public JwtRequest()

in src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.java [45:113]

• 62 lines of code
• 13 McCabe index (conditional complexity)

    public JwtRequest(final JwtParser service, final String header, final String cookie,
                      final String prefix, final HttpServletRequest request) {
        super(request);
        this.headerName = header;

        this.tokenExtractor = () -> {
            if (token != null) {
                return token;
            }

            synchronized (this) {
                if (token != null) {
                    return token;
                }

                final Object existing = getAttribute(JsonWebToken.class.getName());
                if (existing != null) {
                    token = JsonWebToken.class.isInstance(existing) ?
                            JsonWebToken.class.cast(existing) :
                            service.parse(String.valueOf(existing));
                    return token;
                }

                boolean fromHeader = true;
                String auth = String.class.cast(
                    getAttribute("org.apache.geronimo.microprofile.impl.jwtauth.jaxrs.JAXRSRequestForwarder.header"));
                if (auth == null) {
                    auth = getHeader(header);
                }
                if (auth == null) {
                    final Cookie[] cookies = getCookies();
                    if (cookies != null) {
                        fromHeader = false;
                        auth = Stream.of(cookies)
                            .filter(it -> cookie.equalsIgnoreCase(it.getName()))
                            .findFirst()
                            .map(Cookie::getValue)
                            .orElse(null);
                    }
                }
                if (auth == null || auth.isEmpty()) {
                    throw new JwtException("No " + header + " header", HttpServletResponse.SC_UNAUTHORIZED);
                }
                if (fromHeader) {
                    if (!auth.toLowerCase(Locale.ROOT).startsWith(prefix)) {
                        throw new JwtException("No prefix " + prefix + " in header " + header, HttpServletResponse.SC_UNAUTHORIZED);
                    }
                    token = service.parse(auth.substring(prefix.length()));
                } else {
                    token = service.parse(auth.startsWith(prefix) ? auth.substring(prefix.length()) : auth);
                }
                setAttribute(JsonWebToken.class.getName(), token);
                return token;
            }
        };

        // integration hook if needed
        setAttribute(JwtRequest.class.getName(), this);
        setAttribute(JsonWebToken.class.getName() + ".supplier", tokenExtractor);
        setAttribute(Principal.class.getName() + ".supplier", tokenExtractor);
        // not portable but used by some servers like tomee
        setAttribute("javax.security.auth.subject.callable", (Callable<Subject>) () -> {
            final Set<Principal> principals = new LinkedHashSet<>();
            final JsonWebToken namePrincipal = tokenExtractor.get();
            principals.add(namePrincipal);
            principals.addAll(namePrincipal.getGroups().stream().map(role -> (Principal) () -> role).collect(toList()));
            return new Subject(true, principals, emptySet(), emptySet());
        });
    }