Commit e4eb0b693b618f5d46611a29a842ca2d010e998a
1 parent
b0000174
Ajuste nos escopos e correções no JWT
Showing
6 changed files
with
15 additions
and
20 deletions
Show diff stats
demoiselle-security-jwt/pom.xml
... | ... | @@ -26,14 +26,7 @@ |
26 | 26 | <dependency> |
27 | 27 | <groupId>org.bitbucket.b_c</groupId> |
28 | 28 | <artifactId>jose4j</artifactId> |
29 | - <version>0.4.1</version> | |
30 | - </dependency> | |
31 | - | |
32 | - <dependency> | |
33 | - <groupId>com.google.code.gson</groupId> | |
34 | - <artifactId>gson</artifactId> | |
35 | - <version>2.2.2</version> | |
36 | - <scope>compile</scope> | |
29 | + <version>0.5.2</version> | |
37 | 30 | </dependency> |
38 | 31 | |
39 | 32 | </dependencies> | ... | ... |
demoiselle-security-jwt/src/main/java/org/demoiselle/jee/security/jwt/impl/TokensManagerImpl.java
... | ... | @@ -14,6 +14,7 @@ import javax.servlet.http.HttpServletRequest; |
14 | 14 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; |
15 | 15 | import org.demoiselle.jee.core.interfaces.security.Token; |
16 | 16 | import org.demoiselle.jee.core.interfaces.security.TokensManager; |
17 | +import org.jose4j.jwk.JsonWebKey; | |
17 | 18 | import org.jose4j.jwk.RsaJsonWebKey; |
18 | 19 | import org.jose4j.jwk.RsaJwkGenerator; |
19 | 20 | import org.jose4j.jws.AlgorithmIdentifiers; |
... | ... | @@ -47,7 +48,8 @@ public class TokensManagerImpl implements TokensManager { |
47 | 48 | |
48 | 49 | public TokensManagerImpl() throws JoseException { |
49 | 50 | if (rsaJsonWebKey == null) { |
50 | - rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(RsaJwkGenerator.generateJwk(2048).getKey()); | |
51 | + String chave = RsaJwkGenerator.generateJwk(2048).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE); | |
52 | + rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk(chave); | |
51 | 53 | rsaJsonWebKey.setKeyId("demoiselle-security-jwt"); |
52 | 54 | } |
53 | 55 | } |
... | ... | @@ -61,7 +63,8 @@ public class TokensManagerImpl implements TokensManager { |
61 | 63 | .setAllowedClockSkewInSeconds(60) // allow some leeway in validating time based claims to account for clock skew |
62 | 64 | .setExpectedIssuer("demoiselle") // whom the JWT needs to have been issued by |
63 | 65 | .setExpectedAudience("demoiselle") // to whom the JWT is intended for |
64 | - .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key | |
66 | + .setDecryptionKey(rsaJsonWebKey.getPrivateKey()) // decrypt with the receiver's private key | |
67 | + .setVerificationKey(rsaJsonWebKey.getPublicKey()) | |
65 | 68 | .build(); // create the JwtConsumer instance |
66 | 69 | JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey()); |
67 | 70 | loggedUser.setId((String) jwtClaims.getClaimValue("id")); |
... | ... | @@ -102,14 +105,14 @@ public class TokensManagerImpl implements TokensManager { |
102 | 105 | |
103 | 106 | JsonWebSignature jws = new JsonWebSignature(); |
104 | 107 | jws.setPayload(claims.toJson()); |
105 | - jws.setKey(rsaJsonWebKey.getKey()); | |
108 | + jws.setKey(rsaJsonWebKey.getRsaPrivateKey()); | |
106 | 109 | jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); |
107 | - jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512); | |
110 | + jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); | |
108 | 111 | token.setKey(jws.getCompactSerialization()); |
109 | 112 | token.setType("JWT"); |
110 | 113 | } catch (JoseException ex) { |
111 | - ex.printStackTrace(); | |
112 | - // logger.severe(ex.getMessage()); | |
114 | + //ex.printStackTrace(); | |
115 | + logger.severe(ex.getMessage()); | |
113 | 116 | } |
114 | 117 | |
115 | 118 | } | ... | ... |
demoiselle-security-token/src/main/java/org/demoiselle/jee/security/token/impl/TokensManagerImpl.java
... | ... | @@ -8,7 +8,7 @@ package org.demoiselle.jee.security.token.impl; |
8 | 8 | import static java.util.UUID.randomUUID; |
9 | 9 | import java.util.concurrent.ConcurrentHashMap; |
10 | 10 | import java.util.logging.Logger; |
11 | -import javax.enterprise.context.Dependent; | |
11 | +import javax.enterprise.context.ApplicationScoped; | |
12 | 12 | import javax.inject.Inject; |
13 | 13 | import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; |
14 | 14 | import org.demoiselle.jee.core.interfaces.security.Token; |
... | ... | @@ -18,10 +18,10 @@ import org.demoiselle.jee.core.interfaces.security.TokensManager; |
18 | 18 | * |
19 | 19 | * @author 70744416353 |
20 | 20 | */ |
21 | -@Dependent | |
21 | +@ApplicationScoped | |
22 | 22 | public class TokensManagerImpl implements TokensManager { |
23 | 23 | |
24 | - private static ConcurrentHashMap<String, DemoisellePrincipal> repo = new ConcurrentHashMap<>(); | |
24 | + private ConcurrentHashMap<String, DemoisellePrincipal> repo = new ConcurrentHashMap<>(); | |
25 | 25 | |
26 | 26 | @Inject |
27 | 27 | private Logger logger; |
... | ... | @@ -56,7 +56,7 @@ public class TokensManagerImpl implements TokensManager { |
56 | 56 | |
57 | 57 | @Override |
58 | 58 | public boolean validate() { |
59 | - return getUser() != null && getUser().getId() != null; | |
59 | + return getUser() != null; | |
60 | 60 | } |
61 | 61 | |
62 | 62 | } | ... | ... |
demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
... | ... | @@ -76,7 +76,6 @@ public class RequiredPermissionInterceptor implements Serializable { |
76 | 76 | } |
77 | 77 | |
78 | 78 | if (!securityContext.hasPermission(resource, operation)) { |
79 | - logger.severe(bundle.doesNotHavePermission(operation, resource)); | |
80 | 79 | throw new DemoiselleSecurityException(bundle.doesNotHavePermission(operation, resource), UNAUTHORIZED.getStatusCode()); |
81 | 80 | } |
82 | 81 | ... | ... |
demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java
... | ... | @@ -83,7 +83,6 @@ public class RequiredRoleInterceptor implements Serializable { |
83 | 83 | } |
84 | 84 | |
85 | 85 | if (userRoles.isEmpty()) { |
86 | - logger.severe(bundle.doesNotHaveRole(roles.toString())); | |
87 | 86 | throw new DemoiselleSecurityException(bundle.doesNotHaveRole(roles.toString()), UNAUTHORIZED.getStatusCode()); |
88 | 87 | } |
89 | 88 | ... | ... |