Ajustes segurança

PauloGladson
1 parent 50340724
Showing 10 changed files with 149 additions and 16 deletions Show diff stats
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/exception/mapper/GenericExceptionMapper.java
demoiselle-security-jwt/pom.xml
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/Config.java
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
demoiselle-security-jwt/src/main/resources/demoiselle.properties
demoiselle-security-jwt/src/main/resources/messages.properties
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java
@@ -7,6 +7,7 @@
 package org.demoiselle.jee.core.interfaces.security;
 import java.io.Serializable;
+import java.security.PublicKey;
 /**
  * <p>
@@ -23,4 +24,6 @@ public interface TokensManager extends Serializable {
     public boolean validate();
+    public PublicKey getPublicKey();
+
 }
@@ -31,22 +31,23 @@ public class GenericExceptionMapper implements ExceptionMapper&lt;Exception&gt; {
         StringWriter errorStackTrace = new StringWriter();
         ex.printStackTrace(new PrintWriter(errorStackTrace));
+        HashMap<String, String> entity = new HashMap<>();
         // Verifica se a exception é de validação de PAYLOAD do REST
         if (ex instanceof DemoiselleRESTException) {
             DemoiselleRESTException exDemoiselleREST = (DemoiselleRESTException) ex;
             if (!exDemoiselleREST.getMessages().isEmpty()) {
-                return status(exDemoiselleREST.getStatusCode()).entity(exDemoiselleREST.getMessages())
+                entity.put("error", exDemoiselleREST.getMessages().toString());
+                return status(exDemoiselleREST.getStatusCode()).entity(entity)
                         .type(APPLICATION_JSON).build();
-            } else if (exDemoiselleREST.getStatusCode() > 0){
-                return status(exDemoiselleREST.getStatusCode()).entity(exDemoiselleREST.getMessage())
+            } else if (exDemoiselleREST.getStatusCode() > 0) {
+                entity.put("error", exDemoiselleREST.getMessage());
+                return status(exDemoiselleREST.getStatusCode()).entity(entity)
                         .type(APPLICATION_JSON).build();
             }
         }
-        HashMap<String, String> entity = new HashMap<>();
-
         // No caso de existir message ele mostra a MESSAGE da Exception
         if (ex.getMessage() != null) {
             entity.put("error", ex.getMessage());
@@ -55,7 +56,7 @@ public class GenericExceptionMapper implements ExceptionMapper&lt;Exception&gt; {
             int level = 1;
             while (ex.getCause() != null) {
                 ex = (Exception) ex.getCause();
-                if (!ex.getMessage().isEmpty()) {
+                if (ex != null && ex.getMessage() != null && !ex.getMessage().isEmpty()) {
                     entity.put("inner_cause_" + level, ex.getMessage());
                 }
                 level += 1;
@@ -24,6 +24,11 @@
         </dependency>
         <dependency>
+            <groupId>org.demoiselle.jee</groupId>
+            <artifactId>demoiselle-configuration</artifactId>
+        </dependency>
+        
+        <dependency>
             <groupId>org.bitbucket.b_c</groupId>
             <artifactId>jose4j</artifactId>
             <version>0.5.2</version>
@@ -0,0 +1,87 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.demoiselle.jee.security.jwt.impl;
+
+import java.io.Serializable;
+import org.demoiselle.jee.configuration.annotation.Configuration;
+import org.demoiselle.jee.core.annotation.Name;
+
+/**
+ *
+ * @author 70744416353
+ */
+@Configuration(resource = "demoiselle-security-jwt")
+public class Config implements Serializable {
+
+    private static final long serialVersionUID = 638435989235076782L;
+
+    @Name("jwt.type")
+    private String type;
+
+    @Name("jwt.privateKey")
+    private String privateKey;
+
+    @Name("jwt.publicKey")
+    private String publicKey;
+
+    @Name("jwt.timetolive")
+    private Float tempo;
+
+    @Name("jwt.issuer")
+    private String remetente;
+
+    @Name("jwt.audience")
+    private String destinatario;
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public String getPrivateKey() {
+        return privateKey;
