Package org.dspace.app.rest.security.jwt

Class ShortLivedJWTTokenHandler

java.lang.Object
org.dspace.app.rest.security.jwt.JWTTokenHandler
org.dspace.app.rest.security.jwt.ShortLivedJWTTokenHandler
@Component public class ShortLivedJWTTokenHandler extends JWTTokenHandler
Class responsible for creating and parsing JSON Web Tokens (JWTs) used for bitstream downloads among other things, supports both JWS and JWE https://jwt.io/ .

  • Constructor Details

    • ShortLivedJWTTokenHandler

      public ShortLivedJWTTokenHandler()

  • Method Details

    • isValidToken

      protected boolean isValidToken(jakarta.servlet.http.HttpServletRequest request, com.nimbusds.jwt.SignedJWT signedJWT, com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet, EPerson ePerson) throws com.nimbusds.jose.JOSEException
      Determine if current JWT is valid for the given EPerson object. To be valid, current JWT *must* have been signed by the EPerson and not be expired. If EPerson is null or does not have a known active session, false is returned immediately.
      Overrides:
      isValidToken in class JWTTokenHandler
      Parameters:
      request - current request
      signedJWT - current signed JWT
      jwtClaimsSet - claims set of current JWT
      ePerson - EPerson parsed from current signed JWT
      Returns:
      true if valid, false otherwise
      Throws:
      com.nimbusds.jose.JOSEException

    • updateSessionSalt

      protected EPerson updateSessionSalt(Context context, Instant previousLoginDate)
      The session salt doesn't need to be updated for short lived tokens.
      Overrides:
      updateSessionSalt in class JWTTokenHandler
      Parameters:
      context - current DSpace Context
      previousLoginDate - date of last login (prior to this one)
      Returns:
      EPerson object of current user, with an updated session salt

    • getTokenSecretConfigurationKey

      protected String getTokenSecretConfigurationKey()
      Description copied from class: JWTTokenHandler
      Get the configuration property key for the token secret.
      Specified by:
      getTokenSecretConfigurationKey in class JWTTokenHandler
      Returns:
      the configuration property key

    • getEncryptionSecretConfigurationKey

      protected String getEncryptionSecretConfigurationKey()
      Description copied from class: JWTTokenHandler
      Get the configuration property key for the encryption secret.
      Specified by:
      getEncryptionSecretConfigurationKey in class JWTTokenHandler
      Returns:
      the configuration property key

    • getTokenExpirationConfigurationKey

      protected String getTokenExpirationConfigurationKey()
      Description copied from class: JWTTokenHandler
      Get the configuration property key for the expiration time.
      Specified by:
      getTokenExpirationConfigurationKey in class JWTTokenHandler
      Returns:
      the configuration property key

    • getEncryptionEnabledConfigurationKey

      protected String getEncryptionEnabledConfigurationKey()
      Description copied from class: JWTTokenHandler
      Get the configuration property key for the encryption enable setting.
      Specified by:
      getEncryptionEnabledConfigurationKey in class JWTTokenHandler
      Returns:
      the configuration property key

    • getCompressionEnabledConfigurationKey

      protected String getCompressionEnabledConfigurationKey()
      Description copied from class: JWTTokenHandler
      Get the configuration property key for the compression enable setting.
      Specified by:
      getCompressionEnabledConfigurationKey in class JWTTokenHandler
      Returns:
      the configuration property key