Segurança e ajustes nos pacotes

PauloGladson
1 parent ffe576b7
Showing 11 changed files with 108 additions and 149 deletions Show diff stats
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java
demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java
pom.xml
@@ -26,4 +26,6 @@ public interface DemoisellePrincipal extends Principal {
     public List<String> getRoles();
  
     public Map<String, String> getPermissions();
+
+    public void setPermissions(Map<String, String> permissions);
 }
@@ -66,8 +66,8 @@ public interface SecurityContext extends Serializable {
      * @return the user logged in a specific authenticated session. If there is
      * no active session {@code null} is returned.
      */
-    Principal getUser();
+    DemoisellePrincipal getUser();
  
-    void setUser(Principal loggedUser);
+    void setUser(DemoisellePrincipal loggedUser);
  
 }
@@ -20,9 +20,9 @@ import java.util.Map;
  */
 public interface TokensManager extends Serializable {
  
-    public Principal getUser();
+    public DemoisellePrincipal getUser();
  
-    public void setUser(Principal user);
+    public void setUser(DemoisellePrincipal user);
  
     public boolean validate();
  
@@ -5,14 +5,8 @@
  */
 package org.demoiselle.jee.security.basic.impl;
  
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
 import javax.enterprise.context.Dependent;
-import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.interfaces.security.Token;
@@ -25,24 +19,20 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager;
 @Dependent
 public class TokensManagerImpl implements TokensManager {
  
-    private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();
-
     @Inject
     private Logger logger;
  
     @Inject
-    @RequestScoped
     private Token token;
  
     @Inject
-    @RequestScoped
-    private Principal loggedUser;
+    private DemoisellePrincipal loggedUser;
  
     @Override
-    public Principal getUser() {
+    public DemoisellePrincipal getUser() {
         if (loggedUser == null) {
             if (token.getKey() != null && !token.getKey().isEmpty()) {
-                loggedUser = repo.get(token.getKey());
+                // desfaz o basic
                 return loggedUser;
             }
         }
@@ -50,14 +40,9 @@ public class TokensManagerImpl implements TokensManager {
     }
  
     @Override
-    public void setUser(Principal user) {
+    public void setUser(DemoisellePrincipal user) {
         String value = null;
-        if (!repo.containsValue(user)) {
-            value = UUID.randomUUID().toString();
-            repo.put(value, user);
-            token.setKey(value);
-            token.setType("Basic");
-        }
+
     }
  
     @Override
@@ -65,6 +50,4 @@ public class TokensManagerImpl implements TokensManager {
         return true;//(getUser() != null && repo.get(token.getKey()).);
     }
  
-
-
 }
@@ -13,8 +13,9 @@ import java.util.logging.Logger;
 import javax.enterprise.context.Dependent;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
-import org.demoiselle.jee.core.security.LoggedUser;
-import org.demoiselle.jee.core.security.TokensManager;
+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
+import org.demoiselle.jee.core.interfaces.security.Token;
+import org.demoiselle.jee.core.interfaces.security.TokensManager;
 import org.jose4j.jwk.RsaJsonWebKey;
 import org.jose4j.jwk.RsaJwkGenerator;
 import org.jose4j.jws.AlgorithmIdentifiers;
@@ -40,6 +41,12 @@ public class TokensManagerImpl implements TokensManager {
     @Inject
     private Logger logger;
  
+    @Inject
+    private Token token;
+
+    @Inject
+    private DemoisellePrincipal loggedUser;
+
     public TokensManagerImpl() throws JoseException {
         RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
         logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
@@ -50,34 +57,31 @@ public class TokensManagerImpl implements TokensManager {
     }
  
