Repository: usergrid Updated Branches: refs/heads/master 69625af05 -> 81de96457
Better handle expired JWTs for Apigee SSO token validation. Fix typos. Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/81de9645 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/81de9645 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/81de9645 Branch: refs/heads/master Commit: 81de9645749bd42d8d9f1a3a8bc1f81133619df7 Parents: 69625af Author: Michael Russo <[email protected]> Authored: Tue Aug 2 14:58:18 2016 -0700 Committer: Michael Russo <[email protected]> Committed: Tue Aug 2 14:58:18 2016 -0700 ---------------------------------------------------------------------- .../org/apache/usergrid/security/sso/ApigeeSSO2Provider.java | 8 ++++++-- .../usergrid/security/tokens/cassandra/TokenServiceImpl.java | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/81de9645/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java index 0165e1d..8ee8e03 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java @@ -146,7 +146,7 @@ public class ApigeeSSO2Provider implements ExternalSSOProvider { return properties.getProperty(USERGRID_EXTERNAL_PUBLICKEY_URL); } - public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, BadTokenException { + public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, BadTokenException, ExpiredTokenException { Jws<Claims> claims = null; if(ssoPublicKey == null){ @@ -171,6 +171,10 @@ public class ApigeeSSO2Provider implements ExternalSSOProvider { logger.debug("Signature section of Apigee JWT invalid for token: {}", token); } throw new BadTokenException("Malformed Apigee JWT"); + } catch ( ExpiredJwtException e ){ + final long expiry = Long.valueOf(e.getClaims().get("exp").toString()); + final long expirationDelta = ((System.currentTimeMillis()/1000) - expiry)*1000; + throw new ExpiredTokenException(String.format("Token expired %d milliseconds ago.", expirationDelta )); } @@ -193,7 +197,7 @@ public class ApigeeSSO2Provider implements ExternalSSOProvider { final long expirationDelta = ((System.currentTimeMillis()/1000) - expiry)*1000; - throw new ExpiredTokenException(String.format("Token expired %d millisecons ago.", expirationDelta )); + throw new ExpiredTokenException(String.format("Token expired %d milliseconds ago.", expirationDelta )); } } http://git-wip-us.apache.org/repos/asf/usergrid/blob/81de9645/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java index 4815f9d..6ea6de0 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java @@ -645,7 +645,7 @@ public class TokenServiceImpl implements TokenService { long expirationDelta = System.currentTimeMillis() - expires; if ( expires != Long.MAX_VALUE && expirationDelta > 0 ) { - throw new ExpiredTokenException( String.format( "Token expired %d millisecons ago.", expirationDelta ) ); + throw new ExpiredTokenException( String.format( "Token expired %d milliseconds ago.", expirationDelta ) ); } return uuid; }
