Commit 7e9edf1d79f42c8876ef265f7d401f219501b691

Authored by PauloGladson
1 parent b20dad3a

Segurança e ajustes nos pacotes

demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
... ... @@ -29,7 +29,7 @@ import org.jose4j.lang.JoseException;
29 29 *
30 30 * @author 70744416353
31 31 */
32   -@Dependent
  32 +@RequestScoped
33 33 public class TokensManagerImpl implements TokensManager {
34 34  
35 35 @Inject
... ... @@ -49,9 +49,6 @@ public class TokensManagerImpl implements TokensManager {
49 49 public TokensManagerImpl() throws JoseException {
50 50 if (rsaJsonWebKey == null) {
51 51 // RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
52   -// logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
53   -// logger.log(Level.INFO, "jwt.key={0}", chave);
54   -// logger.info("Se você não usar esse parametro, a cada reinicialização será gerada uma nova chave privada, isso inviabiliza o uso em cluster ");
55 52 rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey());
56 53 rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
57 54 }
... ... @@ -78,13 +75,14 @@ public class TokensManagerImpl implements TokensManager {
78 75 if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
79 76 return null;
80 77 }
  78 + return loggedUser;
81 79 } catch (InvalidJwtException ex) {
82 80 loggedUser = null;
83 81 token.setKey(null);
84 82 logger.severe(ex.getMessage());
85 83 }
86 84 }
87   - return loggedUser;
  85 + return null;
88 86 }
89 87  
90 88 @Override
... ... @@ -110,6 +108,7 @@ public class TokensManagerImpl implements TokensManager {
110 108 jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
111 109 jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
112 110 token.setKey(jws.getCompactSerialization());
  111 + token.setType("JWT");
113 112 } catch (JoseException ex) {
114 113 ex.printStackTrace();
115 114 // logger.severe(ex.getMessage());
... ...
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
... ... @@ -5,13 +5,10 @@
5 5 */
6 6 package org.demoiselle.jee.security.token.impl;
7 7  
8   -import java.util.Iterator;
9   -import java.util.Map;
10 8 import java.util.UUID;
11 9 import java.util.concurrent.ConcurrentHashMap;
12 10 import java.util.logging.Logger;
13 11 import javax.enterprise.context.Dependent;
14   -import javax.enterprise.context.RequestScoped;
15 12 import javax.inject.Inject;
16 13 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
17 14 import org.demoiselle.jee.core.interfaces.security.Token;
... ...
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java
... ... @@ -9,6 +9,7 @@ package org.demoiselle.jee.security.impl;
9 9 import java.util.List;
10 10 import java.util.Map;
11 11 import java.util.Objects;
  12 +import javax.enterprise.context.Dependent;
12 13 import javax.enterprise.context.RequestScoped;
13 14 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
14 15  
... ...
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
... ... @@ -7,14 +7,12 @@
7 7 package org.demoiselle.jee.security.impl;
8 8  
9 9 import javax.enterprise.context.Dependent;
  10 +import javax.enterprise.context.RequestScoped;
10 11 import javax.inject.Inject;
11   -import javax.ws.rs.core.Response;
12 12 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
13 13  
14 14 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
15 15 import org.demoiselle.jee.core.interfaces.security.TokensManager;
16   -import org.demoiselle.jee.security.exception.DemoiselleSecurityException;
17   -import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
18 16  
19 17 /**
20 18 * <p>
... ... @@ -23,7 +21,7 @@ import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
23 21 *
24 22 * @author SERPRO
25 23 */
26   -@Dependent
  24 +@RequestScoped
27 25 public class SecurityContextImpl implements SecurityContext {
28 26  
29 27 private static final long serialVersionUID = 1L;
... ... @@ -63,7 +61,7 @@ public class SecurityContextImpl implements SecurityContext {
63 61 */
64 62 @Override
65 63 public boolean isLoggedIn() {
66   - return getUser() != null;
  64 + return getUser() != null && getUser().getId() != null;
67 65 }
68 66  
69 67 @Override
... ...