     @Override
-    public LoggedUser getUser(String jwt) {
-        LoggedUser usuario = null;
-        if (jwt != null && !jwt.isEmpty()) {
-            JwtConsumer jwtConsumer = new JwtConsumerBuilder()
-                    .setRequireExpirationTime() // the JWT must have an expiration time
-                    .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
-                    .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
-                    .setExpectedAudience("demoiselle") // to whom the JWT is intended for
-                    .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
-                    .build(); // create the JwtConsumer instance
-
+    public DemoisellePrincipal getUser() {
+        if (token.getKey() != null && !token.getKey().isEmpty()) {
             try {
-                JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
-                usuario = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), LoggedUser.class);
-
+                JwtConsumer jwtConsumer = new JwtConsumerBuilder()
+                        .setRequireExpirationTime() // the JWT must have an expiration time
+                        .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
+                        .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
+                        .setExpectedAudience("demoiselle") // to whom the JWT is intended for
+                        .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
+                        .build(); // create the JwtConsumer instance
+                JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
+                loggedUser = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), DemoisellePrincipal.class);
                 String ip = httpRequest.getRemoteAddr();
                 if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
-                    usuario = null;
+                    return null;
                 }
-            } catch (InvalidJwtException e) {
-                //Logger.getLogger(TokenRepository.class.getName()).log(Level.SEVERE, null, e);
+            } catch (InvalidJwtException ex) {
+                logger.severe(ex.getMessage());
             }
         }
-        return usuario;
+        return loggedUser;
     }
  
     @Override
-    public String setUser(LoggedUser user) {
+    public void setUser(DemoisellePrincipal user) {
         try {
             JwtClaims claims = new JwtClaims();
             claims.setIssuer("demoiselle");
@@ -95,12 +99,16 @@ public class TokensManagerImpl implements TokensManager {
             jws.setKey(rsaJsonWebKey.getPrivateKey());
             jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
             jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
-            return jws.getCompactSerialization();
+            token.setKey(jws.getCompactSerialization());
         } catch (JoseException ex) {
             logger.severe(ex.getMessage());
         }
-        return null;
  
     }
  
+    @Override
+    public boolean validate() {
+        return true;
+    }
+
 }
@@ -1,90 +0,0 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.demoiselle.jee.security.basic.impl;
-
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.logging.Logger;
-import javax.enterprise.context.Dependent;
-import javax.enterprise.context.RequestScoped;
-import javax.inject.Inject;
-import org.demoiselle.jee.core.interfaces.security.Token;
-import org.demoiselle.jee.core.interfaces.security.TokensManager;
-
-/**
- *
- * @author 70744416353
- */
-@Dependent
-public class TokensManagerImpl implements TokensManager {
-
-    private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();
-
-    @Inject
-    private Logger logger;
-
-    @Inject
-    @RequestScoped
-    private Token token;
-
-    @Inject
-    @RequestScoped
-    private Principal loggedUser;
-
-    @Override
-    public Principal getUser() {
-        if (loggedUser == null) {
-            if (token.getKey() != null && !token.getKey().isEmpty()) {
-                loggedUser = repo.get(token.getKey());
-                return loggedUser;
-            }
-        }
-        return loggedUser;
-    }
-
-    @Override
-    public void setUser(Principal user) {
-        String value = null;
-        if (!repo.containsValue(user)) {
-            value = UUID.randomUUID().toString();
-            repo.put(value, user);
-            token.setKey(value);
-            token.setType("Basic");
-        }
-    }
-
-    @Override
-    public boolean validate() {
-        return true;//(getUser() != null && repo.get(token.getKey()).);
-    }
-
-    @Override
-    public Token getToken() {
-        return token;
-    }
-
-    @Override
-    public void setToken(Token token) {
-        String key = null;
-        if (repo.containsKey(token.getKey())) {
-            loggedUser = repo.get(key);
-        }
-    }
-
-    @Override
-    public void setRoles(List<String> roles) {
-        
-    }
-
-    @Override
-    public void setPermissions(Map<String, String> permissions) {
-        
-    }
-
-}
@@ -0,0 +1,57 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.demoiselle.jee.security.token.impl;
+
+import java.security.Principal;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Logger;
+import javax.enterprise.context.Dependent;
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
+import org.demoiselle.jee.core.interfaces.security.Token;
+import org.demoiselle.jee.core.interfaces.security.TokensManager;
+
+/**
+ *
+ * @author 70744416353
+ */
+@RequestScoped
+public class TokensManagerImpl implements TokensManager {
+
+    private final static ConcurrentHashMap<String, DemoisellePrincipal> repo = new ConcurrentHashMap<>();
+
+    @Inject
+    private Logger logger;
+
+    @Inject
+    private Token token;
+
+    @Override
+    public DemoisellePrincipal getUser() {
+        if (token.getKey() != null && !token.getKey().isEmpty()) {
+            return repo.get(token.getKey());
+        }
+        return null;
+    }
+
+    @Override
+    public void setUser(DemoisellePrincipal user) {
+        if (!repo.containsValue(user)) {
+            String value = UUID.randomUUID().toString();
+            repo.put(value, user);
+            token.setKey(value);
+            token.setType("Token");
+        }
+    }
+
+    @Override
+    public boolean validate() {
+        return true;//(getUser() != null && repo.get(token.getKey()).);
+    }
+
+}
@@ -6,17 +6,14 @@
  */
 package org.demoiselle.jee.security.impl;
  