+    }
+
+    public void setPrivateKey(String privateKey) {
+        this.privateKey = privateKey;
+    }
+
+    public String getPublicKey() {
+        return publicKey;
+    }
+
+    public void setPublicKey(String publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    public Float getTempo() {
+        return tempo;
+    }
+
+    public void setTempo(Float tempo) {
+        this.tempo = tempo;
+    }
+
+    public String getRemetente() {
+        return remetente;
+    }
+
+    public void setRemetente(String remetente) {
+        this.remetente = remetente;
+    }
+
+    public String getDestinatario() {
+        return destinatario;
+    }
+
+    public void setDestinatario(String destinatario) {
+        this.destinatario = destinatario;
+    }
+
+}
@@ -5,15 +5,20 @@
  */
 package org.demoiselle.jee.security.jwt.impl;
+import java.security.PublicKey;
 import java.util.List;
 import java.util.Map;
+import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.interfaces.security.Token;
 import org.demoiselle.jee.core.interfaces.security.TokensManager;
+import org.demoiselle.jee.security.exception.DemoiselleSecurityException;
 import org.jose4j.jwk.JsonWebKey;
 import org.jose4j.jwk.RsaJsonWebKey;
 import org.jose4j.jwk.RsaJwkGenerator;
@@ -43,14 +48,37 @@ public class TokensManagerImpl implements TokensManager {
     @Inject
     private Token token;
+//    @Inject
+//    private Config config;
     @Inject
     private DemoisellePrincipal loggedUser;
-    public TokensManagerImpl() throws JoseException {
+    //@PostConstruct
+    public TokensManagerImpl() {
         if (rsaJsonWebKey == null) {
-            String chave = RsaJwkGenerator.generateJwk(2048).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
-            rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(chave);
-            rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
+//            logger.info("Demoiselle Module - Security - JWT");
+            try {
+
+//                if (config.getType() == null) {
+//                    throw new DemoiselleSecurityException("Escolha o tipo de autenticação, ver documentação", 500);
+//                }
+//
+//                if (config.getType().equalsIgnoreCase("slave") && (config.getPublicKey() == null || config.getPublicKey().isEmpty())) {
+//                    throw new DemoiselleSecurityException("Informe a chave pública no arquivo de configuração do projeto, ver documentação", 500);
+//                } else {
+//                    rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(config.getPrivateKey());
+//                }
+//
+//                if (config.getType().equalsIgnoreCase("master") && (config.getPrivateKey() == null || config.getPrivateKey().isEmpty())) {
+//                    throw new DemoiselleSecurityException("Informe a chave privada no arquivo de configuração do projeto, ver documentação", 500);
+//                } else {
+//                    rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(config.getPublicKey());
+//                }
+                rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE));
+                rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
+            } catch (JoseException ex) {
+                //  logger.severe(ex.getMessage());
+            }
         }
     }
@@ -63,7 +91,6 @@ public class TokensManagerImpl implements TokensManager {
                         .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
                         .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
                         .setExpectedAudience("demoiselle") // to whom the JWT is intended for
-                        .setDecryptionKey(rsaJsonWebKey.getPrivateKey()) // decrypt with the receiver's private key
                         .setVerificationKey(rsaJsonWebKey.getPublicKey())
                         .build(); // create the JwtConsumer instance
                 JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
@@ -111,7 +138,6 @@ public class TokensManagerImpl implements TokensManager {
             token.setKey(jws.getCompactSerialization());
             token.setType("JWT");
         } catch (JoseException ex) {
