001/******************************************************************************* 002 * Copyright 2017 The MIT Internet Trust Consortium 003 * 004 * Portions copyright 2011-2013 The MITRE Corporation 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); 007 * you may not use this file except in compliance with the License. 008 * You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 *******************************************************************************/ 018/** 019 * 020 */ 021package org.mitre.openid.connect.assertion; 022 023import java.text.ParseException; 024import java.util.Collection; 025 026import org.springframework.security.authentication.AbstractAuthenticationToken; 027import org.springframework.security.core.GrantedAuthority; 028 029import com.nimbusds.jwt.JWT; 030 031/** 032 * @author jricher 033 * 034 */ 035public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticationToken { 036 037 /** 038 * 039 */ 040 private static final long serialVersionUID = -3138213539914074617L; 041 private String subject; 042 private JWT jwt; 043 044 /** 045 * Create an unauthenticated token with the given subject and jwt 046 * @param subject 047 * @param jwt 048 */ 049 public JWTBearerAssertionAuthenticationToken(JWT jwt) { 050 super(null); 051 try { 052 // save the subject of the JWT in case the credentials get erased later 053 this.subject = jwt.getJWTClaimsSet().getSubject(); 054 } catch (ParseException e) { 055 // TODO Auto-generated catch block 056 e.printStackTrace(); 057 } 058 this.jwt = jwt; 059 setAuthenticated(false); 060 } 061 062 /** 063 * Create an authenticated token with the given clientID, jwt, and authorities set 064 * @param subject 065 * @param jwt 066 * @param authorities 067 */ 068 public JWTBearerAssertionAuthenticationToken(JWT jwt, Collection<? extends GrantedAuthority> authorities) { 069 super(authorities); 070 try { 071 // save the subject of the JWT in case the credentials get erased later 072 this.subject = jwt.getJWTClaimsSet().getSubject(); 073 } catch (ParseException e) { 074 // TODO Auto-generated catch block 075 e.printStackTrace(); 076 } 077 this.jwt = jwt; 078 setAuthenticated(true); 079 } 080 081 /* (non-Javadoc) 082 * @see org.springframework.security.core.Authentication#getCredentials() 083 */ 084 @Override 085 public Object getCredentials() { 086 return jwt; 087 } 088 089 /* (non-Javadoc) 090 * @see org.springframework.security.core.Authentication#getPrincipal() 091 */ 092 @Override 093 public Object getPrincipal() { 094 return subject; 095 } 096 097 /** 098 * @return the jwt 099 */ 100 public JWT getJwt() { 101 return jwt; 102 } 103 104 /** 105 * @param jwt the jwt to set 106 */ 107 public void setJwt(JWT jwt) { 108 this.jwt = jwt; 109 } 110 111 /** 112 * Clear out the JWT that this token holds. 113 */ 114 @Override 115 public void eraseCredentials() { 116 super.eraseCredentials(); 117 setJwt(null); 118 } 119 120 121 122}