in library/src/main/java/org/apache/fineract/cn/anubis/security/TenantAuthenticator.java [71:105]
AnubisAuthentication authenticate(
final @Nonnull String user,
final @Nonnull String token,
final @Nonnull String keyTimestamp) {
try {
final JwtParser parser = Jwts.parser()
.requireSubject(user)
.requireIssuer(TokenType.TENANT.getIssuer())
.setSigningKey(tenantRsaKeyProvider.getPublicKey(keyTimestamp));
@SuppressWarnings("unchecked") Jwt<Header, Claims> jwt = parser.parse(token);
final String serializedTokenContent = jwt.getBody().get(TokenConstants.JWT_CONTENT_CLAIM, String.class);
final String sourceApplication = jwt.getBody().get(TokenConstants.JWT_SOURCE_APPLICATION_CLAIM, String.class);
final TokenContent tokenContent = gson.fromJson(serializedTokenContent, TokenContent.class);
if (tokenContent == null)
throw AmitAuthenticationException.missingTokenContent();
final Set<ApplicationPermission> permissions = translatePermissions(tokenContent.getTokenPermissions());
permissions.addAll(guestPermissions);
logger.info("Tenant token for user {}, with key timestamp {} authenticated successfully.", user, keyTimestamp);
return new AnubisAuthentication(TokenConstants.PREFIX + token,
jwt.getBody().getSubject(), applicationNameWithVersion, sourceApplication, permissions
);
}
catch (final JwtException e) {
logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyTimestampException e) {
logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidTokenKeyTimestamp("tenant", keyTimestamp);
}
}