You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by db...@apache.org on 2022/05/14 04:38:41 UTC
[tomee] branch master updated (4e435e0d57 -> 48f01d2e8d)
This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
from 4e435e0d57 Use system line endings in GenerateBoms to reduce git status noise
new 2694ff8f86 Reformat
new 48f01d2e8d Test support for mp.jwt.verify.publickey.location
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
...dClaimsTest.java => PublicKeyLocationTest.java} | 154 ++++++++++++---------
.../tomee/microprofile/jwt/itest/Tokens.java | 13 +-
2 files changed, 103 insertions(+), 64 deletions(-)
copy itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/{MissingRequiredClaimsTest.java => PublicKeyLocationTest.java} (58%)
[tomee] 01/02: Reformat
Posted by db...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 2694ff8f86c68fe7f6d1cc94045fe8f7a03df969
Author: David Blevins <db...@tomitribe.com>
AuthorDate: Fri May 13 21:07:07 2022 -0700
Reformat
---
.../test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
index 25788c7c66..79582b0d61 100644
--- a/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
+++ b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
@@ -24,7 +24,11 @@ import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
-import java.security.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
/**
* Utilities for generating a JWT for testing
@@ -62,7 +66,7 @@ public class Tokens {
public String asToken(final String claims) throws Exception {
try {
- final JWSHeader header = new JWSHeader.Builder(new JWSAlgorithm("RS"+hashSize, Requirement.OPTIONAL))
+ final JWSHeader header = new JWSHeader.Builder(new JWSAlgorithm("RS" + hashSize, Requirement.OPTIONAL))
.type(JOSEObjectType.JWT)
.build();
[tomee] 02/02: Test support for mp.jwt.verify.publickey.location
Posted by db...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 48f01d2e8d641f5296a54eecea8d8a30281e0882
Author: David Blevins <db...@tomitribe.com>
AuthorDate: Fri May 13 21:38:29 2022 -0700
Test support for mp.jwt.verify.publickey.location
---
.../jwt/itest/PublicKeyLocationTest.java | 199 +++++++++++++++++++++
.../tomee/microprofile/jwt/itest/Tokens.java | 5 +
2 files changed, 204 insertions(+)
diff --git a/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/PublicKeyLocationTest.java b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/PublicKeyLocationTest.java
new file mode 100644
index 0000000000..4cd49c1e87
--- /dev/null
+++ b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/PublicKeyLocationTest.java
@@ -0,0 +1,199 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.tomee.microprofile.jwt.itest;
+
+import jakarta.annotation.security.RolesAllowed;
+import jakarta.enterprise.context.RequestScoped;
+import jakarta.ws.rs.ApplicationPath;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.Application;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import org.apache.cxf.feature.LoggingFeature;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.johnzon.jaxrs.JohnzonProvider;
+import org.apache.tomee.server.composer.Archive;
+import org.apache.tomee.server.composer.TomEE;
+import org.eclipse.microprofile.auth.LoginConfig;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import java.io.File;
+import java.net.URL;
+
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertEquals;
+
+public class PublicKeyLocationTest {
+
+ @Ignore("TOMEE-3964")
+ @Test
+ public void relativePathOnDisk() throws Exception {
+ final Tokens tokens = Tokens.rsa(2048, 256);
+
+ final File appJar = Archive.archive()
+ .add(PublicKeyLocationTest.class)
+ .add(ColorService.class)
+ .add(Api.class)
+ .add("META-INF/microprofile-config.properties", "#\n" +
+ "mp.jwt.verify.publickey.location=orange.pem")
+ .asJar();
+
+ final TomEE tomee = TomEE.microprofile()
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar", appJar)
+ .add("orange.pem", tokens.getEncodedPublicKey())
+// .update()
+ .build();
+
+ assertVerification(tokens, tomee);
+ }
+
+ @Test
+ public void relativePathInApp() throws Exception {
+ final Tokens tokens = Tokens.rsa(2048, 256);
+
+ final File appJar = Archive.archive()