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
 import javax.enterprise.context.Dependent;
 import javax.inject.Inject;
+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  
 import org.demoiselle.jee.core.util.ResourceBundle;
  
 import org.demoiselle.jee.security.exception.NotLoggedInException;
 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
-import org.demoiselle.jee.core.interfaces.security.Token;
 import org.demoiselle.jee.core.interfaces.security.TokensManager;
  
 /**
@@ -74,12 +71,12 @@ public class SecurityContextImpl implements SecurityContext {
     }
  
     @Override
-    public Principal getUser() {
+    public DemoisellePrincipal getUser() {
         return tm.getUser();
     }
  
     @Override
-    public void setUser(Principal loggedUser) {
+    public void setUser(DemoisellePrincipal loggedUser) {
         tm.setUser(loggedUser);
     }
  
@@ -13,10 +13,10 @@ import javax.interceptor.AroundInvoke;
 import javax.interceptor.Interceptor;
 import javax.interceptor.InvocationContext;
 import java.io.Serializable;
-import java.security.Principal;
 import java.util.logging.Logger;
 import javax.inject.Inject;
 import org.demoiselle.jee.core.annotation.Name;
+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.util.ResourceBundle;
 import org.demoiselle.jee.core.util.Strings;
 import org.demoiselle.jee.security.annotation.RequiredPermission;
@@ -40,7 +40,7 @@ public class RequiredPermissionInterceptor implements Serializable {
     private SecurityContext securityContext;
  
     @Inject
-    private Principal loggedUser;
+    private DemoisellePrincipal loggedUser;
  
     @Inject
     private ResourceBundle bundle;
@@ -13,13 +13,13 @@ import javax.interceptor.AroundInvoke;
 import javax.interceptor.Interceptor;
 import javax.interceptor.InvocationContext;
 import java.io.Serializable;
-import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
  
 import java.util.logging.Logger;
 import javax.inject.Inject;
+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.util.ResourceBundle;
 import org.demoiselle.jee.security.annotation.RequiredRole;
 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
@@ -42,7 +42,7 @@ public class RequiredRoleInterceptor implements Serializable {
     private SecurityContext securityContext;
  
     @Inject
-    private Principal loggedUser;
+    private DemoisellePrincipal loggedUser;
  
