You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by im...@apache.org on 2022/06/14 02:22:18 UTC
[incubator-shenyu] branch master updated: [type:optimize] upgrade jwt dependency (#3550)
This is an automated email from the ASF dual-hosted git repository.
impactcn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-shenyu.git
The following commit(s) were added to refs/heads/master by this push:
new 1fa70ff4e [type:optimize] upgrade jwt dependency (#3550)
1fa70ff4e is described below
commit 1fa70ff4e068b1e900efde4d6ceaf26dd82aadaa
Author: moremind <he...@hotmail.com>
AuthorDate: Tue Jun 14 10:22:12 2022 +0800
[type:optimize] upgrade jwt dependency (#3550)
* [type:optimize] upgrade jwt-dependency to 0.11.5
* [type:fix-bug] r4j and hystrix upgrade and test pass
* [type:optimize] logging-rocketmq dependency-upgrade
* [type:optimize] upgrade jwt to 0.11.5
* [type:optimize] upgrade jwt to 0.11.5
---
pom.xml | 2 +-
.../test/combination/MultiRequestPluginTest.java | 16 +++++++++-------
.../integrated/test/http/combination/JwtPluginTest.java | 7 ++++---
shenyu-plugin/shenyu-plugin-jwt/pom.xml | 10 ++++++++--
.../java/org/apache/shenyu/plugin/jwt/JwtPlugin.java | 9 ++++++---
.../java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java | 14 ++++++++------
6 files changed, 36 insertions(+), 22 deletions(-)
diff --git a/pom.xml b/pom.xml
index eebdaaa71..441ca6934 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
<nacos-client.version>2.0.0</nacos-client.version>
<spring-security.version>5.3.10.RELEASE</spring-security.version>
<grpc.version>1.33.1</grpc.version>
- <rocketmq-client.version>4.9.2</rocketmq-client.version>
+ <rocketmq-client.version>4.9.3</rocketmq-client.version>
<lz4-java.version>1.8.0</lz4-java.version>
<!--maven plugin version-->
<exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
diff --git a/shenyu-integrated-test/shenyu-integrated-test-combination/src/test/java/org/apache/shenyu/integrated/test/combination/MultiRequestPluginTest.java b/shenyu-integrated-test/shenyu-integrated-test-combination/src/test/java/org/apache/shenyu/integrated/test/combination/MultiRequestPluginTest.java
index c879dd5cb..b7d792c88 100644
--- a/shenyu-integrated-test/shenyu-integrated-test-combination/src/test/java/org/apache/shenyu/integrated/test/combination/MultiRequestPluginTest.java
+++ b/shenyu-integrated-test/shenyu-integrated-test-combination/src/test/java/org/apache/shenyu/integrated/test/combination/MultiRequestPluginTest.java
@@ -29,6 +29,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import io.jsonwebtoken.security.Keys;
import org.apache.shenyu.common.dto.ConditionData;
import org.apache.shenyu.common.dto.PluginData;
import org.apache.shenyu.common.dto.convert.rule.RateLimiterHandle;
@@ -133,7 +134,8 @@ public final class MultiRequestPluginTest extends AbstractPluginDataInit {
}
private void setupJWT() throws IOException {
- String pluginResult = initPlugin(PluginEnum.JWT.getName(), "{\"secretKey\":\"key00000\"}");
+ // HMAC-SHA algorithms MUST have a size >= 256 bits
+ String pluginResult = initPlugin(PluginEnum.JWT.getName(), "{\"secretKey\":\"shenyu-test-shenyu-test-shenyu-test\"}");
assertThat(pluginResult, is("success"));
String selectorAndRulesResult =
initSelectorAndRules(PluginEnum.JWT.getName(), "", buildSelectorConditionList(), buildRuleLocalDataList4JWT());
@@ -307,8 +309,8 @@ public final class MultiRequestPluginTest extends AbstractPluginDataInit {
setupJWT();
setupRedirect();
- final String key = "key00000";
- final String token = Jwts.builder().setId("1001").signWith(SignatureAlgorithm.HS256, key.getBytes(StandardCharsets.UTF_8)).compact();
+ final String key = "shenyu-test-shenyu-test-shenyu-test";
+ final String token = Jwts.builder().setId("1001").signWith(Keys.hmacShaKeyFor(key.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256).compact();
Map<String, Object> headers = new HashMap<>();
headers.put("token", token);
PluginData pluginData = new PluginData();
@@ -357,8 +359,8 @@ public final class MultiRequestPluginTest extends AbstractPluginDataInit {
setupJWT();
setupRewrite();
