Package org.apache.ofbiz.webapp.control

Class JWTManager

java.lang.Object
org.apache.ofbiz.webapp.control.JWTManager
public class JWTManager extends Object
This class manages the single sign-on authentication through JWT tokens between OFBiz applications.

  • Constructor Details

    • JWTManager

      public JWTManager()

  • Method Details

    • checkJWTLogin

      public static String checkJWTLogin(HttpServletRequest request, HttpServletResponse response)
      OFBiz controller preprocessor event. The method is designed to be used in a chain of controller preprocessor event: it always returns "success" even when the Authorization token is missing or the Authorization fails. This in order to move the processing to the next event in the chain. This works in a similar same way than externalLoginKey but between 2 servers on 2 different domains, not 2 webapps on the same server. The OFBiz internal Single Sign On (SSO) is ensured by a JWT token, then all is handled as normal by a session on the reached server. The servers may or may not share a database but the 2 loginUserIds must be the same. In case of a multitenancy usage, the tenant is verified.
      Parameters:
      request - The HTTPRequest object for the current request
      response - The HTTPResponse object for the current request
      Returns:
      String always "success"

    • getJWTKey

      public static String getJWTKey(Delegator delegator)
      Get the JWT secret key from database or security.properties.
      Parameters:
      delegator - the delegator
      Returns:
      the JWT secret key

    • getJWTKey

      public static String getJWTKey(Delegator delegator, String salt)
      Get the JWT secret key from database or security.properties.
      Parameters:
      delegator - the delegator
      Returns:
      the JWT secret key

    • getAuthenticationToken

      public static String getAuthenticationToken(HttpServletRequest request, HttpServletResponse response)
      Get the authentication token based for user This takes OOTB username/password and if user is authenticated it will generate the JWT token using a secret key.
      Parameters:
      request - the http request in which the authentication token is searched and stored
      Returns:
      the authentication token

    • getHeaderAuthBearerToken

      public static String getHeaderAuthBearerToken(HttpServletRequest request)
      Gets the authentication token from the "Authorization" header if it is in the form Bearer <token>. Public for API access from third party code.
      Parameters:
      request - the request to get the token from
      Returns:
      the bare JWT token

    • validateToken

      public static Map<String,Object> validateToken(String jwtToken, String key)
      Validates the provided token using the secret key. If the token is valid it will get the conteined claims and return them. If token validation failed it will return an error. Public for API access from third party code.
      Parameters:
      jwtToken - the JWT token
      key - the server side key to verify the signature
      Returns:
      Map of the claims contained in the token or an error

    • validateToken

      public static Map<String,Object> validateToken(Delegator delegator, String jwtToken, String keySalt)
      Validates the provided token using a salt to recreate the key from the secret If the token is valid it will get the contained claims and return them. If token validation failed it will return an error.
      Parameters:
      delegator -
      jwtToken -
      keySalt -
      Returns:
      Map of the claims contained in the token or an error

    • createJwt

      public static String createJwt(Delegator delegator, Map<String,String> claims)
      Create and return a JWT token using the claims of the provided map and the configured expiration time.
      Parameters:
      delegator - the delegator
      claims - the map containing the JWT claims
      Returns:
      a JWT token

    • createJwt

      public static String createJwt(Delegator delegator, Map<String,String> claims, int expireTime)
      Create and return a JWT token using the claims of the provided map and the provided expiration time.
      Parameters:
      delegator -
      claims - the map containing the JWT claims
      expireTime - the expiration time in seconds
      Returns:
      a JWT token

    • createJwt

      public static String createJwt(Delegator delegator, Map<String,String> claims, String keySalt, int expireTime)
      Create and return a JWT token using the claims of the provided map and the provided expiration time.
      Parameters:
      delegator -
      claims - the map containing the JWT claims
      keySalt - salt to use as prefix on the encrypt key
      expireTime - the expiration time in seconds
      Returns:
      a JWT token