     @Inject
     private ResourceBundle bundle;
@@ -69,7 +69,9 @@
         <module>demoiselle-persistence-jpa</module>
         <module>demoiselle-rest</module>
         <module>demoiselle-security</module>
+        <module>demoiselle-security-token</module>
         <module>demoiselle-security-basic</module>
+        <module>demoiselle-security-jwt</module>
         <!--<module>demoiselle-security-jwt</module>-->
     </modules>
...	...	@@ -26,4 +26,6 @@ public interface DemoisellePrincipal extends Principal {
26	26	public List<String> getRoles();
27	27
28	28	public Map<String, String> getPermissions();
	29	+
	30	+ public void setPermissions(Map<String, String> permissions);
29	31	}
...	...
...	...	@@ -66,8 +66,8 @@ public interface SecurityContext extends Serializable {
66	66	* @return the user logged in a specific authenticated session. If there is
67	67	* no active session {@code null} is returned.
68	68	*/
69		- Principal getUser();
	69	+ DemoisellePrincipal getUser();
70	70
71		- void setUser(Principal loggedUser);
	71	+ void setUser(DemoisellePrincipal loggedUser);
72	72
73	73	}
...	...
...	...	@@ -20,9 +20,9 @@ import java.util.Map;
20	20	*/
21	21	public interface TokensManager extends Serializable {
22	22
23		- public Principal getUser();
	23	+ public DemoisellePrincipal getUser();
24	24
25		- public void setUser(Principal user);
	25	+ public void setUser(DemoisellePrincipal user);
26	26
27	27	public boolean validate();
28	28
...	...
...	...	@@ -5,14 +5,8 @@
5	5	*/
6	6	package org.demoiselle.jee.security.basic.impl;
7	7
8		-import java.security.Principal;
9		-import java.util.List;
10		-import java.util.Map;
11		-import java.util.UUID;
12		-import java.util.concurrent.ConcurrentHashMap;
13	8	import java.util.logging.Logger;
14	9	import javax.enterprise.context.Dependent;
15		-import javax.enterprise.context.RequestScoped;
16	10	import javax.inject.Inject;
17	11	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
18	12	import org.demoiselle.jee.core.interfaces.security.Token;
...	...	@@ -25,24 +19,20 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager;
25	19	@Dependent
26	20	public class TokensManagerImpl implements TokensManager {
27	21
28		- private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();
29		-
30	22	@Inject
31	23	private Logger logger;
32	24
33	25	@Inject
34		- @RequestScoped
35	26	private Token token;
36	27
37	28	@Inject
38		- @RequestScoped
39		- private Principal loggedUser;
	29	+ private DemoisellePrincipal loggedUser;
40	30
41	31	@Override
42		- public Principal getUser() {
	32	+ public DemoisellePrincipal getUser() {
43	33	if (loggedUser == null) {
44	34	if (token.getKey() != null && !token.getKey().isEmpty()) {
45		- loggedUser = repo.get(token.getKey());
	35	+ // desfaz o basic
46	36	return loggedUser;
47	37	}
48	38	}
...	...	@@ -50,14 +40,9 @@ public class TokensManagerImpl implements TokensManager {
50	40	}
51	41
52	42	@Override
53		- public void setUser(Principal user) {
	43	+ public void setUser(DemoisellePrincipal user) {
54	44	String value = null;
55		- if (!repo.containsValue(user)) {
56		- value = UUID.randomUUID().toString();
57		- repo.put(value, user);
58		- token.setKey(value);
59		- token.setType("Basic");
60		- }
	45	+
61	46	}
62	47
63	48	@Override
...	...	@@ -65,6 +50,4 @@ public class TokensManagerImpl implements TokensManager {
65	50	return true;//(getUser() != null && repo.get(token.getKey()).);
66	51	}
67	52
68		-
69		-
70	53	}
...	...
...	...	@@ -13,8 +13,9 @@ import java.util.logging.Logger;
13	13	import javax.enterprise.context.Dependent;
14	14	import javax.inject.Inject;
