get the JWT secret key from database or security.properties.static java.lang.String
getJWTKey(Delegator delegator, java.lang.String salt)
Get the JWT secret key from database or security.properties.static java.util.Map<java.lang.String,java.lang.Object>
validateToken(java.lang.String jwtToken, java.lang.String key)
Validates the provided token using the secret key.static java.util.Map<java.lang.String,java.lang.Object>
validateToken(Delegator delegator, java.lang.String jwtToken, java.lang.String keySalt)
Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them.
-
-
-
Method Detail
-
checkJWTLogin
public static java.lang.String checkJWTLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
OFBiz controller preprocessor event. The method is designed to be used in a chain of controller preprocessor event: it always returns "success" even when the Authorization token is missing or the Authorization fails. This in order to move the processing to the next event in the chain. This works in a similar same way than externalLoginKey but between 2 servers on 2 different domains, not 2 webapps on the same server. The OFBiz internal Single Sign On (SSO) is ensured by a JWT token, then all is handled as normal by a session on the reached server. The servers may or may not share a database but the 2 loginUserIds must be the same. In case of a multitenancy usage, the tenant is verified.- Parameters:
request
- The HTTPRequest object for the current requestresponse
- The HTTPResponse object for the current request- Returns:
- String always "success"
-
getJWTKey
public static java.lang.String getJWTKey(Delegator delegator)
Get the JWT secret key from database or security.properties.- Parameters:
delegator
- the delegator- Returns:
- the JWT secret key
-
getJWTKey
public static java.lang.String getJWTKey(Delegator delegator, java.lang.String salt)
Get the JWT secret key from database or security.properties.- Parameters:
delegator
- the delegator- Returns:
- the JWT secret key
-
getAuthenticationToken
public static java.lang.String getAuthenticationToken(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.- Parameters:
request
- the http request in which the authentication token is searched and stored- Returns:
- the authentication token
-
getHeaderAuthBearerToken
public static java.lang.String getHeaderAuthBearerToken(javax.servlet.http.HttpServletRequest request)
Gets the authentication token from the "Authorization" header if it is in the formBearer <token>
. Public for API access from third party code.- Parameters:
request
- the request to get the token from- Returns:
- the bare JWT token
-
validateToken
public static java.util.Map<java.lang.String,java.lang.Object> validateToken(java.lang.String jwtToken, java.lang.String key)
Validates the provided token using the secret key. If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error. Public for API access from third party code.- Parameters:
jwtToken
- the JWT tokenkey
- the server side key to verify the signature- Returns:
- Map of the claims contained in the token or an error
-
validateToken
public static java.util.Map<java.lang.String,java.lang.Object> validateToken(Delegator delegator, java.lang.String jwtToken, java.lang.String keySalt)
Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error.- Parameters:
delegator
-jwtToken
-keySalt
-- Returns:
- Map of the claims contained in the token or an error
-
createJwt
public static java.lang.String createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims)
Create and return a JWT token using the claims of the provided map and the configured expiration time.- Parameters:
delegator
- the delegatorclaims
- the map containing the JWT claims- Returns:
- a JWT token
-
createJwt
public static java.lang.String createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, int expireTime)
Create and return a JWT token using the claims of the provided map and the provided expiration time.- Parameters:
delegator
-claims
- the map containing the JWT claimsexpireTime
- the expiration time in seconds- Returns:
- a JWT token
-
createJwt
public static java.lang.String createJwt(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> claims, java.lang.String keySalt, int expireTime)
Create and return a JWT token using the claims of the provided map and the provided expiration time.- Parameters:
delegator
-claims
- the map containing the JWT claimskeySalt
- salt to use as prefix on the encrypt keyexpireTime
- the expiration time in seconds- Returns:
- a JWT token
-
-