Package net.officefloor.web.jwt

Class JwtHttpSecuritySource<C>

java.lang.Object

net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

net.officefloor.web.jwt.JwtHttpSecuritySource<C>

All Implemented Interfaces:

HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>, HttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

public class JwtHttpSecuritySource<C>
extends AbstractHttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>
implements HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

HttpSecuritySource for JWT.

Author:

Daniel Sagenschneider

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	JwtHttpSecuritySource.Flows	Flow keys.
static class	JwtHttpSecuritySource.JwtClaims	JWT claims.
static class	JwtHttpSecuritySource.JwtHeader	JWT header.
static interface	JwtHttpSecuritySource.JwtValidateKeysFactory	Allows overriding the creation of JwtValidateKey instances.

Nested classes/interfaces inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

AbstractHttpSecuritySource.DependencyLabeller, AbstractHttpSecuritySource.Labeller, AbstractHttpSecuritySource.MetaDataContext<A,AC extends Serializable,C,O extends Enum<O>,F extends Enum<F>>, AbstractHttpSecuritySource.SpecificationContext

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTHENTICATION_SCHEME_BEARER	Authentication scheme Bearer.
static final long	DEFAULT_CLOCK_SKEW	Default value for PROPERTY_CLOCK_SKEW.
static final long	DEFAULT_STARTUP_TIMEOUT	Default value for PROEPRTY_STARTUP_TIMEOUT.
static final String	PROEPRTY_STARTUP_TIMEOUT	Property name for the startup timeout in milliseconds.
static final String	PROPERTY_CLAIMS_CLASS	Property name for the claims Class to be loaded with claim information of JWT.
static final String	PROPERTY_CLOCK_SKEW	Property name for the clock skew in seconds.

Fields inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

UTF_8

Constructor Summary

Constructors

Constructor	Description
JwtHttpSecuritySource()

Method Summary

Modifier and Type	Method	Description
void	authenticate(Void credentials, AuthenticateContext<JwtHttpAccessControl<C>,None,JwtHttpSecuritySource.Flows> context)	Undertakes authentication.
void	challenge(ChallengeContext<None,JwtHttpSecuritySource.Flows> context)	Triggers the authentication challenge to the client.
HttpAuthentication<Void>	createAuthentication(AuthenticationContext<JwtHttpAccessControl<C>,Void> context)	Creates the custom authentication.
protected void	loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows> context)	Overridden to load meta-data.
protected void	loadSpecification(AbstractHttpSecuritySource.SpecificationContext context)	Overridden to load specifications.
void	logout(LogoutContext<None,JwtHttpSecuritySource.Flows> context)	Logs out.
boolean	ratify(Void credentials, RatifyContext<JwtHttpAccessControl<C>> context)	Ratifies whether enough information is available to undertake authentication.
static void	setOverrideKeys(JwtHttpSecuritySource.JwtValidateKeysFactory validateKeysFactory)	Uses the JwtHttpSecuritySource.JwtValidateKeysFactory for keys.
HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>	sourceHttpSecurity(HttpSecurityContext context)	Sources the HttpSecurity.
void	start(HttpSecurityExecuteContext<JwtHttpSecuritySource.Flows> context)	Called once after HttpSecuritySource.init(HttpSecuritySourceContext) to indicate this HttpSecuritySource should start execution.

Methods inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

getSpecification, init, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AUTHENTICATION_SCHEME_BEARER

public static final String AUTHENTICATION_SCHEME_BEARER

Authentication scheme Bearer.

See Also:

• Constant Field Values

PROPERTY_CLAIMS_CLASS

public static final String PROPERTY_CLAIMS_CLASS

Property name for the claims Class to be loaded with claim information of JWT.

See Also:

• Constant Field Values

PROEPRTY_STARTUP_TIMEOUT

public static final String PROEPRTY_STARTUP_TIMEOUT

Property name for the startup timeout in milliseconds.

This is the time that HttpRequest instances are held up waiting the for the initial JwtValidateKey instances to be loaded.

See Also:

• Constant Field Values

DEFAULT_STARTUP_TIMEOUT

public static final long DEFAULT_STARTUP_TIMEOUT

Default value for PROEPRTY_STARTUP_TIMEOUT.

See Also:

• Constant Field Values

PROPERTY_CLOCK_SKEW

public static final String PROPERTY_CLOCK_SKEW

Property name for the clock skew in seconds.

See Also:

• Constant Field Values

DEFAULT_CLOCK_SKEW

public static final long DEFAULT_CLOCK_SKEW

Default value for PROPERTY_CLOCK_SKEW.