- final String key = "key00000";
- final String token = Jwts.builder().setId("1001").signWith(SignatureAlgorithm.HS256, key.getBytes(StandardCharsets.UTF_8)).compact();
+ final String key = "shenyu-test-shenyu-test-shenyu-test";
+ final String token = Jwts.builder().setId("1001").signWith(Keys.hmacShaKeyFor(key.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256).compact();
Map<String, Object> headers = new HashMap<>();
headers.put("token", token);
@@ -436,8 +438,8 @@ public final class MultiRequestPluginTest extends AbstractPluginDataInit {
setupRateLimiter(algorithmName);
setupJWT();
- final String key = "key00000";
- final String token = Jwts.builder().setId("1001").signWith(SignatureAlgorithm.HS256, key.getBytes(StandardCharsets.UTF_8)).compact();
+ final String key = "shenyu-test-shenyu-test-shenyu-test";
+ final String token = Jwts.builder().setId("1001").signWith(Keys.hmacShaKeyFor(key.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256).compact();
Map<String, Object> headers = new HashMap<>();
headers.put("token", token);
diff --git a/shenyu-integrated-test/shenyu-integrated-test-http/src/test/java/org/apache/shenyu/integrated/test/http/combination/JwtPluginTest.java b/shenyu-integrated-test/shenyu-integrated-test-http/src/test/java/org/apache/shenyu/integrated/test/http/combination/JwtPluginTest.java
index 342b64be0..0ca08002c 100644
--- a/shenyu-integrated-test/shenyu-integrated-test-http/src/test/java/org/apache/shenyu/integrated/test/http/combination/JwtPluginTest.java
+++ b/shenyu-integrated-test/shenyu-integrated-test-http/src/test/java/org/apache/shenyu/integrated/test/http/combination/JwtPluginTest.java
@@ -19,6 +19,7 @@ package org.apache.shenyu.integrated.test.http.combination;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
import org.apache.shenyu.common.dto.ConditionData;
import org.apache.shenyu.common.enums.OperatorEnum;
import org.apache.shenyu.common.enums.ParamTypeEnum;
@@ -45,7 +46,7 @@ public final class JwtPluginTest extends AbstractPluginDataInit {
@BeforeAll
public static void setup() throws IOException {
- String pluginResult = initPlugin(PluginEnum.JWT.getName(), "{\"secretKey\":\"key00000\"}");
+ String pluginResult = initPlugin(PluginEnum.JWT.getName(), "{\"secretKey\":\"shenyu-test-shenyu-test-shenyu-test\"}");
assertThat(pluginResult, is("success"));
String selectorAndRulesResult = initSelectorAndRules(PluginEnum.JWT.getName(), "", buildSelectorConditionList(), buildRuleLocalDataList());
assertThat(selectorAndRulesResult, is("success"));
@@ -53,9 +54,9 @@ public final class JwtPluginTest extends AbstractPluginDataInit {
@Test
public void testJwt() throws IOException {
- final String key = "key00000";
+ final String key = "shenyu-test-shenyu-test-shenyu-test";
final String testPath = "/http/test/findByUserId?userId=1001";
- final String token = Jwts.builder().setId("1001").signWith(SignatureAlgorithm.HS256, key.getBytes(StandardCharsets.UTF_8)).compact();
+ final String token = Jwts.builder().setId("1001").signWith(Keys.hmacShaKeyFor(key.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256).compact();
Map<String, Object> headers = new HashMap<>();
// send request with fake jwt
diff --git a/shenyu-plugin/shenyu-plugin-jwt/pom.xml b/shenyu-plugin/shenyu-plugin-jwt/pom.xml
index 8f0c49afe..dc592e133 100644
--- a/shenyu-plugin/shenyu-plugin-jwt/pom.xml
+++ b/shenyu-plugin/shenyu-plugin-jwt/pom.xml
@@ -26,7 +26,7 @@
<artifactId>shenyu-plugin-jwt</artifactId>
<properties>
- <jjwt.version>0.9.0</jjwt.version>
+ <jjwt.version>0.11.5</jjwt.version>
</properties>
<dependencies>
@@ -48,7 +48,13 @@
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
- <artifactId>jjwt</artifactId>
+ <artifactId>jjwt-impl</artifactId>
+ <version>${jjwt.version}</version>
+ </dependency>
+ <!-- jjwt must use jjwt-jackson or gson -->
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-jackson</artifactId>
<version>${jjwt.version}</version>
</dependency>
</dependencies>
diff --git a/shenyu-plugin/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java b/shenyu-plugin/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
