Sunday, December 21, 2014

How to implement custom JWT generator and custom claim retriever and link them in WSO2 API Manager 1.8.0

Here in this post we will discuss how to use custom code for JWT generation and Claims retrieve logic. I have explained custom JWT generation with API Manager 1.8.0 in this post(http://sanjeewamalalgoda.blogspot.com/2014/12/how-to-generate-custom-jwt-in-wso2-api.html). Moving forward we will see how we can call custom claim retrieve method from JWT generator implementation. Once everything configured properly you will see JWT similar to below.

{"iss":"wso2.org/products/am","exp":"1418619165375","http://wso2.org/claims/subscriber":"admin","http://wso2.org/claims/applicationid":"2","http://wso2.org/claims/applicationname":"DefaultApplication","http://wso2.org/claims/applicationtier":"Unlimited","http://wso2.org/claims/apicontext":"/testam/sanjeewa","http://wso2.org/claims/version":"1.0.0","http://wso2.org/claims/tier":"Bronze","http://wso2.org/claims/keytype":"PRODUCTION","http://wso2.org/claims/usertype":"APPLICATION_USER","http://wso2.org/claims/enduser":"admin","http://wso2.org/claims/enduserTenantId":"-1234","current_timestamp":"1418618265391","messge":"This is custom JWT"}

As you can see current_timestamp and message properties will be there in JWT with customized JWT generator code.

public Map populateCustomClaims(APIKeyValidationInfoDTO keyValidationInfoDTO, String apiContext, String version, String accessToken)
            throws APIManagementException {
        Long time = System.currentTimeMillis();
        String text = "This is custom JWT";
        Map map = new HashMap();
        map.put("current_timestamp", time.toString());
        map.put("messge" , text);
//If need you can generate access token based claims and embedded them to map.
return map;
}

Also if need to generate custom claims based on access token you can extend org.wso2.carbon.apimgt.impl.token.ClaimsRetriever class and implement method for that as follows.

 public SortedMap getClaims(String endUserName, String accessToken) throws APIManagementException {
 //you implementation should go here
 }

Then call it inside populateCustomClaims as follows.

   public Map populateCustomClaims(APIKeyValidationInfoDTO keyValidationInfoDTO, String apiContext, String version, String accessToken)
            throws APIManagementException {
        CustomClaimsRetriever claimsRetriever = (CustomClaimsRetriever)getClaimsRetriever();
        if (claimsRetriever != null) {
            String tenantAwareUserName = keyValidationInfoDTO.getEndUserName();

            if (MultitenantConstants.SUPER_TENANT_ID == APIUtil.getTenantId(tenantAwareUserName)) {
                tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(tenantAwareUserName);
            }

            try {
                //Call getClaims method implemented in custom claim retriever class
                return claimsRetriever.getClaims(tenantAwareUserName,accessToken);

            } catch (Exception e) {
            }
        }
        return null;
    }
You can download complete sample from this URL(Sample Code).

No comments:

Post a Comment