See Also:

• Constant Field Values

Constructor Details

JwtHttpSecuritySource

public JwtHttpSecuritySource()

Method Details

setOverrideKeys

public static void setOverrideKeys(JwtHttpSecuritySource.JwtValidateKeysFactory validateKeysFactory)

Uses the JwtHttpSecuritySource.JwtValidateKeysFactory for keys.

This is typically used for testing to allow overriding the JwtValidateKey instances being used.

Parameters:

validateKeysFactory - JwtHttpSecuritySource.JwtValidateKeysFactory. May be null to not override.

loadSpecification

protected void loadSpecification(AbstractHttpSecuritySource.SpecificationContext context)

Description copied from class: AbstractHttpSecuritySource

Overridden to load specifications.

Specified by:

loadSpecification in class AbstractHttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - Specifications.

loadMetaData

protected void loadMetaData(AbstractHttpSecuritySource.MetaDataContext<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows> context)
                     throws Exception

Description copied from class: AbstractHttpSecuritySource

Overridden to load meta-data.

Specified by:

loadMetaData in class AbstractHttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - Meta-data.

Throws:

Exception - If fails to load the meta-data.

sourceHttpSecurity

public HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows> sourceHttpSecurity(HttpSecurityContext context)
                                                                                                                        throws HttpException

Description copied from interface: HttpSecuritySource

Sources the HttpSecurity.

Specified by:

sourceHttpSecurity in interface HttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - HttpSecurity.

Returns:

HttpSecurity.

Throws:

HttpException - If fails to source the HttpSecurity.

start

public void start(HttpSecurityExecuteContext<JwtHttpSecuritySource.Flows> context)
           throws Exception

Description copied from interface: HttpSecuritySource

Called once after HttpSecuritySource.init(HttpSecuritySourceContext) to indicate this HttpSecuritySource should start execution.

On invocation of this method, ProcessState instances may be invoked via the HttpSecurityExecuteContext.

Specified by:

start in interface HttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Overrides:

start in class AbstractHttpSecuritySource<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - HttpSecurityExecuteContext to use in starting this HttpSecuritySource.

Throws:

Exception - Should the HttpSecuritySource fail to start execution.

createAuthentication

public HttpAuthentication<Void> createAuthentication(AuthenticationContext<JwtHttpAccessControl<C>,Void> context)

Description copied from interface: HttpSecurity

Creates the custom authentication.

Specified by:

createAuthentication in interface HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - AuthenticateContext.

Returns:

Custom authentication.

ratify

public boolean ratify(Void credentials,
 RatifyContext<JwtHttpAccessControl<C>> context)

Description copied from interface: HttpSecurity

Ratifies whether enough information is available to undertake authentication.

As authentication will likely require communication with external services (LDAP store, database, etc), this method allows checking whether enough information is available to undertake the authentication. The purpose is to avoid the ManagedFunction depending on dependencies of authentication subsequently causing execution by different Team. This is especially as the majority of HttpRequest servicing will use the HttpSession to cache details and not require the authentication dependencies causing the swap in Team.

Specified by:

ratify in interface HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

credentials - Credentials.

context - RatifyContext.

Returns:

true should enough information be available to undertake authentication. false if not enough information is available for authentication.

authenticate

public void authenticate(Void credentials,
 AuthenticateContext<JwtHttpAccessControl<C>,None,JwtHttpSecuritySource.Flows> context)
                  throws HttpException

Description copied from interface: HttpSecurity

Undertakes authentication.

Specified by:

authenticate in interface HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

credentials - Credentials.

context - AuthenticateContext.

Throws:

HttpException - If failure in communicating to necessary security services.

challenge

public void challenge(ChallengeContext<None,JwtHttpSecuritySource.Flows> context)
               throws HttpException

Description copied from interface: HttpSecurity

Triggers the authentication challenge to the client.

Specified by:

challenge in interface HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - ChallengeContext.

Throws:

HttpException - If failure in communicating to necessary security services.

logout

public void logout(LogoutContext<None,JwtHttpSecuritySource.Flows> context)
            throws HttpException

Description copied from interface: HttpSecurity

Logs out.

Specified by:

logout in interface HttpSecurity<HttpAuthentication<Void>,JwtHttpAccessControl<C>,Void,None,JwtHttpSecuritySource.Flows>

Parameters:

context - LogoutContext.

Throws:

HttpException - If failure in communicating to necessary security services.