Skip to content

nille85/jwt-aspect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

The JWTAspect enables you to put authorization checks on methods by using annotations. The authorization checks are based on JWT claims.

##@Authorize

The Aspect looks for methods annotated with the @Authorize annotation. The following are some examples how it can be used:

@Authorize("hasClaim('iss','Nille')")
public void checkIssuer(){
}
@Authorize("hasClaim('iss','#issuer')")
public void checkIssuerWithPlaceholder(@ClaimValue(value = "issuer") String issuer){
}
@Authorize("hasClaim('scope','.*write.*')")
public void checkScopeWithRegex(){
}
@Authorize("hasClaim('scope','.*#scope.*')")
public void checkScopeWithRegexAndPlaceholder(@ClaimValue(value = "scope") String scope){
}

##Configuration with Spring

@Configuration
@EnableAspectJAutoProxy
@PropertySource("file:${config.home}/application.properties")
public class JWTConfig {

    @Autowired
    private Environment environment;

    /**
    *Needed if the application also needs to sign JWTs
    */
    @Bean
    public JWTSigner signer() {
        JWTSigner signer = new JWTSecretKeySigner(environment.getProperty("jwt.secret"));
        return signer;
    }

    @Bean
    public JWTVerifier verifier() {
        JWTVerifier verifier = new JWTSecretKeyVerifier(environment.getProperty("jwt.secret"));
        return verifier;
    }

    @Bean
    public PayloadService payloadService() {
        return new PayloadRequestService(verifier());
    }

    @Bean
    public JWTAspect jwtAspect() {
        JWTAspect aspect = new JWTAspect(payloadService());
        return aspect;
    }

}

##PayloadService

The JWTAspect has one dependency namely a PayloadService. The PayloadService interface is something that needs to be implemented by the consumer. This interface contains one method:

public interface PayloadService {

    public Payload verify();

}

An example of an implementation that extracts a JWT from a request header:

public class PayloadRequestService implements PayloadService {
    
    private final JWTVerifier verifier;
    
    public PayloadRequestService(final JWTVerifier verifier){
        this.verifier = verifier;
    }

    @Override
    public Payload verify() {
        ServletRequestAttributes t = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        HttpServletRequest request = t.getRequest();
     
        final String jwtValue = request.getHeader("X-AUTH");
        JWT jwt = new JWT(jwtValue);
        Payload payload =verifier.verify(jwt);
       
        return payload;
    }

}

About

An Aspect that will enable you to do annotation based authorization on service endpoints using JWTs

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages