CXF-7085: Introduce support for Server Sent Events (Client). Restructured SSE test...
[cxf.git] / rt / rs / security / jose-parent / jose-jaxrs / src / main / java / org / apache / cxf / rs / security / jose / jaxrs / JwtAuthenticationClientFilter.java
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.cxf.rs.security.jose.jaxrs;
20
21 import java.io.IOException;
22
23 import javax.annotation.Priority;
24 import javax.ws.rs.Priorities;
25 import javax.ws.rs.client.ClientRequestContext;
26 import javax.ws.rs.client.ClientRequestFilter;
27 import javax.ws.rs.core.HttpHeaders;
28
29 import org.apache.cxf.common.util.Base64UrlUtility;
30 import org.apache.cxf.configuration.security.AuthorizationPolicy;
31 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
32 import org.apache.cxf.message.Message;
33 import org.apache.cxf.phase.PhaseInterceptorChain;
34 import org.apache.cxf.rs.security.jose.common.JoseException;
35 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
36 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
37 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
38 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
39 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
40 import org.apache.cxf.rt.security.crypto.CryptoUtils;
41
42 @Priority(Priorities.AUTHENTICATION)
43 public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
44 implements ClientRequestFilter {
45
46 private static final String DEFAULT_AUTH_SCHEME = "JWT";
47 private String authScheme = DEFAULT_AUTH_SCHEME;
48 @Override
49 public void filter(ClientRequestContext requestContext) throws IOException {
50 JwtToken jwt = getJwtToken(requestContext);
51 if (jwt == null && super.isJweRequired()) {
52 AuthorizationPolicy ap = JAXRSUtils.getCurrentMessage().getExchange()
53 .getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class);
54 if (ap != null && ap.getUserName() != null) {
55 JwtClaims claims = new JwtClaims();
56 claims.setSubject(ap.getUserName());
57 claims.setClaim("password", ap.getPassword());
58 claims.setIssuedAt(System.currentTimeMillis() / 1000L);
59 jwt = new JwtToken(new JweHeaders(), claims);
60 }
61 }
62 if (jwt == null) {
63 throw new JoseException("JWT token is not available");
64 }
65 String data = super.processJwt(jwt);
66 requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION,
67 authScheme + " " + data);
68 }
69
70 protected JwtToken getJwtToken(ClientRequestContext requestContext) {
71 // Try the filter properties first, then the message properties
72 JwtToken token = (JwtToken)requestContext.getProperty(JwtConstants.JWT_TOKEN);
73 if (token == null) {
74 Message m = PhaseInterceptorChain.getCurrentMessage();
75 token = (JwtToken)m.getContextualProperty(JwtConstants.JWT_TOKEN);
76 }
77
78 if (token != null) {
79 return token;
80 }
81
82 // Otherwise check to see if we have some claims + construct the header ourselves
83 JwtClaims claims = (JwtClaims)requestContext.getProperty(JwtConstants.JWT_CLAIMS);
84 if (claims == null) {
85 Message m = PhaseInterceptorChain.getCurrentMessage();
86 claims = (JwtClaims)m.getContextualProperty(JwtConstants.JWT_CLAIMS);
87 }
88
89 if (claims != null) {
90 token = new JwtToken(claims);
91 }
92
93 return token;
94 }
95
96 protected String getContextPropertyValue() {
97 return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(16));
98 }
99
100 public void setAuthScheme(String authScheme) {
101 this.authScheme = authScheme;
102 }
103
104
105
106 }