Segurança e ajustes nos pacotes

PauloGladson
1 parent b20dad3a
Showing 4 changed files with 8 additions and 13 deletions Show diff stats
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
@@ -29,7 +29,7 @@ import org.jose4j.lang.JoseException;
  *
  * @author 70744416353
  */
-@Dependent
+@RequestScoped
 public class TokensManagerImpl implements TokensManager {
  
     @Inject
@@ -49,9 +49,6 @@ public class TokensManagerImpl implements TokensManager {
     public TokensManagerImpl() throws JoseException {
         if (rsaJsonWebKey == null) {
 //        RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
-//        logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
-//        logger.log(Level.INFO, "jwt.key={0}", chave);
-//        logger.info("Se você não usar esse parametro, a cada reinicialização será gerada uma nova chave privada, isso inviabiliza o uso em cluster ");
             rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey());
             rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
         }
@@ -78,13 +75,14 @@ public class TokensManagerImpl implements TokensManager {
                 if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
                     return null;
                 }
+                return loggedUser;
             } catch (InvalidJwtException ex) {
                 loggedUser = null;
                 token.setKey(null);
                 logger.severe(ex.getMessage());
             }
         }
-        return loggedUser;
+        return null;
     }
  
     @Override
@@ -110,6 +108,7 @@ public class TokensManagerImpl implements TokensManager {
             jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
             jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
             token.setKey(jws.getCompactSerialization());
+            token.setType("JWT");
         } catch (JoseException ex) {
             ex.printStackTrace();
             //  logger.severe(ex.getMessage());
@@ -5,13 +5,10 @@
  */
 package org.demoiselle.jee.security.token.impl;
  
-import java.util.Iterator;
-import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Logger;
 import javax.enterprise.context.Dependent;
-import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.interfaces.security.Token;
@@ -9,6 +9,7 @@ package org.demoiselle.jee.security.impl;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import javax.enterprise.context.Dependent;
 import javax.enterprise.context.RequestScoped;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  
@@ -7,14 +7,12 @@
 package org.demoiselle.jee.security.impl;
  
 import javax.enterprise.context.Dependent;
+import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
-import javax.ws.rs.core.Response;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  
 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
 import org.demoiselle.jee.core.interfaces.security.TokensManager;
-import org.demoiselle.jee.security.exception.DemoiselleSecurityException;
-import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
  
 /**
  * <p>
@@ -23,7 +21,7 @@ import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
  *
  * @author SERPRO
  */
-@Dependent
+@RequestScoped
 public class SecurityContextImpl implements SecurityContext {
  
     private static final long serialVersionUID = 1L;
@@ -63,7 +61,7 @@ public class SecurityContextImpl implements SecurityContext {
      */
     @Override
     public boolean isLoggedIn() {
-        return getUser() != null;
+        return getUser() != null && getUser().getId() != null;
     }
  
     @Override
...	...	@@ -29,7 +29,7 @@ import org.jose4j.lang.JoseException;
29	29	*
30	30	* @author 70744416353
31	31	*/
32		-@Dependent
	32	+@RequestScoped
33	33	public class TokensManagerImpl implements TokensManager {
34	34
35	35	@Inject
...	...	@@ -49,9 +49,6 @@ public class TokensManagerImpl implements TokensManager {
49	49	public TokensManagerImpl() throws JoseException {
50	50	if (rsaJsonWebKey == null) {
51	51	// RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048);
52		-// logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao");
53		-// logger.log(Level.INFO, "jwt.key={0}", chave);
54		-// logger.info("Se você não usar esse parametro, a cada reinicialização será gerada uma nova chave privada, isso inviabiliza o uso em cluster ");
55	52	rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey());
56	53	rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
57	54	}
...	...	@@ -78,13 +75,14 @@ public class TokensManagerImpl implements TokensManager {
78	75	if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) {
79	76	return null;
80	77	}
	78	+ return loggedUser;
81	79	} catch (InvalidJwtException ex) {
82	80	loggedUser = null;
83	81	token.setKey(null);
84	82	logger.severe(ex.getMessage());
85	83	}
86	84	}
87		- return loggedUser;
	85	+ return null;
88	86	}
89	87
90	88	@Override
...	...	@@ -110,6 +108,7 @@ public class TokensManagerImpl implements TokensManager {
110	108	jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
111	109	jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
112	110	token.setKey(jws.getCompactSerialization());
	111	+ token.setType("JWT");
113	112	} catch (JoseException ex) {
114	113	ex.printStackTrace();
115	114	// logger.severe(ex.getMessage());
...	...
...	...	@@ -5,13 +5,10 @@
5	5	*/
6	6	package org.demoiselle.jee.security.token.impl;
7	7
8		-import java.util.Iterator;
9		-import java.util.Map;
10	8	import java.util.UUID;
11	9	import java.util.concurrent.ConcurrentHashMap;
12	10	import java.util.logging.Logger;
13	11	import javax.enterprise.context.Dependent;
14		-import javax.enterprise.context.RequestScoped;
15	12	import javax.inject.Inject;
16	13	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
17	14	import org.demoiselle.jee.core.interfaces.security.Token;
...	...
...	...	@@ -9,6 +9,7 @@ package org.demoiselle.jee.security.impl;
9	9	import java.util.List;
10	10	import java.util.Map;
11	11	import java.util.Objects;
	12	+import javax.enterprise.context.Dependent;
12	13	import javax.enterprise.context.RequestScoped;
13	14	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
14	15
...	...
...	...	@@ -7,14 +7,12 @@
7	7	package org.demoiselle.jee.security.impl;
8	8
9	9	import javax.enterprise.context.Dependent;
	10	+import javax.enterprise.context.RequestScoped;
10	11	import javax.inject.Inject;
11		-import javax.ws.rs.core.Response;
12	12	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
13	13
14	14	import org.demoiselle.jee.core.interfaces.security.SecurityContext;
15	15	import org.demoiselle.jee.core.interfaces.security.TokensManager;
16		-import org.demoiselle.jee.security.exception.DemoiselleSecurityException;
17		-import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
18	16
19	17	/**
20	18	* <p>
...	...	@@ -23,7 +21,7 @@ import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;
23	21	*
24	22	* @author SERPRO
25	23	*/
26		-@Dependent
	24	+@RequestScoped
27	25	public class SecurityContextImpl implements SecurityContext {
28	26
29	27	private static final long serialVersionUID = 1L;
...	...	@@ -63,7 +61,7 @@ public class SecurityContextImpl implements SecurityContext {
63	61	*/
64	62	@Override
65	63	public boolean isLoggedIn() {
66		- return getUser() != null;
	64	+ return getUser() != null && getUser().getId() != null;
67	65	}
68	66
69	67	@Override
...	...