Class JWTManager


  • public class JWTManager
    extends java.lang.Object
    This class manages the single sign-on authentication through JWT tokens between OFBiz applications.
    • Constructor Summary

      Constructors 
      Constructor Description
      JWTManager()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String checkJWTLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      OFBiz controller preprocessor event.
      static java.lang.String createJwt​(Delegator delegator, java.util.Map<java.lang.String,​java.lang.String> claims)
      Create and return a JWT token using the claims of the provided map and the configured expiration time.
      static java.lang.String createJwt​(Delegator delegator, java.util.Map<java.lang.String,​java.lang.String> claims, int expireTime)
      Create and return a JWT token using the claims of the provided map and the provided expiration time.
      static java.lang.String createJwt​(Delegator delegator, java.util.Map<java.lang.String,​java.lang.String> claims, java.lang.String keySalt, int expireTime)
      Create and return a JWT token using the claims of the provided map and the provided expiration time.
      static java.lang.String getAuthenticationToken​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.
      static java.lang.String getHeaderAuthBearerToken​(javax.servlet.http.HttpServletRequest request)
      Gets the authentication token from the "Authorization" header if it is in the form Bearer <token>.
      static java.lang.String getJWTKey​(Delegator delegator)
      Get the JWT secret key from database or security.properties.
      static java.lang.String getJWTKey​(Delegator delegator, java.lang.String salt)
      Get the JWT secret key from database or security.properties.
      static java.util.Map<java.lang.String,​java.lang.Object> validateToken​(java.lang.String jwtToken, java.lang.String key)
      Validates the provided token using the secret key.
      static java.util.Map<java.lang.String,​java.lang.Object> validateToken​(Delegator delegator, java.lang.String jwtToken, java.lang.String keySalt)
      Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • JWTManager

        public JWTManager()
    • Method Detail

      • checkJWTLogin

        public static java.lang.String checkJWTLogin​(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
        OFBiz controller preprocessor event. The method is designed to be used in a chain of controller preprocessor event: it always returns "success" even when the Authorization token is missing or the Authorization fails. This in order to move the processing to the next event in the chain. This works in a similar same way than externalLoginKey but between 2 servers on 2 different domains, not 2 webapps on the same server. The OFBiz internal Single Sign On (SSO) is ensured by a JWT token, then all is handled as normal by a session on the reached server. The servers may or may not share a database but the 2 loginUserIds must be the same. In case of a multitenancy usage, the tenant is verified.
        Parameters:
        request - The HTTPRequest object for the current request
        response - The HTTPResponse object for the current request
        Returns:
        String always "success"
      • getJWTKey

        public static java.lang.String getJWTKey​(Delegator delegator)
        Get the JWT secret key from database or security.properties.
        Parameters:
        delegator - the delegator
        Returns:
        the JWT secret key
      • getJWTKey

        public static java.lang.String getJWTKey​(Delegator delegator,
                                                 java.lang.String salt)
        Get the JWT secret key from database or security.properties.
        Parameters:
        delegator - the delegator
        Returns:
        the JWT secret key
      • getAuthenticationToken

        public static java.lang.String getAuthenticationToken​(javax.servlet.http.HttpServletRequest request,
                                                              javax.servlet.http.HttpServletResponse response)
        Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.
        Parameters:
        request - the http request in which the authentication token is searched and stored
        Returns:
        the authentication token
      • getHeaderAuthBearerToken

        public static java.lang.String getHeaderAuthBearerToken​(javax.servlet.http.HttpServletRequest request)
        Gets the authentication token from the "Authorization" header if it is in the form Bearer <token>. Public for API access from third party code.
        Parameters:
        request - the request to get the token from
        Returns:
        the bare JWT token
      • validateToken

        public static java.util.Map<java.lang.String,​java.lang.Object> validateToken​(java.lang.String jwtToken,
                                                                                           java.lang.String key)
        Validates the provided token using the secret key. If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error. Public for API access from third party code.
        Parameters:
        jwtToken - the JWT token
        key - the server side key to verify the signature
        Returns:
        Map of the claims contained in the token or an error
      • validateToken

        public static java.util.Map<java.lang.String,​java.lang.Object> validateToken​(Delegator delegator,
                                                                                           java.lang.String jwtToken,
                                                                                           java.lang.String keySalt)
        Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error.
        Parameters:
        delegator -
        jwtToken -
        keySalt -
        Returns:
        Map of the claims contained in the token or an error
      • createJwt

        public static java.lang.String createJwt​(Delegator delegator,
                                                 java.util.Map<java.lang.String,​java.lang.String> claims)
        Create and return a JWT token using the claims of the provided map and the configured expiration time.
        Parameters:
        delegator - the delegator
        claims - the map containing the JWT claims
        Returns:
        a JWT token
      • createJwt

        public static java.lang.String createJwt​(Delegator delegator,
                                                 java.util.Map<java.lang.String,​java.lang.String> claims,
                                                 int expireTime)
        Create and return a JWT token using the claims of the provided map and the provided expiration time.
        Parameters:
        delegator -
        claims - the map containing the JWT claims
        expireTime - the expiration time in seconds
        Returns:
        a JWT token
      • createJwt

        public static java.lang.String createJwt​(Delegator delegator,
                                                 java.util.Map<java.lang.String,​java.lang.String> claims,
                                                 java.lang.String keySalt,
                                                 int expireTime)
        Create and return a JWT token using the claims of the provided map and the provided expiration time.
        Parameters:
        delegator -
        claims - the map containing the JWT claims
        keySalt - salt to use as prefix on the encrypt key
        expireTime - the expiration time in seconds
        Returns:
        a JWT token