Download as
Browse Code »

Commit 6e126b792415a4bf742c96d2165e494f6fcf473c

Authored by PauloGladson
1 parent ffe576b7

Segurança e ajustes nos pacotes

Showing 11 changed files with 108 additions and 149 deletions   Show diff stats
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/DemoisellePrincipal.java
  Diff comments   View file @6e126b7
@@ -26,4 +26,6 @@ public interface DemoisellePrincipal extends Principal { @@ -26,4 +26,6 @@ public interface DemoisellePrincipal extends Principal {
26 public List<String> getRoles(); 26 public List<String> getRoles();
27 27
28 public Map<String, String> getPermissions(); 28 public Map<String, String> getPermissions();
  29 +
  30 + public void setPermissions(Map<String, String> permissions);
29 } 31 }
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java
  Diff comments   View file @6e126b7
@@ -66,8 +66,8 @@ public interface SecurityContext extends Serializable { @@ -66,8 +66,8 @@ public interface SecurityContext extends Serializable {
66 * @return the user logged in a specific authenticated session. If there is 66 * @return the user logged in a specific authenticated session. If there is
67 * no active session {@code null} is returned. 67 * no active session {@code null} is returned.
68 */ 68 */
69 - Principal getUser(); 69 + DemoisellePrincipal getUser();
70 70
71 - void setUser(Principal loggedUser); 71 + void setUser(DemoisellePrincipal loggedUser);
72 72
73 } 73 }
demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/TokensManager.java
  Diff comments   View file @6e126b7
@@ -20,9 +20,9 @@ import java.util.Map; @@ -20,9 +20,9 @@ import java.util.Map;
20 */ 20 */
21 public interface TokensManager extends Serializable { 21 public interface TokensManager extends Serializable {
22 22
23 - public Principal getUser(); 23 + public DemoisellePrincipal getUser();
24 24
25 - public void setUser(Principal user); 25 + public void setUser(DemoisellePrincipal user);
26 26
27 public boolean validate(); 27 public boolean validate();
28 28
demoiselle-security-basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java
  Diff comments   View file @6e126b7
@@ -5,14 +5,8 @@ @@ -5,14 +5,8 @@
5 */ 5 */
6 package org.demoiselle.jee.security.basic.impl; 6 package org.demoiselle.jee.security.basic.impl;
7 7
8 -import java.security.Principal;  
9 -import java.util.List;  
10 -import java.util.Map;  
11 -import java.util.UUID;  
12 -import java.util.concurrent.ConcurrentHashMap;  
13 import java.util.logging.Logger; 8 import java.util.logging.Logger;
14 import javax.enterprise.context.Dependent; 9 import javax.enterprise.context.Dependent;
15 -import javax.enterprise.context.RequestScoped;  
16 import javax.inject.Inject; 10 import javax.inject.Inject;
17 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; 11 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
18 import org.demoiselle.jee.core.interfaces.security.Token; 12 import org.demoiselle.jee.core.interfaces.security.Token;
@@ -25,24 +19,20 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager; @@ -25,24 +19,20 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager;
25 @Dependent 19 @Dependent
26 public class TokensManagerImpl implements TokensManager { 20 public class TokensManagerImpl implements TokensManager {
27 21
28 - private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();  
29 -  
30 @Inject 22 @Inject
31 private Logger logger; 23 private Logger logger;
32 24
33 @Inject 25 @Inject
34 - @RequestScoped  
35 private Token token; 26 private Token token;
36 27
37 @Inject 28 @Inject
38 - @RequestScoped  
39 - private Principal loggedUser; 29 + private DemoisellePrincipal loggedUser;
40 30
41 @Override 31 @Override
42 - public Principal getUser() { 32 + public DemoisellePrincipal getUser() {
43 if (loggedUser == null) { 33 if (loggedUser == null) {
44 if (token.getKey() != null && !token.getKey().isEmpty()) { 34 if (token.getKey() != null && !token.getKey().isEmpty()) {
