modules/samples/userguide/src/userguide/springbootdemo/src/main/java/userguide/springboot/security/webservices/WSSecUtils.java - axis-axis2-java-core - Git at Google


 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package userguide.springboot.security.webservices;

 import java.util.UUID;

 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.stereotype.Component;

 @Component
 public class WSSecUtils {

     private static final Logger logger = LogManager.getLogger(WSSecUtils.class);

     protected JWTUserDTO getParsedUser(String token) throws Exception {
         String logPrefix = "WSSecUtils.getParsedUser() , ";

         // JWT and JWE are specifications to generate and validate tokens
         // securely, however they require a public / private key pair using
         // elliptic curve cryptography and that is beyond the scope of this
         // userguide.
         // See below:
         // https://datatracker.ietf.org/doc/html/rfc7516
         // https://datatracker.ietf.org/doc/html/rfc7519

         // token generated via RandomStringUtils.randomAlphanumeric(20);
         // Do not use this for production code.
         if (token == null || token.length() != 20) {
             throw new Exception("Invalid Token");
         }
         try {
             // All of this info is available in the JWT spec
             // however that is beyond the scope of this userguide
             JWTUserDTO user = new JWTUserDTO();
             user.setUsername("java-dev@axis.apache.org");
             user.setRole("ROLE_USER");
             // JWT ID that could be from the "Claimset" i.e.
             // jwt.getJWTClaimsSet().getJWTID());
             user.setUuid(UUID.randomUUID().toString());

             return user;

         } catch (Exception ex) {
             logger.error(logPrefix + "failed: " + ex.getMessage(), ex);
             throw new JWTTokenMalformedException("unexpected error parsing token");
         }

     }

     public final LoginDTO findUserByEmail(String email) {

         String logPrefix = "WSSecUtils.findUserByEmail() , " ;

         if (email != null && email.equals("java-dev@axis.apache.org")) {
             LoginDTO persistedUser = new LoginDTO("java-dev@axis.apache.org", "userguide", true, true, true, true);
             return persistedUser;
         }

         logger.error(logPrefix + "Unknown email: " + email);

         return null;

     }

 }

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package userguide.springboot.security.webservices;

	import java.util.UUID;

	import org.apache.logging.log4j.LogManager;
	import org.apache.logging.log4j.Logger;
	import org.springframework.stereotype.Component;

	@Component
	public class WSSecUtils {

	private static final Logger logger = LogManager.getLogger(WSSecUtils.class);

	protected JWTUserDTO getParsedUser(String token) throws Exception {
	String logPrefix = "WSSecUtils.getParsedUser() , ";

	// JWT and JWE are specifications to generate and validate tokens
	// securely, however they require a public / private key pair using
	// elliptic curve cryptography and that is beyond the scope of this
	// userguide.
	// See below:
	// https://datatracker.ietf.org/doc/html/rfc7516
	// https://datatracker.ietf.org/doc/html/rfc7519

	// token generated via RandomStringUtils.randomAlphanumeric(20);
	// Do not use this for production code.
	if (token == null \|\| token.length() != 20) {
	throw new Exception("Invalid Token");
	}
	try {
	// All of this info is available in the JWT spec
	// however that is beyond the scope of this userguide
	JWTUserDTO user = new JWTUserDTO();
	user.setUsername("java-dev@axis.apache.org");
	user.setRole("ROLE_USER");
	// JWT ID that could be from the "Claimset" i.e.
	// jwt.getJWTClaimsSet().getJWTID());
	user.setUuid(UUID.randomUUID().toString());

	return user;

	} catch (Exception ex) {
	logger.error(logPrefix + "failed: " + ex.getMessage(), ex);
	throw new JWTTokenMalformedException("unexpected error parsing token");
	}

	}

	public final LoginDTO findUserByEmail(String email) {

	String logPrefix = "WSSecUtils.findUserByEmail() , " ;

	if (email != null && email.equals("java-dev@axis.apache.org")) {
	LoginDTO persistedUser = new LoginDTO("java-dev@axis.apache.org", "userguide", true, true, true, true);
	return persistedUser;
	}

	logger.error(logPrefix + "Unknown email: " + email);

	return null;

	}

	}