View Javadoc

1   package com.atlassian.asap.core.server.springsecurity;
2   
3   import org.springframework.security.core.Authentication;
4   import org.springframework.security.core.GrantedAuthority;
5   
6   import java.util.Collection;
7   import java.util.Collections;
8   import java.util.Objects;
9   
10  /**
11   * An unparsed and unvalidated JWT token extracted from the Authorization header by {@link BearerTokenAuthenticationProcessingFilter}, and
12   * accepted by {@link AsapAuthenticationProvider} for validation.
13   */
14  class UnverifiedBearerToken implements Authentication {
15      private static final long serialVersionUID = -2130699769215717838L;
16  
17      private static final String TOKEN_NAME = "Unverified JWT token";
18  
19      private final String bearerToken;
20  
21      UnverifiedBearerToken(String bearerToken) {
22          this.bearerToken = Objects.requireNonNull(bearerToken);
23      }
24  
25      @Override
26      public Collection<? extends GrantedAuthority> getAuthorities() {
27          return Collections.emptySet();
28      }
29  
30      @Override
31      public Object getCredentials() {
32          return bearerToken; // the valid signature is the credential
33      }
34  
35      @Override
36      public Object getDetails() {
37          return null;
38      }
39  
40      @Override
41      public Object getPrincipal() {
42          return bearerToken;
43      }
44  
45      @Override
46      public boolean isAuthenticated() {
47          return false;
48      }
49  
50      @Override
51      public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
52          if (isAuthenticated) {
53              throw new IllegalArgumentException("This token is immutable");
54          }
55      }
56  
57      @Override
58      public String getName() {
59          return TOKEN_NAME;
60      }
61  }