View Javadoc

1   package com.atlassian.asap.core.server.springsecurity;
2   
3   import com.atlassian.asap.api.Jwt;
4   import com.atlassian.asap.core.validator.JwtValidator;
5   import com.google.common.collect.ImmutableSet;
6   import org.springframework.security.core.GrantedAuthority;
7   
8   import java.util.Collection;
9   import java.util.Collections;
10  import java.util.Set;
11  
12  /**
13   * ASAP authentication provider that grants static authorities based on whitelists of issuers and effective subjects.
14   * Valid tokens that are not included in the whitelists will be authenticated, but are not granted any authority.
15   *
16   * @see AsapAuthenticationProvider base class documentation for more
17   */
18  public class IssuerAndSubjectWhitelistAsapAuthenticationProvider extends AsapAuthenticationProvider {
19      private final Set<String> validIssuers;
20      private final Set<String> validSubjects;
21      private final Collection<GrantedAuthority> authorities;
22  
23      /**
24       * @param jwtValidator  the validator of JWT tokens
25       * @param validIssuers  a white list of valid issuers
26       * @param validSubjects a white list of valid subjects
27       * @param authorities   the authorities granted to tokens that are included in both whitelists
28       */
29      public IssuerAndSubjectWhitelistAsapAuthenticationProvider(JwtValidator jwtValidator,
30                                                                 Iterable<String> validIssuers,
31                                                                 Iterable<String> validSubjects,
32                                                                 Iterable<GrantedAuthority> authorities) {
33          super(jwtValidator);
34          this.validIssuers = ImmutableSet.copyOf(validIssuers);
35          this.validSubjects = ImmutableSet.copyOf(validSubjects);
36          this.authorities = ImmutableSet.copyOf(authorities);
37      }
38  
39      @Override
40      protected Collection<GrantedAuthority> getGrantedAuthorities(Jwt validJwt) {
41          if (validIssuers.contains(validJwt.getClaims().getIssuer()) &&
42                  validSubjects.contains(effectiveSubject(validJwt))) {
43              return authorities;
44          } else {
45              return Collections.emptyList();
46          }
47      }
48  }