Package org.dspace.app.rest.security.jwt

Class ShortLivedJWTTokenHandler

  • @Component
public class ShortLivedJWTTokenHandler
extends JWTTokenHandler
    Class responsible for creating and parsing JSON Web Tokens (JWTs) used for bitstream downloads among other things, supports both JWS and JWE https://jwt.io/ .

    • Constructor Detail

      • ShortLivedJWTTokenHandler

        public ShortLivedJWTTokenHandler()

    • Method Detail

      • isValidToken

        protected boolean isValidToken​(javax.servlet.http.HttpServletRequest request,
                               com.nimbusds.jwt.SignedJWT signedJWT,
                               com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet,
                               EPerson ePerson)
                        throws com.nimbusds.jose.JOSEException
        Determine if current JWT is valid for the given EPerson object. To be valid, current JWT *must* have been signed by the EPerson and not be expired. If EPerson is null or does not have a known active session, false is returned immediately.
        Overrides:
        isValidToken in class JWTTokenHandler
        Parameters:
        request - current request
        signedJWT - current signed JWT
        jwtClaimsSet - claims set of current JWT
        ePerson - EPerson parsed from current signed JWT
        Returns:
        true if valid, false otherwise
        Throws:
        com.nimbusds.jose.JOSEException

      • updateSessionSalt

        protected EPerson updateSessionSalt​(Context context,
                                    Date previousLoginDate)
        The session salt doesn't need to be updated for short lived tokens.
        Overrides:
        updateSessionSalt in class JWTTokenHandler
        Parameters:
        context - current DSpace Context
        previousLoginDate - date of last login (prior to this one)
        Returns:
        EPerson object of current user, with an updated session salt