Replaced `auth0` lib with `jjwt` by `io.jsonwebtoken` that doesn't require jackson at runtime if not used
This commit is contained in:
parent
e339be5083
commit
5938bf4af8
26
pom.xml
26
pom.xml
|
@ -27,8 +27,10 @@
|
|||
</dependencyManagement>
|
||||
|
||||
<scm>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
|
||||
<connection>
|
||||
scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
|
||||
<developerConnection>
|
||||
scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
|
||||
<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
|
||||
</scm>
|
||||
|
||||
|
@ -36,6 +38,7 @@
|
|||
<java.version>1.8</java.version>
|
||||
<maven.compiler.source>${java.version}</maven.compiler.source>
|
||||
<maven.compiler.target>${java.version}</maven.compiler.target>
|
||||
<jjwt.version>0.12.5</jjwt.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
@ -66,9 +69,22 @@
|
|||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.auth0</groupId>
|
||||
<artifactId>java-jwt</artifactId>
|
||||
<version>4.4.0</version>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-api</artifactId>
|
||||
<version>${jjwt.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-impl</artifactId>
|
||||
<version>${jjwt.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-jackson</artifactId>
|
||||
<version>${jjwt.version}</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
|
|
@ -15,10 +15,9 @@ import org.gcube.com.fasterxml.jackson.databind.ObjectWriter;
|
|||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.algorithms.Algorithm;
|
||||
import com.auth0.jwt.exceptions.TokenExpiredException;
|
||||
import com.auth0.jwt.interfaces.JWTVerifier;
|
||||
import io.jsonwebtoken.ExpiredJwtException;
|
||||
import io.jsonwebtoken.JwtParser;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
|
||||
|
@ -83,35 +82,6 @@ public class ModelUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the token validity
|
||||
*
|
||||
* @param token the base64 JWT token string
|
||||
* @param rsaPublicKey the realm's RSA public key on server
|
||||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
* @throws RuntimeException if an error occurs constructing the verifier
|
||||
*/
|
||||
public static boolean isValid(String token, RSAPublicKey rsaPublicKey) throws Exception {
|
||||
return isValid(token, rsaPublicKey, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the token validity
|
||||
*
|
||||
* @param token the base64 JWT token string
|
||||
* @param rsaPublicKey the realm's RSA public key on server
|
||||
* @param checkExpiration if <code>false</code> token expiration check is disabled
|
||||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
* @throws RuntimeException if an error occurs constructing the verifier
|
||||
*/
|
||||
public static boolean isValid(String token, RSAPublicKey rsaPublicKey, boolean checkExpiration) throws Exception {
|
||||
try {
|
||||
return isValid(token, Algorithm.RSA256(rsaPublicKey, null), checkExpiration);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Cannot construct the JWT verifier", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the token validity
|
||||
*
|
||||
|
@ -121,41 +91,8 @@ public class ModelUtils {
|
|||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
* @throws RuntimeException if an error occurs constructing the verifier
|
||||
*/
|
||||
public static boolean isValid(String token, PublicKey publicKey, String keyAlgorithm) throws Exception {
|
||||
return isValid(token, publicKey, keyAlgorithm, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies the token validity
|
||||
*
|
||||
* @param token the base64 JWT token string
|
||||
* @param publicKey the realm's public key on server
|
||||
* @param keyAlgorithm the public key algorithm
|
||||
* @param checkExpiration if <code>false</code> token expiration check is disabled
|
||||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
* @throws RuntimeException if an error occurs constructing the verifier
|
||||
*/
|
||||
public static boolean isValid(String token, PublicKey publicKey, String keyAlgorithm, boolean checkExpiration) throws Exception {
|
||||
try {
|
||||
Algorithm algorithm = null;
|
||||
switch (keyAlgorithm) {
|
||||
case "RS256":
|
||||
algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
|
||||
break;
|
||||
case "RS384":
|
||||
algorithm = Algorithm.RSA384((RSAPublicKey) publicKey, null);
|
||||
break;
|
||||
case "RS512":
|
||||
algorithm = Algorithm.RSA512((RSAPublicKey) publicKey, null);
|
||||
break;
|
||||
default:
|
||||
throw new RuntimeException("Unsupported key algorithm: " + algorithm);
|
||||
}
|
||||
|
||||
return isValid(token, algorithm, checkExpiration);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Cannot construct the JWT verifier", e);
|
||||
}
|
||||
public static boolean isValid(String token, PublicKey publicKey) throws Exception {
|
||||
return isValid(token, publicKey, true);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -166,12 +103,12 @@ public class ModelUtils {
|
|||
* @param checkExpiration if <code>false</code> token expiration check is disabled
|
||||
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
|
||||
*/
|
||||
public static boolean isValid(String token, Algorithm algorithm, boolean checkExpiration) throws Exception {
|
||||
JWTVerifier verifier = JWT.require(algorithm).build();;
|
||||
public static boolean isValid(String token, PublicKey publicKey, boolean checkExpiration) throws Exception {
|
||||
JwtParser jwtParser = Jwts.parser().verifyWith(publicKey).build();
|
||||
try {
|
||||
verifier.verify(token);
|
||||
jwtParser.parse(token);
|
||||
return true;
|
||||
} catch (TokenExpiredException e) {
|
||||
} catch (ExpiredJwtException e) {
|
||||
// This is OK because expiration check is after the signature validation in the implementation
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("JWT is expired: {}", e.getMessage());
|
||||
|
@ -294,4 +231,4 @@ public class ModelUtils {
|
|||
return "";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -44,9 +44,9 @@ public class TestModelUtils {
|
|||
|
||||
// Valid signature
|
||||
Assert.assertFalse("Token is valid", ModelUtils.isValid(tr.getAccessToken(), publicKey));
|
||||
Assert.assertFalse("Token is not expired", ModelUtils.isValid(tr.getAccessToken(), publicKey, true));
|
||||
Assert.assertTrue("Token is valid", ModelUtils.isValid(tr.getAccessToken(), publicKey, false));
|
||||
Assert.assertFalse("Token signature is valid", ModelUtils.isValid(tr.getAccessToken().replace("ZV9hY2Nlc3", "ZV9hY2Nlcc"), publicKey));
|
||||
Assert.assertFalse("Token is not expired", ModelUtils.isValid(tr.getAccessToken(), publicKey, true));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in New Issue