Fixed issues in JWT Authenticator

8 years ago · ace6c2dbfc
parent b77f5358e8
commit ace6c2dbfc
1 changed files with 75 additions and 74 deletions
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
@ -48,7 +48,7 @@ import java.util.StringTokenizer;
 public class JWTAuthenticator implements WebappAuthenticator {

    private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
-	public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
+    public static final String SIGNED_JWT_AUTH_USERNAME = "http://wso2.org/claims/enduser";
    private static final String JWT_AUTHENTICATOR = "JWT";
    private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";

@ -83,11 +83,10 @@ public class JWTAuthenticator implements WebappAuthenticator {
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
        try {
            keyStoreManager.getDefaultPrimaryCertificate();
-			String authorizationHeader = request.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
-			String headerData = decodeAuthorizationHeader(authorizationHeader);
+            String authorizationHeader = request.getHeader(JWT_ASSERTION_HEADER);
            JWSVerifier verifier =
                    new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
-			SignedJWT jwsObject = SignedJWT.parse(headerData);
+            SignedJWT jwsObject = SignedJWT.parse(authorizationHeader);
            if (jwsObject.verify(verifier)) {
                String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
                String tenantDomain = MultitenantUtils.getTenantDomain(username);
@ -108,6 +107,8 @@ public class JWTAuthenticator implements WebappAuthenticator {
                        authenticationInfo.setStatus(Status.CONTINUE);
                    }
                }
+            } else {
+                authenticationInfo.setStatus(Status.FAILURE);
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while obtaining the user.", e);