Hi,

Please find an axis2 handler I have written for DSS, which is capable of
extracting the JWT token and performing operations based on it. DSS
currently does not have an inbuilt support to handle JWT tokens. For now, I
have only done this for user name extraction. I have a method which
extracts the user name from the JWT token and adds it to the message
context.

The reason for this is to enable security , with user name token, and in a
case that we send a JWT token and expect underlying services from APIM
onwards to be trusted, we need to make use of this JWT token and carry on
the rest of the operations.

The reason for the inception of this process is that, I needed a way to
extract the JWT user name and use it for DSS security and thereby use the
content filtering capability of DSS.

I have attached the axis2 handler, and as per Anjana's suggestion, could we
add this to the platform and have this commented by default in axi2.xml ?

Please let me know if there are any improvement points that I could use for
this piece of code.

-- 
Thanks and Regards
*, Shani Ranasinghe*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94 77 2273555
linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
package org.wso2;
import java.io.UnsupportedEncodingException;

import javax.servlet.http.HttpServletRequest;

import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.dispatchers.AddressingBasedDispatcher;

/**
 * This handler is capable of taking in the JWT token from the header and extracting out the dialect 
 * and it's claims.
 *
 */
public class JWTHandler extends AddressingBasedDispatcher {
	
	@Override
	public AxisOperation findOperation(AxisService service,
			MessageContext messageContext) throws AxisFault {
		// TODO Auto-generated method stub
		return super.findOperation(service, messageContext);
	}

	@Override
	public AxisService findService(MessageContext messageContext)
			throws AxisFault {
		// TODO Auto-generated method stub
		return super.findService(messageContext);
	}

	@Override
	public void initDispatcher() {
		// TODO Auto-generated method stub
		super.initDispatcher();
	}

	private static final String HTTP_SERVLET_REQUEST = "transport.http.servletRequest";
	private static final String JWT_TOKEN_HEADER_NAME = "X-JWT-Assertion";
	private static final String UTF_8_ENCODING = "UTF-8";
	private static final String ENDUSER_CLAIM = "http://wso2.org/claims/enduser";;
	//This is the string constant that separates the claim from the value.
	private static final String CLAIM_VALUE_SEPARATOR = "\":\"";
	private static final String ESCAPED_DOUBLE_QUOTATION = "\"";
	private static final String USERNAME = "username";


	public InvocationResponse invoke(MessageContext arg0) throws AxisFault {
		try {
			extractUsernameFromJWT(arg0);
		} catch (UnsupportedEncodingException e) {
			throw new AxisFault("Encoding exception occured while encoding the decoded JWT " +
					"using " + UTF_8_ENCODING, e);
		}
        return InvocationResponse.CONTINUE;
  }

/**
 * This method gets the JWT token from the transport header, and extracts the user name from the JWT and 
 * sets it to the message context.	
 * Example Usage - is to enable user name token security in DSS and use the JWT token sent from APIM to 
 * get the roles of the user in order to utilize the content filtering feature of DSS.
 * @param msgContext
 */
private void extractUsernameFromJWT(MessageContext msgContext) throws UnsupportedEncodingException{
	
HttpServletRequest obj = (HttpServletRequest)msgContext .
                                     getProperty(HTTP_SERVLET_REQUEST);
	if (obj != null) {
		   //Get the JWT token from the header.
		    String jwt = obj.getHeader(JWT_TOKEN_HEADER_NAME);
			if(jwt != null){
				
				String jwtToken = null;
				try {
					//Decode the JWT token. 
					jwtToken =  new String(org.apache.axiom.om.util.Base64.decode(jwt), UTF_8_ENCODING);
					if(jwtToken != null)
					{
						//Extract the end user claim. 
						String[] tempStr4 = jwtToken.split(ENDUSER_CLAIM + CLAIM_VALUE_SEPARATOR); 
						String[] decoded = tempStr4[1].split(ESCAPED_DOUBLE_QUOTATION);
						//Set username to message context.
						msgContext.setProperty(USERNAME, decoded[0]);
						System.out.println("Successfully set");
					}
				
				} catch (UnsupportedEncodingException e) {
					throw e;
				}
			}
		}
	}
}
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to