Can Tomcat work with JWT token

3
votes

I've a Tomcat webapp (multiple apps and single sign on enabled) that is secure for our network (using our internal LDAP server). Now, I want to expose that webapp to users in an external organization. We have an internal team that talks to external organization's LDAP server and returns a JWT token if user is verified. How do I integrate this in our Tomcat server?

1
javatomcatldap
Check this out: github.com/andreacomo/tomcat-jwt-security/blob/master/README.md - user
I've seen this but wanted to verify if it worked well. So, have you tried this? Can we add this as another realm? - Adnan Z
sorry i havent used it myself... - user

1 Answers

7
votes

Tomcat is a servlet container, so you have tried with a servlet filter? 

public class JWTFilter implements Filter {

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain){
    HttpServletRequest req = (HttpServletRequest) request;
    String stringToken = req.getHeader("Authorization");
    if (stringToken == null || stringToken.indexOf("Bearer") == -1) {
            throw new Exception("Authorization header not found");
    }
    stringToken = stringToken.substring(authorizationSchema.length()).trim();
    <YourLibraryJWT> jwtToken = <YourLibraryJWTParser>.parse(stringToken);
    if (!<YourLibraryJWTVerifier.verify(jwtToken)){
      throw new Exception("JWT corrupt");
    }
    chain.doFilter(request,response,chain);
  }
}