-            //ex.printStackTrace();
             logger.severe(ex.getMessage());
         }
@@ -122,4 +148,8 @@ public class TokensManagerImpl implements TokensManager {
         return getUser() != null;
     }
+    @Override
+    public PublicKey getPublicKey() {
+        return rsaJsonWebKey.getPublicKey();
+    }
 }
@@ -1 +0,0 @@
-user-not-authenticated
 \ No newline at end of file
@@ -1 +0,0 @@
-tipo-seguranca=basic
 \ No newline at end of file
@@ -5,6 +5,7 @@
  */
 package org.demoiselle.jee.security.token.impl;
+import java.security.PublicKey;
 import static java.util.UUID.randomUUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
@@ -59,4 +60,8 @@ public class TokensManagerImpl implements TokensManager {
         return getUser() != null;
     }
+    @Override
+    public PublicKey getPublicKey() {
+        return null;
+    }
 }
@@ -71,8 +71,8 @@ public class RequiredPermissionInterceptor implements Serializable {
         String resource = getResource(ic);
         String operation = getOperation(ic);
-        if (securityContext.isLoggedIn()) {
-            logger.finest(bundle.accessCheckingPermission(operation, resource));
+        if (!securityContext.isLoggedIn()) {
+            throw new DemoiselleSecurityException(bundle.userNotAuthenticated(), UNAUTHORIZED.getStatusCode());
         }
         if (!securityContext.hasPermission(resource, operation)) {
@@ -75,6 +75,10 @@ public class RequiredRoleInterceptor implements Serializable {
         List<String> roles = getRoles(ic);
         List<String> userRoles = new ArrayList<>();
+        
+        if (!securityContext.isLoggedIn()) {
+            throw new DemoiselleSecurityException(bundle.userNotAuthenticated(), UNAUTHORIZED.getStatusCode());
+        }
         for (String role : roles) {
             if (securityContext.hasRole(role)) {
@@ -0,0 +1,87 @@		@@ -0,0 +1,87 @@
	1	+/*
	2	+ * To change this license header, choose License Headers in Project Properties.
	3	+ * To change this template file, choose Tools \| Templates
	4	+ * and open the template in the editor.
	5	+ */
	6	+package org.demoiselle.jee.security.jwt.impl;
	7	+
	8	+import java.io.Serializable;
	9	+import org.demoiselle.jee.configuration.annotation.Configuration;
	10	+import org.demoiselle.jee.core.annotation.Name;
	11	+
	12	+/**
	13	+ *
	14	+ * @author 70744416353
	15	+ */
	16	+@Configuration(resource = "demoiselle-security-jwt")
	17	+public class Config implements Serializable {
	18	+
	19	+ private static final long serialVersionUID = 638435989235076782L;
	20	+
	21	+ @Name("jwt.type")
	22	+ private String type;
	23	+
	24	+ @Name("jwt.privateKey")
	25	+ private String privateKey;
	26	+
	27	+ @Name("jwt.publicKey")
	28	+ private String publicKey;
	29	+
	30	+ @Name("jwt.timetolive")
	31	+ private Float tempo;
	32	+
	33	+ @Name("jwt.issuer")
	34	+ private String remetente;
	35	+
	36	+ @Name("jwt.audience")
	37	+ private String destinatario;
	38	+
	39	+ public String getType() {
	40	+ return type;
	41	+ }
	42	+
	43	+ public void setType(String type) {
	44	+ this.type = type;
	45	+ }
	46	+
	47	+ public String getPrivateKey() {
	48	+ return privateKey;
	49	+ }
	50	+
	51	+ public void setPrivateKey(String privateKey) {
	52	+ this.privateKey = privateKey;
	53	+ }
	54	+
	55	+ public String getPublicKey() {
	56	+ return publicKey;
	57	+ }
	58	+
	59	+ public void setPublicKey(String publicKey) {
	60	+ this.publicKey = publicKey;
	61	+ }
	62	+
	63	+ public Float getTempo() {
	64	+ return tempo;
	65	+ }
	66	+
	67	+ public void setTempo(Float tempo) {
	68	+ this.tempo = tempo;
	69	+ }
	70	+
	71	+ public String getRemetente() {
	72	+ return remetente;
	73	+ }
	74	+
	75	+ public void setRemetente(String remetente) {
	76	+ this.remetente = remetente;
	77	+ }
	78	+
	79	+ public String getDestinatario() {
	80	+ return destinatario;
	81	+ }
	82	+
	83	+ public void setDestinatario(String destinatario) {
	84	+ this.destinatario = destinatario;
	85	+ }
	86	+
	87	+}
	@@ -1 +0,0 @@		@@ -1 +0,0 @@
1	-user-not-authenticated
2	\ No newline at end of file	0	\ No newline at end of file
	@@ -1 +0,0 @@		@@ -1 +0,0 @@
1	-tipo-seguranca=basic
2	\ No newline at end of file	0	\ No newline at end of file