45 - loggedUser = repo.get(token.getKey()); 35 + // desfaz o basic
46 return loggedUser; 36 return loggedUser;
47 } 37 }
48 } 38 }
@@ -50,14 +40,9 @@ public class TokensManagerImpl implements TokensManager { @@ -50,14 +40,9 @@ public class TokensManagerImpl implements TokensManager {
50 } 40 }
51 41
52 @Override 42 @Override
53 - public void setUser(Principal user) { 43 + public void setUser(DemoisellePrincipal user) {
54 String value = null; 44 String value = null;
55 - if (!repo.containsValue(user)) {  
56 - value = UUID.randomUUID().toString();  
57 - repo.put(value, user);  
58 - token.setKey(value);  
59 - token.setType("Basic");  
60 - } 45 +
61 } 46 }
62 47
63 @Override 48 @Override
@@ -65,6 +50,4 @@ public class TokensManagerImpl implements TokensManager { @@ -65,6 +50,4 @@ public class TokensManagerImpl implements TokensManager {
65 return true;//(getUser() != null && repo.get(token.getKey()).); 50 return true;//(getUser() != null && repo.get(token.getKey()).);
66 } 51 }
67 52
68 -  
69 -  
70 } 53 }
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
  Diff comments   View file @6e126b7
@@ -13,8 +13,9 @@ import java.util.logging.Logger; @@ -13,8 +13,9 @@ import java.util.logging.Logger;
13 import javax.enterprise.context.Dependent; 13 import javax.enterprise.context.Dependent;
14 import javax.inject.Inject; 14 import javax.inject.Inject;
15 import javax.servlet.http.HttpServletRequest; 15 import javax.servlet.http.HttpServletRequest;
16 -import org.demoiselle.jee.core.security.LoggedUser;  
17 -import org.demoiselle.jee.core.security.TokensManager; 16 +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  17 +import org.demoiselle.jee.core.interfaces.security.Token;
  18 +import org.demoiselle.jee.core.interfaces.security.TokensManager;
18 import org.jose4j.jwk.RsaJsonWebKey; 19 import org.jose4j.jwk.RsaJsonWebKey;
19 import org.jose4j.jwk.RsaJwkGenerator; 20 import org.jose4j.jwk.RsaJwkGenerator;
20 import org.jose4j.jws.AlgorithmIdentifiers; 21 import org.jose4j.jws.AlgorithmIdentifiers;
@@ -40,6 +41,12 @@ public class TokensManagerImpl implements TokensManager { @@ -40,6 +41,12 @@ public class TokensManagerImpl implements TokensManager {
40 @Inject 41 @Inject
41 private Logger logger; 42 private Logger logger;
42 43
  44 + @Inject
  45 + private Token token;
  46 +
  47 + @Inject
  48 + private DemoisellePrincipal loggedUser;
  49 +
43 public TokensManagerImpl() throws JoseException { 50 public TokensManagerImpl() throws JoseException {
44 RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048); 51 RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
45 logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao"); 52 logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
@@ -50,34 +57,31 @@ public class TokensManagerImpl implements TokensManager { @@ -50,34 +57,31 @@ public class TokensManagerImpl implements TokensManager {
50 } 57 }
51 58
52 @Override 59 @Override
53 - public LoggedUser getUser(String jwt) {  
54 - LoggedUser usuario = null;  
55 - if (jwt != null && !jwt.isEmpty()) {  
56 - JwtConsumer jwtConsumer = new JwtConsumerBuilder()  
57 - .setRequireExpirationTime() // the JWT must have an expiration time  
58 - .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew  
59 - .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by  
60 - .setExpectedAudience("demoiselle") // to whom the JWT is intended for  
61 - .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key  
62 - .build(); // create the JwtConsumer instance  
63 - 60 + public DemoisellePrincipal getUser() {
  61 + if (token.getKey() != null && !token.getKey().isEmpty()) {
64 try { 62 try {
65 - JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);  
66 - usuario = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), LoggedUser.class);  
67 - 63 + JwtConsumer jwtConsumer = new JwtConsumerBuilder()
  64 + .setRequireExpirationTime() // the JWT must have an expiration time
  65 + .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew
  66 + .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by
  67 + .setExpectedAudience("demoiselle") // to whom the JWT is intended for
  68 + .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
  69 + .build(); // create the JwtConsumer instance
  70 + JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
  71 + loggedUser = new Gson().fromJson((String) jwtClaims.getClaimValue("user"), DemoisellePrincipal.class);
68 String ip = httpRequest.getRemoteAddr(); 72 String ip = httpRequest.getRemoteAddr();
69 if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) { 73 if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
70 - usuario = null; 74 + return null;
71 } 75 }
72 - } catch (InvalidJwtException e) {  
73 - //Logger.getLogger(TokenRepository.class.getName()).log(Level.SEVERE, null, e); 76 + } catch (InvalidJwtException ex) {
  77 + logger.severe(ex.getMessage());
74 } 78 }
75 } 79 }
76 - return usuario; 80 + return loggedUser;
77 } 81 }
78 82
79 @Override 83 @Override
80 - public String setUser(LoggedUser user) { 84 + public void setUser(DemoisellePrincipal user) {
81 try { 85 try {
82 JwtClaims claims = new JwtClaims(); 86 JwtClaims claims = new JwtClaims();
83 claims.setIssuer("demoiselle"); 87 claims.setIssuer("demoiselle");
@@ -95,12 +99,16 @@ public class TokensManagerImpl implements TokensManager { @@ -95,12 +99,16 @@ public class TokensManagerImpl implements TokensManager {
95 jws.setKey(rsaJsonWebKey.getPrivateKey()); 99 jws.setKey(rsaJsonWebKey.getPrivateKey());
96 jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); 100 jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
97 jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); 101 jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
98 - return jws.getCompactSerialization(); 102 + token.setKey(jws.getCompactSerialization());
99 } catch (JoseException ex) { 103 } catch (JoseException ex) {
100 logger.severe(ex.getMessage()); 104 logger.severe(ex.getMessage());
101 } 105 }
102 - return null;  
103 106
104 } 107 }
105 108
  109 + @Override
  110 + public boolean validate() {
  111 + return true;
  112 + }
  113 +
106 } 114 }
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java
View file @ffe576b
@@ -1,90 +0,0 @@ @@ -1,90 +0,0 @@
1 -/*  
2 - * To change this license header, choose License Headers in Project Properties.  
3 - * To change this template file, choose Tools | Templates  
4 - * and open the template in the editor.  
5 - */  
6 -package org.demoiselle.jee.security.basic.impl;  
7 -  
8 -import java.security.Principal;  
9 -import java.util.List;  
10 -import java.util.Map;  
11 -import java.util.UUID;  
12 -import java.util.concurrent.ConcurrentHashMap;  
13 -import java.util.logging.Logger;  
14 -import javax.enterprise.context.Dependent;  
15 -import javax.enterprise.context.RequestScoped;  
16 -import javax.inject.Inject;  
17 -import org.demoiselle.jee.core.interfaces.security.Token;  
18 -import org.demoiselle.jee.core.interfaces.security.TokensManager;  
19 -  
20 -/**  
21 - *  
22 - * @author 70744416353  
23 - */  
24 -@Dependent  
25 -public class TokensManagerImpl implements TokensManager {  
26 -  
27 - private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();  
28 -  
29 - @Inject  
30 - private Logger logger;  
31 -  
32 - @Inject  
33 - @RequestScoped  
34 - private Token token;  
35 -  
36 - @Inject  
37 - @RequestScoped  
38 - private Principal loggedUser;  
39 -  
40 - @Override  
41 - public Principal getUser() {  
42 - if (loggedUser == null) {  
43 - if (token.getKey() != null && !token.getKey().isEmpty()) {  
44 - loggedUser = repo.get(token.getKey());  
45 - return loggedUser;  
46 - }  
47 - }  
48 - return loggedUser;  
49 - }  
50 -  
51 - @Override  
52 - public void setUser(Principal user) {  
53 - String value = null;  
54 - if (!repo.containsValue(user)) {  
55 - value = UUID.randomUUID().toString();  
56 - repo.put(value, user);  
57 - token.setKey(value);  
58 - token.setType("Basic");  
