Fixed issues in JWT Authenticator

4.x.x
mharindu 9 years ago
parent b77f5358e8
commit ace6c2dbfc

@ -48,7 +48,7 @@ import java.util.StringTokenizer;
public class JWTAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
public static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
private static final String JWT_AUTHENTICATOR = "JWT";
private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
@ -60,7 +60,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
@Override
public boolean canHandle(Request request) {
String authorizationHeader = request.getHeader(JWTAuthenticator.JWT_ASSERTION_HEADER);
if((authorizationHeader != null) && !authorizationHeader.isEmpty()){
if ((authorizationHeader != null) && !authorizationHeader.isEmpty()) {
return true;
}
return false;
@ -83,11 +83,10 @@ public class JWTAuthenticator implements WebappAuthenticator {
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
try {
keyStoreManager.getDefaultPrimaryCertificate();
String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
String headerData = decodeAuthorizationHeader(authorizationHeader);
String authorizationHeader = request.getHeader(JWT_ASSERTION_HEADER);
JWSVerifier verifier =
new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
SignedJWT jwsObject = SignedJWT.parse(headerData);
SignedJWT jwsObject = SignedJWT.parse(authorizationHeader);
if (jwsObject.verify(verifier)) {
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String tenantDomain = MultitenantUtils.getTenantDomain(username);
@ -108,6 +107,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
authenticationInfo.setStatus(Status.CONTINUE);
}
}
} else {
authenticationInfo.setStatus(Status.FAILURE);
}
} catch (UserStoreException e) {
log.error("Error occurred while obtaining the user.", e);
@ -123,7 +124,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
private String decodeAuthorizationHeader(String authorizationHeader) {
if(authorizationHeader == null) {
if (authorizationHeader == null) {
return null;
}

Loading…
Cancel
Save