Commit 7e9edf1d79f42c8876ef265f7d401f219501b691
1 parent
b20dad3a
Segurança e ajustes nos pacotes
Showing
4 changed files
with
8 additions
and
13 deletions
Show diff stats
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
| @@ -29,7 +29,7 @@ import org.jose4j.lang.JoseException; | @@ -29,7 +29,7 @@ import org.jose4j.lang.JoseException; | ||
| 29 | * | 29 | * |
| 30 | * @author 70744416353 | 30 | * @author 70744416353 |
| 31 | */ | 31 | */ |
| 32 | -@Dependent | 32 | +@RequestScoped |
| 33 | public class TokensManagerImpl implements TokensManager { | 33 | public class TokensManagerImpl implements TokensManager { |
| 34 | 34 | ||
| 35 | @Inject | 35 | @Inject |
| @@ -49,9 +49,6 @@ public class TokensManagerImpl implements TokensManager { | @@ -49,9 +49,6 @@ public class TokensManagerImpl implements TokensManager { | ||
| 49 | public TokensManagerImpl() throws JoseException { | 49 | public TokensManagerImpl() throws JoseException { |
| 50 | if (rsaJsonWebKey == null) { | 50 | if (rsaJsonWebKey == null) { |
| 51 | // RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048); | 51 | // RsaJsonWebKey chave = RsaJwkGenerator.generateJwk(2048); |
| 52 | -// logger.info("Se você quiser usar sua app em cluster, coloque o parametro jwt.key no app.properties e reinicie a aplicacao"); | ||
| 53 | -// logger.log(Level.INFO, "jwt.key={0}", chave); | ||
| 54 | -// logger.info("Se você não usar esse parametro, a cada reinicialização será gerada uma nova chave privada, isso inviabiliza o uso em cluster "); | ||
| 55 | rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey()); | 52 | rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey()); |
| 56 | rsaJsonWebKey.setKeyId("demoiselle-security-jwt"); | 53 | rsaJsonWebKey.setKeyId("demoiselle-security-jwt"); |
| 57 | } | 54 | } |
| @@ -78,13 +75,14 @@ public class TokensManagerImpl implements TokensManager { | @@ -78,13 +75,14 @@ public class TokensManagerImpl implements TokensManager { | ||
| 78 | if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) { | 75 | if (!ip.equalsIgnoreCase((String) jwtClaims.getClaimValue("ip"))) { |
| 79 | return null; | 76 | return null; |
| 80 | } | 77 | } |
| 78 | + return loggedUser; | ||
| 81 | } catch (InvalidJwtException ex) { | 79 | } catch (InvalidJwtException ex) { |
| 82 | loggedUser = null; | 80 | loggedUser = null; |
| 83 | token.setKey(null); | 81 | token.setKey(null); |
| 84 | logger.severe(ex.getMessage()); | 82 | logger.severe(ex.getMessage()); |
| 85 | } | 83 | } |
| 86 | } | 84 | } |
| 87 | - return loggedUser; | 85 | + return null; |
| 88 | } | 86 | } |
| 89 | 87 | ||
| 90 | @Override | 88 | @Override |
| @@ -110,6 +108,7 @@ public class TokensManagerImpl implements TokensManager { | @@ -110,6 +108,7 @@ public class TokensManagerImpl implements TokensManager { | ||
| 110 | jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); | 108 | jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); |
| 111 | jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512); | 109 | jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512); |
| 112 | token.setKey(jws.getCompactSerialization()); | 110 | token.setKey(jws.getCompactSerialization()); |
| 111 | + token.setType("JWT"); | ||
| 113 | } catch (JoseException ex) { | 112 | } catch (JoseException ex) { |
| 114 | ex.printStackTrace(); | 113 | ex.printStackTrace(); |
| 115 | // logger.severe(ex.getMessage()); | 114 | // logger.severe(ex.getMessage()); |
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
| @@ -5,13 +5,10 @@ | @@ -5,13 +5,10 @@ | ||
| 5 | */ | 5 | */ |
| 6 | package org.demoiselle.jee.security.token.impl; | 6 | package org.demoiselle.jee.security.token.impl; |
| 7 | 7 | ||
| 8 | -import java.util.Iterator; | ||
| 9 | -import java.util.Map; | ||
| 10 | import java.util.UUID; | 8 | import java.util.UUID; |
| 11 | import java.util.concurrent.ConcurrentHashMap; | 9 | import java.util.concurrent.ConcurrentHashMap; |
| 12 | import java.util.logging.Logger; | 10 | import java.util.logging.Logger; |
| 13 | import javax.enterprise.context.Dependent; | 11 | import javax.enterprise.context.Dependent; |
| 14 | -import javax.enterprise.context.RequestScoped; | ||
| 15 | import javax.inject.Inject; | 12 | import javax.inject.Inject; |
| 16 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; | 13 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; |
| 17 | import org.demoiselle.jee.core.interfaces.security.Token; | 14 | import org.demoiselle.jee.core.interfaces.security.Token; |
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java
| @@ -9,6 +9,7 @@ package org.demoiselle.jee.security.impl; | @@ -9,6 +9,7 @@ package org.demoiselle.jee.security.impl; | ||
| 9 | import java.util.List; | 9 | import java.util.List; |
| 10 | import java.util.Map; | 10 | import java.util.Map; |
| 11 | import java.util.Objects; | 11 | import java.util.Objects; |
| 12 | +import javax.enterprise.context.Dependent; | ||
| 12 | import javax.enterprise.context.RequestScoped; | 13 | import javax.enterprise.context.RequestScoped; |
| 13 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; | 14 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; |
| 14 | 15 |
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
| @@ -7,14 +7,12 @@ | @@ -7,14 +7,12 @@ | ||
| 7 | package org.demoiselle.jee.security.impl; | 7 | package org.demoiselle.jee.security.impl; |
| 8 | 8 | ||
| 9 | import javax.enterprise.context.Dependent; | 9 | import javax.enterprise.context.Dependent; |
| 10 | +import javax.enterprise.context.RequestScoped; | ||
| 10 | import javax.inject.Inject; | 11 | import javax.inject.Inject; |
| 11 | -import javax.ws.rs.core.Response; | ||
| 12 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; | 12 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; |
| 13 | 13 | ||
| 14 | import org.demoiselle.jee.core.interfaces.security.SecurityContext; | 14 | import org.demoiselle.jee.core.interfaces.security.SecurityContext; |
| 15 | import org.demoiselle.jee.core.interfaces.security.TokensManager; | 15 | import org.demoiselle.jee.core.interfaces.security.TokensManager; |
| 16 | -import org.demoiselle.jee.security.exception.DemoiselleSecurityException; | ||
| 17 | -import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; | ||
| 18 | 16 | ||
| 19 | /** | 17 | /** |
| 20 | * <p> | 18 | * <p> |
| @@ -23,7 +21,7 @@ import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; | @@ -23,7 +21,7 @@ import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; | ||
| 23 | * | 21 | * |
| 24 | * @author SERPRO | 22 | * @author SERPRO |
| 25 | */ | 23 | */ |
| 26 | -@Dependent | 24 | +@RequestScoped |
| 27 | public class SecurityContextImpl implements SecurityContext { | 25 | public class SecurityContextImpl implements SecurityContext { |
| 28 | 26 | ||
| 29 | private static final long serialVersionUID = 1L; | 27 | private static final long serialVersionUID = 1L; |
| @@ -63,7 +61,7 @@ public class SecurityContextImpl implements SecurityContext { | @@ -63,7 +61,7 @@ public class SecurityContextImpl implements SecurityContext { | ||
| 63 | */ | 61 | */ |
| 64 | @Override | 62 | @Override |
| 65 | public boolean isLoggedIn() { | 63 | public boolean isLoggedIn() { |
| 66 | - return getUser() != null; | 64 | + return getUser() != null && getUser().getId() != null; |
| 67 | } | 65 | } |
| 68 | 66 | ||
| 69 | @Override | 67 | @Override |