15	15	import javax.servlet.http.HttpServletRequest;
16		-import org.demoiselle.jee.core.security.LoggedUser;
17		-import org.demoiselle.jee.core.security.TokensManager;
	16	+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
	17	+import org.demoiselle.jee.core.interfaces.security.Token;
	18	+import org.demoiselle.jee.core.interfaces.security.TokensManager;
18	19	import org.jose4j.jwk.RsaJsonWebKey;
19	20	import org.jose4j.jwk.RsaJwkGenerator;
20	21	import org.jose4j.jws.AlgorithmIdentifiers;
...	...	@@ -40,6 +41,12 @@ public class TokensManagerImpl implements TokensManager {
40	41	@Inject
41	42	private Logger logger;
42	43
	44	+ @Inject
	45	+ private Token token;
	46	+
	47	+ @Inject
	48	+ private DemoisellePrincipal loggedUser;
	49	+
43	50	public TokensManagerImpl() throws JoseException {
44	51	RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
45	52	logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
...	...	@@ -50,34 +57,31 @@ public class TokensManagerImpl implements TokensManager {
50	57	}
51	58
52	59	@Override
53		- public LoggedUser getUser(String jwt) {
54		- LoggedUser usuario = null;
55		- if (jwt != null && !jwt.isEmpty()) {
56		- JwtConsumer jwtConsumer = new JwtConsumerBuilder()
57		- .setRequireExpirationTime() // the JWT must have an expiration time
58		- .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
59		- .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
60		- .setExpectedAudience("demoiselle") // to whom the JWT is intended for
61		- .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
62		- .build(); // create the JwtConsumer instance
63		-
	60	+ public DemoisellePrincipal getUser() {
	61	+ if (token.getKey() != null && !token.getKey().isEmpty()) {
64	62	try {
65		- JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
66		- usuario = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), LoggedUser.class);
67		-
	63	+ JwtConsumer jwtConsumer = new JwtConsumerBuilder()
	64	+ .setRequireExpirationTime() // the JWT must have an expiration time
	65	+ .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
	66	+ .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
	67	+ .setExpectedAudience("demoiselle") // to whom the JWT is intended for
	68	+ .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
	69	+ .build(); // create the JwtConsumer instance
	70	+ JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
	71	+ loggedUser = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), DemoisellePrincipal.class);
68	72	String ip = httpRequest.getRemoteAddr();
69	73	if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
70		- usuario = null;
	74	+ return null;
71	75	}
72		- } catch (InvalidJwtException e) {
73		- //Logger.getLogger(TokenRepository.class.getName()).log(Level.SEVERE, null, e);
	76	+ } catch (InvalidJwtException ex) {
	77	+ logger.severe(ex.getMessage());
74	78	}
75	79	}
76		- return usuario;
	80	+ return loggedUser;
77	81	}
78	82
79	83	@Override
80		- public String setUser(LoggedUser user) {
	84	+ public void setUser(DemoisellePrincipal user) {
81	85	try {
82	86	JwtClaims claims = new JwtClaims();
83	87	claims.setIssuer("demoiselle");
...	...	@@ -95,12 +99,16 @@ public class TokensManagerImpl implements TokensManager {
95	99	jws.setKey(rsaJsonWebKey.getPrivateKey());
96	100	jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
97	101	jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
98		- return jws.getCompactSerialization();
	102	+ token.setKey(jws.getCompactSerialization());
99	103	} catch (JoseException ex) {
100	104	logger.severe(ex.getMessage());
101	105	}
102		- return null;
103	106
104	107	}
105	108
	109	+ @Override
	110	+ public boolean validate() {
	111	+ return true;
	112	+ }
	113	+
106	114	}
...	...
...	...	@@ -1,90 +0,0 @@
1		-/*
2		- * To change this license header, choose License Headers in Project Properties.
3		- * To change this template file, choose Tools \| Templates
4		- * and open the template in the editor.
5		- */
6		-package org.demoiselle.jee.security.basic.impl;
7		-
8		-import java.security.Principal;
9		-import java.util.List;
10		-import java.util.Map;
11		-import java.util.UUID;
12		-import java.util.concurrent.ConcurrentHashMap;
13		-import java.util.logging.Logger;
14		-import javax.enterprise.context.Dependent;
15		-import javax.enterprise.context.RequestScoped;
16		-import javax.inject.Inject;
17		-import org.demoiselle.jee.core.interfaces.security.Token;
18		-import org.demoiselle.jee.core.interfaces.security.TokensManager;
19		-
20		-/**
21		- *
22		- * @author 70744416353
23		- */
24		-@Dependent
25		-public class TokensManagerImpl implements TokensManager {
26		-
27		- private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();
28		-
29		- @Inject
30		- private Logger logger;
31		-
32		- @Inject
33		- @RequestScoped
34		- private Token token;
35		-
36		- @Inject
37		- @RequestScoped
38		- private Principal loggedUser;
39		-
40		- @Override
41		- public Principal getUser() {
42		- if (loggedUser == null) {
43		- if (token.getKey() != null && !token.getKey().isEmpty()) {
44		- loggedUser = repo.get(token.getKey());
45		- return loggedUser;
46		- }
47		- }
48		- return loggedUser;
49		- }
50		-
51		- @Override
52		- public void setUser(Principal user) {
53		- String value = null;
54		- if (!repo.containsValue(user)) {
55		- value = UUID.randomUUID().toString();
56		- repo.put(value, user);
57		- token.setKey(value);
58		- token.setType("Basic");
59		- }
60		- }
61		-
62		- @Override
63		- public boolean validate() {
64		- return true;//(getUser() != null && repo.get(token.getKey()).);
65		- }
66		-
67		- @Override
68		- public Token getToken() {
69		- return token;
70		- }
71		-
72		- @Override
73		- public void setToken(Token token) {
74		- String key = null;
75		- if (repo.containsKey(token.getKey())) {
76		- loggedUser = repo.get(key);
77		- }
78		- }
79		-
80		- @Override
81		- public void setRoles(List<String> roles) {
82		-
83		- }
84		-
85		- @Override
86		- public void setPermissions(Map<String, String> permissions) {
87		-
88		- }
89		-
90		-}
...	...	@@ -0,0 +1,57 @@
	1	+/*
	2	+ * To change this license header, choose License Headers in Project Properties.
	3	+ * To change this template file, choose Tools \| Templates
	4	+ * and open the template in the editor.
	5	+ */
	6	+package org.demoiselle.jee.security.token.impl;
	7	+
	8	+import java.security.Principal;
	9	+import java.util.UUID;
	10	+import java.util.concurrent.ConcurrentHashMap;
	11	+import java.util.logging.Logger;
	12	+import javax.enterprise.context.Dependent;
	13	+import javax.enterprise.context.RequestScoped;
	14	+import javax.inject.Inject;
	15	+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
	16	+import org.demoiselle.jee.core.interfaces.security.Token;
	17	+import org.demoiselle.jee.core.interfaces.security.TokensManager;
	18	+
	19	+/**
	20	+ *
	21	+ * @author 70744416353
	22	+ */
	23	+@RequestScoped
	24	+public class TokensManagerImpl implements TokensManager {
	25	+
	26	+ private final static ConcurrentHashMap<String, DemoisellePrincipal> repo = new ConcurrentHashMap<>();
	27	+
	28	+ @Inject
	29	+ private Logger logger;
	30	+
	31	+ @Inject
	32	+ private Token token;
	33	+
	34	+ @Override
	35	+ public DemoisellePrincipal getUser() {
	36	+ if (token.getKey() != null && !token.getKey().isEmpty()) {
	37	+ return repo.get(token.getKey());
	38	+ }
	39	+ return null;
	40	+ }
	41	+
	42	+ @Override
	43	+ public void setUser(DemoisellePrincipal user) {
	44	+ if (!repo.containsValue(user)) {
	45	+ String value = UUID.randomUUID().toString();
	46	+ repo.put(value, user);
	47	+ token.setKey(value);
	48	+ token.setType("Token");
	49	+ }
	50	+ }
	51	+
	52	+ @Override
	53	+ public boolean validate() {
	54	+ return true;//(getUser() != null && repo.get(token.getKey()).);
	55	+ }
	56	+
	57	+}
...	...
...	...	@@ -6,17 +6,14 @@
6	6	*/
7	7	package org.demoiselle.jee.security.impl;
8	8
9		-import java.security.Principal;
10		-import java.util.List;
11		-import java.util.Map;
12	9	import javax.enterprise.context.Dependent;
13	10	import javax.inject.Inject;
	11	+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
14	12
15	13	import org.demoiselle.jee.core.util.ResourceBundle;
16	14
17	15	import org.demoiselle.jee.security.exception.NotLoggedInException;
18	16	import org.demoiselle.jee.core.interfaces.security.SecurityContext;
19		-import org.demoiselle.jee.core.interfaces.security.Token;
20	17	import org.demoiselle.jee.core.interfaces.security.TokensManager;
21	18
22	19	/**
...	...	@@ -74,12 +71,12 @@ public class SecurityContextImpl implements SecurityContext {
74	71	}
75	72
76	73	@Override
77		- public Principal getUser() {
	74	+ public DemoisellePrincipal getUser() {
78	75	return tm.getUser();
79	76	}
80	77
81	78	@Override
82		- public void setUser(Principal loggedUser) {
	79	+ public void setUser(DemoisellePrincipal loggedUser) {
83	80	tm.setUser(loggedUser);
84	81	}
85	82
...	...
...	...	@@ -13,10 +13,10 @@ import javax.interceptor.AroundInvoke;
13	13	import javax.interceptor.Interceptor;
14	14	import javax.interceptor.InvocationContext;
15	15	import java.io.Serializable;
16		-import java.security.Principal;
17	16	import java.util.logging.Logger;
18	17	import javax.inject.Inject;
19	18	import org.demoiselle.jee.core.annotation.Name;
	19	+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
20	20	import org.demoiselle.jee.core.util.ResourceBundle;
21	21	import org.demoiselle.jee.core.util.Strings;
22	22	import org.demoiselle.jee.security.annotation.RequiredPermission;
...	...	@@ -40,7 +40,7 @@ public class RequiredPermissionInterceptor implements Serializable {
40	40	private SecurityContext securityContext;
41	41
42	42	@Inject
43		- private Principal loggedUser;
	43	+ private DemoisellePrincipal loggedUser;
44	44
45	45	@Inject
46	46	private ResourceBundle bundle;
...	...
...	...	@@ -13,13 +13,13 @@ import javax.interceptor.AroundInvoke;
13	13	import javax.interceptor.Interceptor;
14	14	import javax.interceptor.InvocationContext;
15	15	import java.io.Serializable;
16		-import java.security.Principal;
17	16	import java.util.ArrayList;
18	17	import java.util.Arrays;
19	18	import java.util.List;
20	19
21	20	import java.util.logging.Logger;
22	21	import javax.inject.Inject;
	22	+import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
23	23	import org.demoiselle.jee.core.util.ResourceBundle;
24	24	import org.demoiselle.jee.security.annotation.RequiredRole;
25	25	import org.demoiselle.jee.core.interfaces.security.SecurityContext;
...	...	@@ -42,7 +42,7 @@ public class RequiredRoleInterceptor implements Serializable {
42	42	private SecurityContext securityContext;
43	43
44	44	@Inject
45		- private Principal loggedUser;
	45	+ private DemoisellePrincipal loggedUser;
46	46
47	47	@Inject
48	48	private ResourceBundle bundle;
...	...