You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Lincy <li...@yahoo.com> on 2015/03/21 13:57:15 UTC
jwt token validation CXF
How do I validate JWT token in apache cxf REST endpoint?
Re: jwt token validation CXF
Posted by Sergey Beryozkin <sb...@gmail.com>.
There's also
https://github.com/apache/cxf/blob/master/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java
(if it is JWS and a user reading it directly)
and
https://github.com/apache/cxf/blob/master/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
(if it is directly encrypted)
On the OAuth2 path we have:
https://github.com/apache/cxf/tree/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt
(some initial code for validating JWT assertion grants)
and
https://github.com/apache/cxf/tree/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt
for supporting the case where an access token is JWE-encrypted JWT token
Lots of info that needs to be documented...
Sergey
On 24/03/15 10:39, Sergey Beryozkin wrote:
> Hi Andrei
>
> Thanks for replying to it, I missed it :-).
>
> That filter may or may not be suitable, depends on particular case, the
> filter supports a case where it is a regular HTTP communication and a
> user authenticates using a custom JWT scheme, with the scheme data being
> a JWT token.
>
> Additionally if the actual request payload is JWS/JWE then this token is
> linked to it by having one of this token's headers set on the message,
> and JWS/JWE payload validation will only succeed if it its headers
> contain the JWT one, implicit linking.
>
>
>
> Thanks, Sergey
>
> On 24/03/15 10:29, Andrei Shakirin wrote:
>> Hi,
>>
>> Please take a look into
>> https://github.com/apache/cxf/blob/master/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
>>
>>
>> Regards,
>> Andrei.
>>
>>> -----Original Message-----
>>> From: Lincy [mailto:lincy_mjc@yahoo.com]
>>> Sent: Samstag, 21. März 2015 13:57
>>> To: users@cxf.apache.org
>>> Subject: jwt token validation CXF
>>>
>>> How do I validate JWT token in apache cxf REST endpoint?
>>
>
Re: jwt token validation CXF
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Andrei
Thanks for replying to it, I missed it :-).
That filter may or may not be suitable, depends on particular case, the
filter supports a case where it is a regular HTTP communication and a
user authenticates using a custom JWT scheme, with the scheme data being
a JWT token.
Additionally if the actual request payload is JWS/JWE then this token is
linked to it by having one of this token's headers set on the message,
and JWS/JWE payload validation will only succeed if it its headers
contain the JWT one, implicit linking.
Thanks, Sergey
On 24/03/15 10:29, Andrei Shakirin wrote:
> Hi,
>
> Please take a look into https://github.com/apache/cxf/blob/master/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
>
> Regards,
> Andrei.
>
>> -----Original Message-----
>> From: Lincy [mailto:lincy_mjc@yahoo.com]
>> Sent: Samstag, 21. März 2015 13:57
>> To: users@cxf.apache.org
>> Subject: jwt token validation CXF
>>
>> How do I validate JWT token in apache cxf REST endpoint?
>
RE: jwt token validation CXF
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Please take a look into https://github.com/apache/cxf/blob/master/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
Regards,
Andrei.
> -----Original Message-----
> From: Lincy [mailto:lincy_mjc@yahoo.com]
> Sent: Samstag, 21. März 2015 13:57
> To: users@cxf.apache.org
> Subject: jwt token validation CXF
>
> How do I validate JWT token in apache cxf REST endpoint?