59 - }  
60 - }  
61 -  
62 - @Override  
63 - public boolean validate() {  
64 - return true;//(getUser() != null && repo.get(token.getKey()).);  
65 - }  
66 -  
67 - @Override  
68 - public Token getToken() {  
69 - return token;  
70 - }  
71 -  
72 - @Override  
73 - public void setToken(Token token) {  
74 - String key = null;  
75 - if (repo.containsKey(token.getKey())) {  
76 - loggedUser = repo.get(key);  
77 - }  
78 - }  
79 -  
80 - @Override  
81 - public void setRoles(List<String> roles) {  
82 -  
83 - }  
84 -  
85 - @Override  
86 - public void setPermissions(Map<String, String> permissions) {  
87 -  
88 - }  
89 -  
90 -}  
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java 0 → 100644
  Diff comments   View file @6e126b7
@@ -0,0 +1,57 @@ @@ -0,0 +1,57 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.security.token.impl;
  7 +
  8 +import java.security.Principal;
  9 +import java.util.UUID;
  10 +import java.util.concurrent.ConcurrentHashMap;
  11 +import java.util.logging.Logger;
  12 +import javax.enterprise.context.Dependent;
  13 +import javax.enterprise.context.RequestScoped;
  14 +import javax.inject.Inject;
  15 +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  16 +import org.demoiselle.jee.core.interfaces.security.Token;
  17 +import org.demoiselle.jee.core.interfaces.security.TokensManager;
  18 +
  19 +/**
  20 + *
  21 + * @author 70744416353
  22 + */
  23 +@RequestScoped
  24 +public class TokensManagerImpl implements TokensManager {
  25 +
  26 + private final static ConcurrentHashMap<String, DemoisellePrincipal> repo = new ConcurrentHashMap<>();
  27 +
  28 + @Inject
  29 + private Logger logger;
  30 +
  31 + @Inject
  32 + private Token token;
  33 +
  34 + @Override
  35 + public DemoisellePrincipal getUser() {
  36 + if (token.getKey() != null && !token.getKey().isEmpty()) {
  37 + return repo.get(token.getKey());
  38 + }
  39 + return null;
  40 + }
  41 +
  42 + @Override
  43 + public void setUser(DemoisellePrincipal user) {
  44 + if (!repo.containsValue(user)) {
  45 + String value = UUID.randomUUID().toString();
  46 + repo.put(value, user);
  47 + token.setKey(value);
  48 + token.setType("Token");
  49 + }
  50 + }
  51 +
  52 + @Override
  53 + public boolean validate() {
  54 + return true;//(getUser() != null && repo.get(token.getKey()).);
  55 + }
  56 +
  57 +}
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
  Diff comments   View file @6e126b7
@@ -6,17 +6,14 @@ @@ -6,17 +6,14 @@
6 */ 6 */
7 package org.demoiselle.jee.security.impl; 7 package org.demoiselle.jee.security.impl;
8 8
9 -import java.security.Principal;  
10 -import java.util.List;  
11 -import java.util.Map;  
12 import javax.enterprise.context.Dependent; 9 import javax.enterprise.context.Dependent;
13 import javax.inject.Inject; 10 import javax.inject.Inject;
  11 +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
14 12
15 import org.demoiselle.jee.core.util.ResourceBundle; 13 import org.demoiselle.jee.core.util.ResourceBundle;
16 14
17 import org.demoiselle.jee.security.exception.NotLoggedInException; 15 import org.demoiselle.jee.security.exception.NotLoggedInException;
18 import org.demoiselle.jee.core.interfaces.security.SecurityContext; 16 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
19 -import org.demoiselle.jee.core.interfaces.security.Token;  
20 import org.demoiselle.jee.core.interfaces.security.TokensManager; 17 import org.demoiselle.jee.core.interfaces.security.TokensManager;
21 18
22 /** 19 /**
@@ -74,12 +71,12 @@ public class SecurityContextImpl implements SecurityContext { @@ -74,12 +71,12 @@ public class SecurityContextImpl implements SecurityContext {
74 } 71 }
75 72
76 @Override 73 @Override
77 - public Principal getUser() { 74 + public DemoisellePrincipal getUser() {
78 return tm.getUser(); 75 return tm.getUser();
79 } 76 }
80 77
81 @Override 78 @Override
82 - public void setUser(Principal loggedUser) { 79 + public void setUser(DemoisellePrincipal loggedUser) {
83 tm.setUser(loggedUser); 80 tm.setUser(loggedUser);
84 } 81 }
85 82
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
  Diff comments   View file @6e126b7
@@ -13,10 +13,10 @@ import javax.interceptor.AroundInvoke; @@ -13,10 +13,10 @@ import javax.interceptor.AroundInvoke;
13 import javax.interceptor.Interceptor; 13 import javax.interceptor.Interceptor;
14 import javax.interceptor.InvocationContext; 14 import javax.interceptor.InvocationContext;
15 import java.io.Serializable; 15 import java.io.Serializable;
16 -import java.security.Principal;  
17 import java.util.logging.Logger; 16 import java.util.logging.Logger;
18 import javax.inject.Inject; 17 import javax.inject.Inject;
19 import org.demoiselle.jee.core.annotation.Name; 18 import org.demoiselle.jee.core.annotation.Name;
  19 +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
20 import org.demoiselle.jee.core.util.ResourceBundle; 20 import org.demoiselle.jee.core.util.ResourceBundle;
21 import org.demoiselle.jee.core.util.Strings; 21 import org.demoiselle.jee.core.util.Strings;
22 import org.demoiselle.jee.security.annotation.RequiredPermission; 22 import org.demoiselle.jee.security.annotation.RequiredPermission;
@@ -40,7 +40,7 @@ public class RequiredPermissionInterceptor implements Serializable { @@ -40,7 +40,7 @@ public class RequiredPermissionInterceptor implements Serializable {
40 private SecurityContext securityContext; 40 private SecurityContext securityContext;
41 41
42 @Inject 42 @Inject
43 - private Principal loggedUser; 43 + private DemoisellePrincipal loggedUser;
44 44
45 @Inject 45 @Inject
46 private ResourceBundle bundle; 46 private ResourceBundle bundle;
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java
  Diff comments   View file @6e126b7
@@ -13,13 +13,13 @@ import javax.interceptor.AroundInvoke; @@ -13,13 +13,13 @@ import javax.interceptor.AroundInvoke;
13 import javax.interceptor.Interceptor; 13 import javax.interceptor.Interceptor;
14 import javax.interceptor.InvocationContext; 14 import javax.interceptor.InvocationContext;
15 import java.io.Serializable; 15 import java.io.Serializable;
16 -import java.security.Principal;  
17 import java.util.ArrayList; 16 import java.util.ArrayList;
18 import java.util.Arrays; 17 import java.util.Arrays;
19 import java.util.List; 18 import java.util.List;
20 19
21 import java.util.logging.Logger; 20 import java.util.logging.Logger;
22 import javax.inject.Inject; 21 import javax.inject.Inject;
  22 +import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
23 import org.demoiselle.jee.core.util.ResourceBundle; 23 import org.demoiselle.jee.core.util.ResourceBundle;
24 import org.demoiselle.jee.security.annotation.RequiredRole; 24 import org.demoiselle.jee.security.annotation.RequiredRole;
25 import org.demoiselle.jee.core.interfaces.security.SecurityContext; 25 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
@@ -42,7 +42,7 @@ public class RequiredRoleInterceptor implements Serializable { @@ -42,7 +42,7 @@ public class RequiredRoleInterceptor implements Serializable {
42 private SecurityContext securityContext; 42 private SecurityContext securityContext;
43 43
44 @Inject 44 @Inject
45 - private Principal loggedUser; 45 + private DemoisellePrincipal loggedUser;
46 46
47 @Inject 47 @Inject
48 private ResourceBundle bundle; 48 private ResourceBundle bundle;
@@ -69,7 +69,9 @@ @@ -69,7 +69,9 @@
69 <module>demoiselle-persistence-jpa</module> 69 <module>demoiselle-persistence-jpa</module>
70 <module>demoiselle-rest</module> 70 <module>demoiselle-rest</module>
71 <module>demoiselle-security</module> 71 <module>demoiselle-security</module>
  72 + <module>demoiselle-security-token</module>
72 <module>demoiselle-security-basic</module> 73 <module>demoiselle-security-basic</module>
  74 + <module>demoiselle-security-jwt</module>
73 <!--<module>demoiselle-security-jwt</module>--> 75 <!--<module>demoiselle-security-jwt</module>-->
74 </modules> 76 </modules>
75 77