Hi, Please use this file for your reference and ignore the previous. Sorry for the inconvenience.
On Thu, Apr 10, 2014 at 1:12 PM, Shani Ranasinghe <sh...@wso2.com> wrote: > Hi, > > Please find an axis2 handler I have written for DSS, which is capable of > extracting the JWT token and performing operations based on it. DSS > currently does not have an inbuilt support to handle JWT tokens. For now, I > have only done this for user name extraction. I have a method which > extracts the user name from the JWT token and adds it to the message > context. > > The reason for this is to enable security , with user name token, and in a > case that we send a JWT token and expect underlying services from APIM > onwards to be trusted, we need to make use of this JWT token and carry on > the rest of the operations. > > The reason for the inception of this process is that, I needed a way to > extract the JWT user name and use it for DSS security and thereby use the > content filtering capability of DSS. > > I have attached the axis2 handler, and as per Anjana's suggestion, could > we add this to the platform and have this commented by default in axi2.xml ? > > Please let me know if there are any improvement points that I could use > for this piece of code. > > -- > Thanks and Regards > *, Shani Ranasinghe* > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: +94 77 2273555 > linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab > -- Thanks and Regards *,Shani Ranasinghe* Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 77 2273555 linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
package org.wso2; import java.io.UnsupportedEncodingException; import javax.servlet.http.HttpServletRequest; import org.apache.axis2.AxisFault; import org.apache.axis2.context.MessageContext; import org.apache.axis2.description.AxisOperation; import org.apache.axis2.description.AxisService; import org.apache.axis2.dispatchers.AddressingBasedDispatcher; /** * This handler is capable of taking in the JWT token from the header and extracting out the dialect * and it's claims. * */ public class JWTHandler extends AddressingBasedDispatcher { @Override public AxisOperation findOperation(AxisService service, MessageContext messageContext) throws AxisFault { // TODO Auto-generated method stub return super.findOperation(service, messageContext); } @Override public AxisService findService(MessageContext messageContext) throws AxisFault { // TODO Auto-generated method stub return super.findService(messageContext); } @Override public void initDispatcher() { // TODO Auto-generated method stub super.initDispatcher(); } private static final String HTTP_SERVLET_REQUEST = "transport.http.servletRequest"; private static final String JWT_TOKEN_HEADER_NAME = "X-JWT-Assertion"; private static final String UTF_8_ENCODING = "UTF-8"; private static final String ENDUSER_CLAIM = "http://wso2.org/claims/enduser"; //This is the string constant that separates the claim from the value. private static final String CLAIM_VALUE_SEPARATOR = "\":\""; private static final String ESCAPED_DOUBLE_QUOTATION = "\""; private static final String USERNAME = "username"; public InvocationResponse invoke(MessageContext arg0) throws AxisFault { try { extractUsernameFromJWT(arg0); } catch (UnsupportedEncodingException e) { throw new AxisFault("Encoding exception occured while encoding the decoded JWT " + "using " + UTF_8_ENCODING, e); } return InvocationResponse.CONTINUE; } /** * This method gets the JWT token from the transport header, and extracts the user name from the JWT and * sets it to the message context. * Example Usage - is to enable user name token security in DSS and use the JWT token sent from APIM to * get the roles of the user in order to utilize the content filtering feature of DSS. * @param msgContext */ private void extractUsernameFromJWT(MessageContext msgContext) throws UnsupportedEncodingException{ HttpServletRequest obj = (HttpServletRequest)msgContext . getProperty(HTTP_SERVLET_REQUEST); if (obj != null) { //Get the JWT token from the header. String jwt = obj.getHeader(JWT_TOKEN_HEADER_NAME); if(jwt != null){ String jwtToken = null; try { //Decode the JWT token. jwtToken = new String(org.apache.axiom.om.util.Base64.decode(jwt), UTF_8_ENCODING); if(jwtToken != null) { //Extract the end user claim. String[] tempStr4 = jwtToken.split(ENDUSER_CLAIM + CLAIM_VALUE_SEPARATOR); String[] decoded = tempStr4[1].split(ESCAPED_DOUBLE_QUOTATION); //Set username to message context. msgContext.setProperty(USERNAME, decoded[0]); System.out.println("Successfully set"); } } catch (UnsupportedEncodingException e) { throw e; } } } } }
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev