Melhorias

PauloGladson
1 parent 765b1a94
Showing 5 changed files with 15 additions and 24 deletions Show diff stats
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
@@ -43,6 +43,9 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil
     public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) {
  
         response.getHeaders().putSingle("Demoiselle", "3.0.0");
+        response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
+        response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
+        response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
  
         if (requestContext.getMethod().equals("GET")) {
             Cache max = info.getResourceMethod().getAnnotation(Cache.class);
@@ -51,16 +54,15 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil
             }
         }
  
-        CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class);
-        if (corsAllowMethods != null) {
-            response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod());
-        }
-
-        CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class);
-        if (corsAllowOrigin != null) {
-            response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value());
-        }
-        
+//        CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class);
+//        if (corsAllowMethods != null) {
+//            response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod());
+//        }
+//
+//        CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class);
+//        if (corsAllowOrigin != null) {
+//            response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value());
+//        }        
     }
  
     @PostConstruct
@@ -8,19 +8,15 @@ package org.demoiselle.jee.security.jwt.impl;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
-import javax.enterprise.context.Dependent;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
 import org.demoiselle.jee.core.interfaces.security.Token;
 import org.demoiselle.jee.core.interfaces.security.TokensManager;
-import static org.jose4j.jwk.PublicJsonWebKey.Factory.newPublicJwk;
 import org.jose4j.jwk.RsaJsonWebKey;
 import org.jose4j.jwk.RsaJwkGenerator;
-import static org.jose4j.jwk.RsaJwkGenerator.generateJwk;
 import org.jose4j.jws.AlgorithmIdentifiers;
-import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA512;
 import org.jose4j.jws.JsonWebSignature;
 import org.jose4j.jwt.JwtClaims;
 import org.jose4j.jwt.consumer.InvalidJwtException;
@@ -51,7 +47,7 @@ public class TokensManagerImpl implements TokensManager {
  
     public TokensManagerImpl() throws JoseException {
         if (rsaJsonWebKey == null) {
-            rsaJsonWebKey = (RsaJsonWebKey) newPublicJwk(generateJwk(2048).getKey());
+            rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey());
             rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
         }
     }
@@ -108,7 +104,7 @@ public class TokensManagerImpl implements TokensManager {
             jws.setPayload(claims.toJson());
             jws.setKey(rsaJsonWebKey.getKey());
             jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
-            jws.setAlgorithmHeaderValue(HMAC_SHA512);
+            jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
             token.setKey(jws.getCompactSerialization());
             token.setType("JWT");
         } catch (JoseException ex) {
@@ -120,7 +116,7 @@ public class TokensManagerImpl implements TokensManager {
  
     @Override
     public boolean validate() {
-        return getUser() != null && getUser().getId() != null;
+        return getUser() != null;
     }
  
 }
@@ -11,8 +11,6 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.context.Dependent;
 import javax.enterprise.context.RequestScoped;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
  
@@ -6,8 +6,6 @@
  */
 package org.demoiselle.jee.security.impl;
  
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.context.Dependent;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
@@ -14,12 +14,9 @@ import java.io.Serializable;
 import java.util.logging.Logger;
 import javax.inject.Inject;
 import static javax.interceptor.Interceptor.Priority.APPLICATION;
-import javax.ws.rs.core.Response;
 import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;
 import org.demoiselle.jee.core.annotation.Name;
 import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
-import org.demoiselle.jee.core.util.ResourceBundle;
-import org.demoiselle.jee.core.util.Strings;
 import org.demoiselle.jee.security.annotation.RequiredPermission;
 import org.demoiselle.jee.core.interfaces.security.SecurityContext;
 import static org.demoiselle.jee.core.util.Strings.isEmpty;
...	...	@@ -43,6 +43,9 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil
43	43	public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) {
44	44
45	45	response.getHeaders().putSingle("Demoiselle", "3.0.0");
	46	+ response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
	47	+ response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
	48	+ response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
46	49
47	50	if (requestContext.getMethod().equals("GET")) {
48	51	Cache max = info.getResourceMethod().getAnnotation(Cache.class);
...	...	@@ -51,16 +54,15 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil
51	54	}
52	55	}
53	56
54		- CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class);
55		- if (corsAllowMethods != null) {
56		- response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod());
57		- }
58		-
59		- CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class);
60		- if (corsAllowOrigin != null) {
61		- response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value());
62		- }
63		-
	57	+// CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class);
	58	+// if (corsAllowMethods != null) {
	59	+// response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod());
	60	+// }
	61	+//
	62	+// CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class);
	63	+// if (corsAllowOrigin != null) {
	64	+// response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value());
	65	+// }
64	66	}
65	67
66	68	@PostConstruct
...	...
...	...	@@ -8,19 +8,15 @@ package org.demoiselle.jee.security.jwt.impl;
8	8	import java.util.List;
9	9	import java.util.Map;
10	10	import java.util.logging.Logger;
11		-import javax.enterprise.context.Dependent;
12	11	import javax.enterprise.context.RequestScoped;
13	12	import javax.inject.Inject;
14	13	import javax.servlet.http.HttpServletRequest;
15	14	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
16	15	import org.demoiselle.jee.core.interfaces.security.Token;
17	16	import org.demoiselle.jee.core.interfaces.security.TokensManager;
18		-import static org.jose4j.jwk.PublicJsonWebKey.Factory.newPublicJwk;
19	17	import org.jose4j.jwk.RsaJsonWebKey;
20	18	import org.jose4j.jwk.RsaJwkGenerator;
21		-import static org.jose4j.jwk.RsaJwkGenerator.generateJwk;
22	19	import org.jose4j.jws.AlgorithmIdentifiers;
23		-import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA512;
24	20	import org.jose4j.jws.JsonWebSignature;
25	21	import org.jose4j.jwt.JwtClaims;
26	22	import org.jose4j.jwt.consumer.InvalidJwtException;
...	...	@@ -51,7 +47,7 @@ public class TokensManagerImpl implements TokensManager {
51	47
52	48	public TokensManagerImpl() throws JoseException {
53	49	if (rsaJsonWebKey == null) {
54		- rsaJsonWebKey = (RsaJsonWebKey) newPublicJwk(generateJwk(2048).getKey());
	50	+ rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey());
55	51	rsaJsonWebKey.setKeyId("demoiselle-security-jwt");
56	52	}
57	53	}
...	...	@@ -108,7 +104,7 @@ public class TokensManagerImpl implements TokensManager {
108	104	jws.setPayload(claims.toJson());
109	105	jws.setKey(rsaJsonWebKey.getKey());
110	106	jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
111		- jws.setAlgorithmHeaderValue(HMAC_SHA512);
	107	+ jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512);
112	108	token.setKey(jws.getCompactSerialization());
113	109	token.setType("JWT");
114	110	} catch (JoseException ex) {
...	...	@@ -120,7 +116,7 @@ public class TokensManagerImpl implements TokensManager {
120	116
121	117	@Override
122	118	public boolean validate() {
123		- return getUser() != null && getUser().getId() != null;
	119	+ return getUser() != null;
124	120	}
125	121
126	122	}
...	...
...	...	@@ -11,8 +11,6 @@ import java.util.Map;
11	11	import java.util.Objects;
12	12	import java.util.logging.Level;
13	13	import java.util.logging.Logger;
14		-import javax.enterprise.context.ApplicationScoped;
15		-import javax.enterprise.context.Dependent;
16	14	import javax.enterprise.context.RequestScoped;
17	15	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
18	16
...	...
...	...	@@ -6,8 +6,6 @@
6	6	*/
7	7	package org.demoiselle.jee.security.impl;
8	8
9		-import javax.enterprise.context.ApplicationScoped;
10		-import javax.enterprise.context.Dependent;
11	9	import javax.enterprise.context.RequestScoped;
12	10	import javax.inject.Inject;
13	11	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
...	...
...	...	@@ -14,12 +14,9 @@ import java.io.Serializable;
14	14	import java.util.logging.Logger;
15	15	import javax.inject.Inject;
16	16	import static javax.interceptor.Interceptor.Priority.APPLICATION;
17		-import javax.ws.rs.core.Response;
18	17	import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;
19	18	import org.demoiselle.jee.core.annotation.Name;
20	19	import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal;
21		-import org.demoiselle.jee.core.util.ResourceBundle;
22		-import org.demoiselle.jee.core.util.Strings;
23	20	import org.demoiselle.jee.security.annotation.RequiredPermission;
24	21	import org.demoiselle.jee.core.interfaces.security.SecurityContext;
25	22	import static org.demoiselle.jee.core.util.Strings.isEmpty;
...	...