Hi,
Please use this file for your reference and ignore the previous. Sorry for
the inconvenience.
On Thu, Apr 10, 2014 at 1:12 PM, Shani Ranasinghe <[email protected]> wrote:
> Hi,
>
> Please find an axis2 handler I have written for DSS, which is capable of
> extracting the JWT token and performing operations based on it. DSS
> currently does not have an inbuilt support to handle JWT tokens. For now, I
> have only done this for user name extraction. I have a method which
> extracts the user name from the JWT token and adds it to the message
> context.
>
> The reason for this is to enable security , with user name token, and in a
> case that we send a JWT token and expect underlying services from APIM
> onwards to be trusted, we need to make use of this JWT token and carry on
> the rest of the operations.
>
> The reason for the inception of this process is that, I needed a way to
> extract the JWT user name and use it for DSS security and thereby use the
> content filtering capability of DSS.
>
> I have attached the axis2 handler, and as per Anjana's suggestion, could
> we add this to the platform and have this commented by default in axi2.xml ?
>
> Please let me know if there are any improvement points that I could use
> for this piece of code.
>
> --
> Thanks and Regards
> *, Shani Ranasinghe*
> Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 77 2273555
> linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
>
--
Thanks and Regards
*,Shani Ranasinghe*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94 77 2273555
linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
package org.wso2;
import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.dispatchers.AddressingBasedDispatcher;
/**
* This handler is capable of taking in the JWT token from the header and extracting out the dialect
* and it's claims.
*
*/
public class JWTHandler extends AddressingBasedDispatcher {
@Override
public AxisOperation findOperation(AxisService service,
MessageContext messageContext) throws AxisFault {
// TODO Auto-generated method stub
return super.findOperation(service, messageContext);
}
@Override
public AxisService findService(MessageContext messageContext)
throws AxisFault {
// TODO Auto-generated method stub
return super.findService(messageContext);
}
@Override
public void initDispatcher() {
// TODO Auto-generated method stub
super.initDispatcher();
}
private static final String HTTP_SERVLET_REQUEST = "transport.http.servletRequest";
private static final String JWT_TOKEN_HEADER_NAME = "X-JWT-Assertion";
private static final String UTF_8_ENCODING = "UTF-8";
private static final String ENDUSER_CLAIM = "http://wso2.org/claims/enduser";;
//This is the string constant that separates the claim from the value.
private static final String CLAIM_VALUE_SEPARATOR = "\":\"";
private static final String ESCAPED_DOUBLE_QUOTATION = "\"";
private static final String USERNAME = "username";
public InvocationResponse invoke(MessageContext arg0) throws AxisFault {
try {
extractUsernameFromJWT(arg0);
} catch (UnsupportedEncodingException e) {
throw new AxisFault("Encoding exception occured while encoding the decoded JWT " +
"using " + UTF_8_ENCODING, e);
}
return InvocationResponse.CONTINUE;
}
/**
* This method gets the JWT token from the transport header, and extracts the user name from the JWT and
* sets it to the message context.
* Example Usage - is to enable user name token security in DSS and use the JWT token sent from APIM to
* get the roles of the user in order to utilize the content filtering feature of DSS.
* @param msgContext
*/
private void extractUsernameFromJWT(MessageContext msgContext) throws UnsupportedEncodingException{
HttpServletRequest obj = (HttpServletRequest)msgContext .
getProperty(HTTP_SERVLET_REQUEST);
if (obj != null) {
//Get the JWT token from the header.
String jwt = obj.getHeader(JWT_TOKEN_HEADER_NAME);
if(jwt != null){
String jwtToken = null;
try {
//Decode the JWT token.
jwtToken = new String(org.apache.axiom.om.util.Base64.decode(jwt), UTF_8_ENCODING);
if(jwtToken != null)
{
//Extract the end user claim.
String[] tempStr4 = jwtToken.split(ENDUSER_CLAIM + CLAIM_VALUE_SEPARATOR);
String[] decoded = tempStr4[1].split(ESCAPED_DOUBLE_QUOTATION);
//Set username to message context.
msgContext.setProperty(USERNAME, decoded[0]);
System.out.println("Successfully set");
}
} catch (UnsupportedEncodingException e) {
throw e;
}
}
}
}
}
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