+ .add(PublicKeyLocationTest.class)
+ .add(ColorService.class)
+ .add(Api.class)
+ .add("orange.pem", tokens.getEncodedPublicKey())
+ .add("META-INF/microprofile-config.properties", "#\n" +
+ "mp.jwt.verify.publickey.location=orange.pem")
+ .asJar();
+
+ final TomEE tomee = TomEE.microprofile()
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar", appJar)
+ .build();
+
+ assertVerification(tokens, tomee);
+ }
+
+ @Test
+ public void fileUrl() throws Exception {
+ final Tokens tokens = Tokens.rsa(2048, 256);
+
+ final File dir = Archive.archive()
+ .add("orange.pem", tokens.getEncodedPublicKey())
+ .toDir();
+
+ final File orangePem = new File(dir, "orange.pem");
+
+ final File appJar = Archive.archive()
+ .add(PublicKeyLocationTest.class)
+ .add(ColorService.class)
+ .add(Api.class)
+ .add("orange.pem", tokens.getEncodedPublicKey())
+ .add("META-INF/microprofile-config.properties", "#\n" +
+ "mp.jwt.verify.publickey.location=" + orangePem.toURI())
+ .asJar();
+
+ final TomEE tomee = TomEE.microprofile()
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar", appJar)
+ .build();
+
+ assertVerification(tokens, tomee);
+ }
+
+ @Test
+ public void httpUrl() throws Exception {
+ final Tokens tokens = Tokens.rsa(2048, 256);
+
+ final TomEE keyServer = TomEE.microprofile()
+ .add("webapps/keys/orange.pem", tokens.getEncodedPublicKey())
+ .build();
+
+ final File appJar = Archive.archive()
+ .add(PublicKeyLocationTest.class)
+ .add(ColorService.class)
+ .add(Api.class)
+ .add("orange.pem", tokens.getEncodedPublicKey())
+ .add("META-INF/microprofile-config.properties", "#\n" +
+ "mp.jwt.verify.publickey.location=" + keyServer.toURI().resolve("/keys/orange.pem"))
+ .asJar();
+
+ final TomEE tomee = TomEE.microprofile()
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar", appJar)
+ .build();
+
+ assertVerification(tokens, tomee);
+ }
+
+ private void assertVerification(final Tokens tokens, final TomEE tomee) throws Exception {
+ final WebClient webClient = createWebClient(tomee.toURI().resolve("/test").toURL());
+
+ final String claims = "{" +
+ " \"sub\":\"Jane Awesome\"," +
+ " \"iss\":\"https://server.example.com\"," +
+ " \"groups\":[\"manager\",\"user\"]," +
+ " \"jti\":\"uB3r7zOr\"," +
+ " \"exp\":2552047942" +
+ "}";
+
+ {// valid token
+ final String token = tokens.asToken(claims);
+ final Response response = webClient.reset()
+ .path("/movies")
+ .header("Content-Type", "application/json")
+ .header("Authorization", "Bearer " + token)
+ .get();
+ assertEquals(200, response.getStatus());
+ }
+
+ {// invalid token
+ final String token = tokens.asToken(claims) + "a";
+ final Response response = webClient.reset()
+ .path("/movies")
+ .header("Content-Type", "application/json")
+ .header("Authorization", "Bearer " + token)
+ .get();
+ assertEquals(401, response.getStatus());
+ }
+ }
+
+ private static WebClient createWebClient(final URL base) {
+ return WebClient.create(base.toExternalForm(), singletonList(new JohnzonProvider<>()),
+ singletonList(new LoggingFeature()), null);
+ }
+
+ @ApplicationPath("/api")
+ @LoginConfig(authMethod = "MP-JWT")
+ public class Api extends Application {
+ }
+
+ @Path("/movies")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Consumes(MediaType.APPLICATION_JSON)
+ @RequestScoped
+ public static class ColorService {
+
+ @GET
+ @RolesAllowed({"manager", "user"})
+ public String getAllMovies() {
+ return "Green";
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
index 79582b0d61..52e5805bb5 100644
--- a/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
+++ b/itests/microprofile-jwt-itests/src/test/java/org/apache/tomee/microprofile/jwt/itest/Tokens.java
@@ -29,6 +29,7 @@ import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
+import java.util.Base64;
/**
* Utilities for generating a JWT for testing
@@ -64,6 +65,10 @@ public class Tokens {
return publicKey;
}
+ public String getEncodedPublicKey() {
+ return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+ }
+
public String asToken(final String claims) throws Exception {
try {
final JWSHeader header = new JWSHeader.Builder(new JWSAlgorithm("RS" + hashSize, Requirement.OPTIONAL))