Skip to content
Snippets Groups Projects
Commit 1cfd8cdc authored by Felix Sidokhine's avatar Felix Sidokhine
Browse files

Added the Device scope, now working on filters 

Change-Id: I934bbcc25b267cdfd3ceae467b6863703fd62c9a
parent c754f822
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
authentication-module/src/main/java/net/jami/jams/authmodule/TokenController.java
+ 7
5
View file @ 1cfd8cdc
......@@ -28,6 +28,7 @@ import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import net.jami.jams.common.authmodule.AuthScope;
import net.jami.jams.common.authmodule.AuthTokenResponse;
import net.jami.jams.common.objects.user.User;
......@@ -43,20 +44,21 @@ public class TokenController{
TokenController.signingKey = signingKey;
}
public AuthTokenResponse getToken(User user) {
public AuthTokenResponse getToken(User user, AuthScope authScope) {
AuthTokenResponse authTokenResponse = new AuthTokenResponse();
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
JWTClaimsSet jwtClaims = new JWTClaimsSet.Builder()
JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder()
.issuer("JAMS")
.subject(user.getUsername())
.audience("JAMS")
.claim("scope",user.getAccessLevel())
.claim("oneTimePassword",user.getNeedsPasswordReset())
.expirationTime(new Date(System.currentTimeMillis() + 30*60*1000))
.notBeforeTime(new Date(System.currentTimeMillis()))
.issueTime(new Date(System.currentTimeMillis()))
.jwtID(UUID.randomUUID().toString())
.build();
.jwtID(UUID.randomUUID().toString());
if(authScope == null) builder.claim("scope",user.getAccessLevel());
else builder.claim("scope",authScope);
JWTClaimsSet jwtClaims = builder.build();
SignedJWT signedJWT = new SignedJWT(jwsHeader, jwtClaims);
try {
signedJWT.sign(new RSASSASigner(signingKey));
......
authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
+ 4
3
View file @ 1cfd8cdc
......@@ -27,6 +27,7 @@ import net.jami.datastore.main.DataStore;
import net.jami.jams.common.authentication.AuthenticationSource;
import net.jami.jams.common.authentication.AuthenticationSourceType;
import net.jami.jams.common.authmodule.AuthModuleKey;
import net.jami.jams.common.authmodule.AuthScope;
import net.jami.jams.common.authmodule.AuthTokenResponse;
import net.jami.jams.common.authmodule.AuthenticationModule;
import net.jami.jams.common.cryptoengineapi.CertificateAuthority;
......@@ -140,7 +141,7 @@ public class UserAuthenticationModule implements AuthenticationModule {
User user = datastore.getUserDao().getObjects(statementList).get(0);
if(authenticationSources.get(new AuthModuleKey(user.getRealm(),user.getUserType()))
.authenticate(username,password))
return tokenController.getToken(user);
return tokenController.getToken(user,null);
}
//The second case is much more violent, because we don't know in advance "where" this user comes
//from, so we have to infer (this is only really true for "users", all others are usually pre-marked)
......@@ -154,7 +155,7 @@ public class UserAuthenticationModule implements AuthenticationModule {
user.setUserType(key.getType());
//This is legal with a null ONLY because in this case there is no relation with a external server.
RegisterUserFlow.createUser(user,null);
return tokenController.getToken(user);
return tokenController.getToken(user,null);
}
}
return res;
......@@ -179,7 +180,7 @@ public class UserAuthenticationModule implements AuthenticationModule {
StatementElement statementElement = new StatementElement("username","=",username,"");
statementList.addStatement(statementElement);
User user = datastore.getUserDao().getObjects(statementList).get(0);
return tokenController.getToken(user);
return tokenController.getToken(user, AuthScope.DEVICE);
}
catch (Exception e){
return null;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment