From 6e126b792415a4bf742c96d2165e494f6fcf473c Mon Sep 17 00:00:00 2001 From: PauloGladson Date: Mon, 26 Sep 2016 19:07:23 -0300 Subject: [PATCH] Segurança e ajustes nos pacotes --- demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java | 2 ++ demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java | 4 ++-- demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java | 4 ++-- demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java | 27 +++++---------------------- demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java | 54 +++++++++++++++++++++++++++++++----------------------- demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java | 90 ------------------------------------------------------------------------------------------ demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java | 9 +++------ demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java | 4 ++-- demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java | 4 ++-- pom.xml | 2 ++ 11 files changed, 108 insertions(+), 149 deletions(-) delete mode 100644 demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java create mode 100644 demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java diff --git a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java index 0a6cf59..92ca068 100644 --- a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java +++ b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java @@ -26,4 +26,6 @@ public interface DemoisellePrincipal extends Principal { public List getRoles(); public Map getPermissions(); + + public void setPermissions(Map permissions); } diff --git a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java index f8a9d6d..d29788e 100644 --- a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java +++ b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java @@ -66,8 +66,8 @@ public interface SecurityContext extends Serializable { * @return the user logged in a specific authenticated session. If there is * no active session {@code null} is returned. */ - Principal getUser(); + DemoisellePrincipal getUser(); - void setUser(Principal loggedUser); + void setUser(DemoisellePrincipal loggedUser); } diff --git a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java index 1e23fc1..dd003b7 100644 --- a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java +++ b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java @@ -20,9 +20,9 @@ import java.util.Map; */ public interface TokensManager extends Serializable { - public Principal getUser(); + public DemoisellePrincipal getUser(); - public void setUser(Principal user); + public void setUser(DemoisellePrincipal user); public boolean validate(); diff --git a/demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java b/demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java index 112c581..d1e3194 100644 --- a/demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java +++ b/demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java @@ -5,14 +5,8 @@ */ package org.demoiselle.jee.security.basic.impl; -import java.security.Principal; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; import java.util.logging.Logger; import javax.enterprise.context.Dependent; -import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.interfaces.security.Token; @@ -25,24 +19,20 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager; @Dependent public class TokensManagerImpl implements TokensManager { - private static ConcurrentHashMap repo = new ConcurrentHashMap<>(); - @Inject private Logger logger; @Inject - @RequestScoped private Token token; @Inject - @RequestScoped - private Principal loggedUser; + private DemoisellePrincipal loggedUser; @Override - public Principal getUser() { + public DemoisellePrincipal getUser() { if (loggedUser == null) { if (token.getKey() != null && !token.getKey().isEmpty()) { - loggedUser = repo.get(token.getKey()); + // desfaz o basic return loggedUser; } } @@ -50,14 +40,9 @@ public class TokensManagerImpl implements TokensManager { } @Override - public void setUser(Principal user) { + public void setUser(DemoisellePrincipal user) { String value = null; - if (!repo.containsValue(user)) { - value = UUID.randomUUID().toString(); - repo.put(value, user); - token.setKey(value); - token.setType("Basic"); - } + } @Override @@ -65,6 +50,4 @@ public class TokensManagerImpl implements TokensManager { return true;//(getUser() != null && repo.get(token.getKey()).); } - - } diff --git a/demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java b/demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java index 0f9b1db..aa5e76c 100644 --- a/demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java +++ b/demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java @@ -13,8 +13,9 @@ import java.util.logging.Logger; import javax.enterprise.context.Dependent; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; -import org.demoiselle.jee.core.security.LoggedUser; -import org.demoiselle.jee.core.security.TokensManager; +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; +import org.demoiselle.jee.core.interfaces.security.Token; +import org.demoiselle.jee.core.interfaces.security.TokensManager; import org.jose4j.jwk.RsaJsonWebKey; import org.jose4j.jwk.RsaJwkGenerator; import org.jose4j.jws.AlgorithmIdentifiers; @@ -40,6 +41,12 @@ public class TokensManagerImpl implements TokensManager { @Inject private Logger logger; + @Inject + private Token token; + + @Inject + private DemoisellePrincipal loggedUser; + public TokensManagerImpl() throws JoseException { RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048); logger.info("Se vocĂȘ quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao"); @@ -50,34 +57,31 @@ public class TokensManagerImpl implements TokensManager { } @Override - public LoggedUser getUser(String jwt) { - LoggedUser usuario = null; - if (jwt != null && !jwt.isEmpty()) { - JwtConsumer jwtConsumer = new JwtConsumerBuilder() - .setRequireExpirationTime() // the JWT must have an expiration time - .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew - .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by - .setExpectedAudience("demoiselle") // to whom the JWT is intended for - .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key - .build(); // create the JwtConsumer instance - + public DemoisellePrincipal getUser() { + if (token.getKey() != null && !token.getKey().isEmpty()) { try { - JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt); - usuario = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), LoggedUser.class); - + JwtConsumer jwtConsumer = new JwtConsumerBuilder() + .setRequireExpirationTime() // the JWT must have an expiration time + .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew + .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by + .setExpectedAudience("demoiselle") // to whom the JWT is intended for + .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key + .build(); // create the JwtConsumer instance + JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey()); + loggedUser = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), DemoisellePrincipal.class); String ip = httpRequest.getRemoteAddr(); if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) { - usuario = null; + return null; } - } catch (InvalidJwtException e) { - //Logger.getLogger(TokenRepository.class.getName()).log(Level.SEVERE, null, e); + } catch (InvalidJwtException ex) { + logger.severe(ex.getMessage()); } } - return usuario; + return loggedUser; } @Override - public String setUser(LoggedUser user) { + public void setUser(DemoisellePrincipal user) { try { JwtClaims claims = new JwtClaims(); claims.setIssuer("demoiselle"); @@ -95,12 +99,16 @@ public class TokensManagerImpl implements TokensManager { jws.setKey(rsaJsonWebKey.getPrivateKey()); jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); - return jws.getCompactSerialization(); + token.setKey(jws.getCompactSerialization()); } catch (JoseException ex) { logger.severe(ex.getMessage()); } - return null; } + @Override + public boolean validate() { + return true; + } + } diff --git a/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java b/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java deleted file mode 100644 index 82373ac..0000000 --- a/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package org.demoiselle.jee.security.basic.impl; - -import java.security.Principal; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import java.util.logging.Logger; -import javax.enterprise.context.Dependent; -import javax.enterprise.context.RequestScoped; -import javax.inject.Inject; -import org.demoiselle.jee.core.interfaces.security.Token; -import org.demoiselle.jee.core.interfaces.security.TokensManager; - -/** - * - * @author 70744416353 - */ -@Dependent -public class TokensManagerImpl implements TokensManager { - - private static ConcurrentHashMap repo = new ConcurrentHashMap<>(); - - @Inject - private Logger logger; - - @Inject - @RequestScoped - private Token token; - - @Inject - @RequestScoped - private Principal loggedUser; - - @Override - public Principal getUser() { - if (loggedUser == null) { - if (token.getKey() != null && !token.getKey().isEmpty()) { - loggedUser = repo.get(token.getKey()); - return loggedUser; - } - } - return loggedUser; - } - - @Override - public void setUser(Principal user) { - String value = null; - if (!repo.containsValue(user)) { - value = UUID.randomUUID().toString(); - repo.put(value, user); - token.setKey(value); - token.setType("Basic"); - } - } - - @Override - public boolean validate() { - return true;//(getUser() != null && repo.get(token.getKey()).); - } - - @Override - public Token getToken() { - return token; - } - - @Override - public void setToken(Token token) { - String key = null; - if (repo.containsKey(token.getKey())) { - loggedUser = repo.get(key); - } - } - - @Override - public void setRoles(List roles) { - - } - - @Override - public void setPermissions(Map permissions) { - - } - -} diff --git a/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java b/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java new file mode 100644 index 0000000..aff0703 --- /dev/null +++ b/demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java @@ -0,0 +1,57 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.demoiselle.jee.security.token.impl; + +import java.security.Principal; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import java.util.logging.Logger; +import javax.enterprise.context.Dependent; +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; +import org.demoiselle.jee.core.interfaces.security.Token; +import org.demoiselle.jee.core.interfaces.security.TokensManager; + +/** + * + * @author 70744416353 + */ +@RequestScoped +public class TokensManagerImpl implements TokensManager { + + private final static ConcurrentHashMap repo = new ConcurrentHashMap<>(); + + @Inject + private Logger logger; + + @Inject + private Token token; + + @Override + public DemoisellePrincipal getUser() { + if (token.getKey() != null && !token.getKey().isEmpty()) { + return repo.get(token.getKey()); + } + return null; + } + + @Override + public void setUser(DemoisellePrincipal user) { + if (!repo.containsValue(user)) { + String value = UUID.randomUUID().toString(); + repo.put(value, user); + token.setKey(value); + token.setType("Token"); + } + } + + @Override + public boolean validate() { + return true;//(getUser() != null && repo.get(token.getKey()).); + } + +} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java index 11e27f5..aaf9f41 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java @@ -6,17 +6,14 @@ */ package org.demoiselle.jee.security.impl; -import java.security.Principal; -import java.util.List; -import java.util.Map; import javax.enterprise.context.Dependent; import javax.inject.Inject; +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.util.ResourceBundle; import org.demoiselle.jee.security.exception.NotLoggedInException; import org.demoiselle.jee.core.interfaces.security.SecurityContext; -import org.demoiselle.jee.core.interfaces.security.Token; import org.demoiselle.jee.core.interfaces.security.TokensManager; /** @@ -74,12 +71,12 @@ public class SecurityContextImpl implements SecurityContext { } @Override - public Principal getUser() { + public DemoisellePrincipal getUser() { return tm.getUser(); } @Override - public void setUser(Principal loggedUser) { + public void setUser(DemoisellePrincipal loggedUser) { tm.setUser(loggedUser); } diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java index b62eb7f..8ca994b 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java @@ -13,10 +13,10 @@ import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; import javax.interceptor.InvocationContext; import java.io.Serializable; -import java.security.Principal; import java.util.logging.Logger; import javax.inject.Inject; import org.demoiselle.jee.core.annotation.Name; +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.util.ResourceBundle; import org.demoiselle.jee.core.util.Strings; import org.demoiselle.jee.security.annotation.RequiredPermission; @@ -40,7 +40,7 @@ public class RequiredPermissionInterceptor implements Serializable { private SecurityContext securityContext; @Inject - private Principal loggedUser; + private DemoisellePrincipal loggedUser; @Inject private ResourceBundle bundle; diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java index d886217..424b470 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java @@ -13,13 +13,13 @@ import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; import javax.interceptor.InvocationContext; import java.io.Serializable; -import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.logging.Logger; import javax.inject.Inject; +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.util.ResourceBundle; import org.demoiselle.jee.security.annotation.RequiredRole; import org.demoiselle.jee.core.interfaces.security.SecurityContext; @@ -42,7 +42,7 @@ public class RequiredRoleInterceptor implements Serializable { private SecurityContext securityContext; @Inject - private Principal loggedUser; + private DemoisellePrincipal loggedUser; @Inject private ResourceBundle bundle; diff --git a/pom.xml b/pom.xml index f5ce36d..dcbd9fa 100644 --- a/pom.xml +++ b/pom.xml @@ -69,7 +69,9 @@ demoiselle-persistence-jpa demoiselle-rest demoiselle-security + demoiselle-security-token demoiselle-security-basic + demoiselle-security-jwt -- libgit2 0.21.2