Package net.solarnetwork.web.security

Class AuthenticationDataToken

java.lang.Object
net.solarnetwork.web.security.AuthenticationDataToken
public class AuthenticationDataToken extends Object
Support for JWT encoded authorization data. This class provides support for JWT encoded authorization data, including using HTTP cookies for persistence of the token data. The only supported token type is jwt. The only supported signature algorithm is HMAC-SHA256, which is encoded as the literal HS256.
Version:
2.0
Author:
matt

  • Field Details

    • HEADER_TOKEN_TYPE

      public static final String HEADER_TOKEN_TYPE
      The header key for the token type.
      See Also:

    • HEADER_SIGN_ALG

      public static final String HEADER_SIGN_ALG
      The header key for the signature algorithm type.
      See Also:

    • TOKEN_TYPE_JWT

      public static final String TOKEN_TYPE_JWT
      The JWT token type.
      See Also:

    • SIGN_ALG_HMAC_SHA256

      public static final String SIGN_ALG_HMAC_SHA256
      The HMAC-SHA256 signature algorithm type.
      See Also:

    • CLAIM_EXPIRES

      public static final String CLAIM_EXPIRES
      The payload key for the token expiration date claim. The value associated with this claim is an integer representing seconds from the Unix epoch.
      See Also:

    • CLAIM_ISSUED_AT

      public static final String CLAIM_ISSUED_AT
      The payload key for the token issue date. The value associated with this claim is an integer representing seconds from the Unix epoch.
      See Also:

    • CLAIM_SUBJECT

      public static final String CLAIM_SUBJECT
      The payload key for the token subject. The value associated with this claim is a string representing a unique identifier for the bearer of the token, e.g. a token identifier.
      See Also:

  • Constructor Details

    • AuthenticationDataToken

      public AuthenticationDataToken(javax.servlet.http.Cookie cookie)
      Construct from an existing cookie.
      Parameters:
      cookie - The cookie to parse.
      Throws:
      IllegalArgumentException - if the cookie cannot be parsed

    • AuthenticationDataToken

      public AuthenticationDataToken(AuthenticationData data, String secret)
      Construct from AuthenticationData.
      Parameters:
      data - The data to use.
      secret - The secret to sign the token data with, as a UTF-8 string.
      Throws:
      IllegalArgumentException - if the data is not supported

    • AuthenticationDataToken

      public AuthenticationDataToken(AuthenticationData data, byte[] secret)
      Construct from AuthenticationData.
      Parameters:
      data - The data to use.
      secret - The secret to sign the token data with.
      Throws:
      IllegalArgumentException - if the data is not supported

  • Method Details

    • parseTokenData

      public static final Map<String,Object> parseTokenData(String cookieValue)
      Parse token data into a map.
      Parameters:
      cookieValue - the token data value to parse
      Returns:
      the parsed data

    • verify

      public void verify(String secret)
      Verify the token cookie data using a provided signing secret key and the current date.
      Parameters:
      secret - The secret key to compute the signature digest with, as a UTF-8 encoded string.
      Throws:
      SecurityException - if the computed digest does not match that provided by the token data, or the token has expired

    • verify

      public void verify(String secret, long date)
      Verify the token cookie data using a provided signing secret key and date.
      Parameters:
      secret - The secret key to compute the signature digest with, as a UTF-8 encoded string.
      date - The date to compare the token expiration with.
      Throws:
      SecurityException - if the computed digest does not match that provided by the token data, or the token has expired

    • verify

      public void verify(byte[] secret)
      Verify the token cookie data using a provided signing secret key and the current date.
      Parameters:
      secret - The secret key to compute the signature digest with.
      Throws:
      SecurityException - if the computed digest does not match that provided by the token data, or the token has expired

    • verify

      public void verify(byte[] secret, long date)
      Verify the token cookie data using a provided signing secret key and date.
      Parameters:
      secret - The secret key to compute the signature digest with.
      date - The date to compare the token expiration with.
      Throws:
      SecurityException - if the computed digest does not match that provided by the token data, or the token has expired

    • cookieValue

      public String cookieValue()
      Get a value suitable for storing on a Cookie from the token data.
      Returns:
      The cookie value.

    • getIdentity

      public String getIdentity()
      Get the identity value, e.g. token ID.
      Returns:
      the identity

    • getExpires

      public long getExpires()
      Get the expiration date, expressed as seconds since the Unix epoch.
      Returns:
      the expiration date

    • getIssued

      public long getIssued()
      Get the issue date, expressed as seconds since the Unix epoch.
      Returns:
      the issued date

    • getSignature

      public byte[] getSignature()
      Get the digest signature bytes.
      Returns:
      the signature