Package com.networknt.aws.lambda.handler.middleware.security

Class JwtVerifyMiddleware

java.lang.Object
com.networknt.aws.lambda.handler.middleware.security.JwtVerifyMiddleware
All Implemented Interfaces:
LambdaHandler, MiddlewareHandler
public class JwtVerifyMiddleware extends Object implements MiddlewareHandler

  • Field Details

    • jwtVerifier

      public static com.networknt.security.JwtVerifier jwtVerifier

  • Constructor Details

    • JwtVerifyMiddleware

      public JwtVerifyMiddleware()

  • Method Details

    • execute

      public com.networknt.status.Status execute(LightLambdaExchange exchange)
      Specified by:
      execute in interface LambdaHandler

    • handleJwt

      public com.networknt.status.Status handleJwt(LightLambdaExchange exchange, String pathPrefix, String reqPath, List<String> jwkServiceIds)

    • getScopeToken

      protected String getScopeToken(String authorization, Map<String,String> headerMap)
      Get authToken from X-Scope-Token header. This covers situations where there is a secondary auth token.
      Parameters:
      authorization - - The auth token from authorization header
      headerMap - - complete header map
      Returns:
      - return either x-scope-token or the initial auth token

    • hasValidSecondaryScopes

      protected com.networknt.status.Status hasValidSecondaryScopes(String scopeJwt, List<String> secondaryScopes, boolean ignoreExpiry, String pathPrefix, String reqPath, List<String> jwkServiceIds, Map<String,Object> auditInfo)
      Check is the request has secondary scopes and they are valid.
      Parameters:
      scopeJwt - - the scope found in jwt
      secondaryScopes - - Initially an empty list that is then filled with the secondary scopes if there are any.
      ignoreExpiry - - if we ignore expiry or not (mostly for testing)
      pathPrefix - - request path prefix
      reqPath - - the request path as string
      jwkServiceIds - - a list of serviceIds for jwk loading
      auditInfo - - a map of audit info properties
      Returns:
      - return null if there is no error. Otherwise, return the error status.

    • hasValidScope

      protected com.networknt.status.Status hasValidScope(String scopeHeader, List<String> secondaryScopes, org.jose4j.jwt.JwtClaims claims, com.networknt.oas.model.Operation operation)
      Makes sure the provided scope in the JWT is valid for the main scope or secondary scopes.
      Parameters:
      scopeHeader - - the scope header
      secondaryScopes - - list of secondary scopes (can be empty)
      claims - - claims found in jwt
      operation - - the openapi operation
      Returns:
      - return a Status object if there are any error. Otherwise, return null.

    • matchedScopes

      protected boolean matchedScopes(List<String> jwtScopes, Collection<String> specScopes)

    • getCachedConfigurations

      public void getCachedConfigurations()
      Specified by:
      getCachedConfigurations in interface MiddlewareHandler

    • isEnabled

      public boolean isEnabled()
      Description copied from interface: LambdaHandler
      Indicate if this handler is enabled or not.
      Specified by:
      isEnabled in interface LambdaHandler
      Returns:
      boolean true if enabled

    • register

      public void register()
      Description copied from interface: LambdaHandler
      Register this handler to the handler registration.
      Specified by:
      register in interface LambdaHandler

    • reload

      public void reload()
      Description copied from interface: LambdaHandler
      Reload config values in case the config values changed by config server.
      Specified by:
      reload in interface LambdaHandler

    • isContinueOnFailure

      public boolean isContinueOnFailure()
      Description copied from interface: MiddlewareHandler
      Indicate if this middleware handler will continue on failure or not.
      Specified by:
      isContinueOnFailure in interface MiddlewareHandler
      Returns:
      boolean true if continue on failure

    • isAudited

      public boolean isAudited()
      Description copied from interface: MiddlewareHandler
      Indicate if this middleware handler is audited or not.
      Specified by:
      isAudited in interface MiddlewareHandler
      Returns:
      boolean true if audited

    • isAsynchronous

      public boolean isAsynchronous()
      Description copied from interface: LambdaHandler
      Indicate if this middleware handler is asynchronous or not.
      Specified by:
      isAsynchronous in interface LambdaHandler
      Returns:
      boolean true if asynchronous