index bc6068b3a..1e53aa10e 100644
--- a/shenyu-plugin/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
+++ b/shenyu-plugin/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
@@ -19,6 +19,7 @@ package org.apache.shenyu.plugin.jwt;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtParser;
+import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jwts;
import org.apache.commons.lang3.StringUtils;
import org.apache.shenyu.common.dto.RuleData;
@@ -123,10 +124,12 @@ public class JwtPlugin extends AbstractShenyuPlugin {
if (StringUtils.isEmpty(authorization)) {
return null;
}
- JwtParser jwtParser = Jwts.parser();
+ JwtParserBuilder jwtParserBuilder = Jwts.parserBuilder();
+ JwtParser jwtParser = jwtParserBuilder.build();
if (jwtParser.isSigned(authorization)) {
- jwtParser.setSigningKey(secretKey.getBytes(StandardCharsets.UTF_8));
- Jwt jwt = ThrowingFunction.wrap(() -> jwtParser.parse(authorization));
+ jwtParserBuilder.setSigningKey(secretKey.getBytes(StandardCharsets.UTF_8));
+ JwtParser jwtParserExec = jwtParserBuilder.build();
+ Jwt jwt = ThrowingFunction.wrap(() -> jwtParserExec.parse(authorization));
if (jwt == null) {
return null;
}
diff --git a/shenyu-plugin/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java b/shenyu-plugin/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
index f9308fe56..77589402a 100644
--- a/shenyu-plugin/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
+++ b/shenyu-plugin/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
@@ -19,6 +19,7 @@ package org.apache.shenyu.plugin.jwt;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
import org.apache.shenyu.common.dto.PluginData;
import org.apache.shenyu.common.dto.RuleData;
import org.apache.shenyu.common.dto.SelectorData;
@@ -30,6 +31,7 @@ import org.apache.shenyu.plugin.api.result.DefaultShenyuResult;
import org.apache.shenyu.plugin.api.result.ShenyuResult;
import org.apache.shenyu.plugin.api.utils.SpringBeanUtils;
import org.apache.shenyu.plugin.jwt.handle.JwtPluginDataHandler;
+import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.context.ConfigurableApplicationContext;
@@ -46,7 +48,6 @@ import java.util.HashMap;
import java.util.Map;
import java.util.List;
-import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -74,13 +75,14 @@ public final class JwtPluginTest {
when(context.getBean(ShenyuResult.class)).thenReturn(new DefaultShenyuResult());
SpringBeanUtils springBeanUtils = SpringBeanUtils.getInstance();
springBeanUtils.setApplicationContext(context);
- PluginData pluginData = new PluginData("pluginId", "pluginName", "{\"secretKey\":\"shenyu\"}", "0", false);
+ PluginData pluginData = new PluginData("pluginId", "pluginName", "{\"secretKey\":\"shenyu-test-shenyu-test-shenyu-test\"}", "0", false);
JwtPluginDataHandler jwtPluginDataHandler = new JwtPluginDataHandler();
jwtPluginDataHandler.handlerPlugin(pluginData);
selectorData = mock(SelectorData.class);
ruleData = new RuleData();
jwtPluginUnderTest = new JwtPlugin();
- final String secreteKey = "shenyu";
+ // HMAC-SHA algorithms MUST have a size >= 256 bits
+ final String secreteKey = "shenyu-test-shenyu-test-shenyu-test";
Map<String, Object> map = new HashMap<>();
map.put("userId", 1);
Map<String, Object> multi = new HashMap<>();
@@ -92,7 +94,7 @@ public final class JwtPluginTest {
.setIssuedAt(date)
.setExpiration(new Date())
.setClaims(map)
- .signWith(SignatureAlgorithm.HS256, secreteKey.getBytes(StandardCharsets.UTF_8))
+ .signWith(Keys.hmacShaKeyFor(secreteKey.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256)
.compact();
jwtRuleHandle = new JwtRuleHandle();
@@ -147,13 +149,13 @@ public final class JwtPluginTest {
@Test
public void testNamed() {
final String result = jwtPluginUnderTest.named();
- assertEquals(PluginEnum.JWT.getName(), result);
+ Assertions.assertEquals(PluginEnum.JWT.getName(), result);
}
@Test
public void testGetOrder() {
final int result = jwtPluginUnderTest.getOrder();
- assertEquals(PluginEnum.JWT.getCode(), result);
+ Assertions.assertEquals(PluginEnum.JWT.getCode(), result);
}
}