You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rz...@apache.org on 2024/02/02 13:33:56 UTC
(tomee) branch main updated: TOMEE-4296 - MicroProfile JWT 2.1 (#962)
This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git
The following commit(s) were added to refs/heads/main by this push:
new 61c6324c97 TOMEE-4296 - MicroProfile JWT 2.1 (#962)
61c6324c97 is described below
commit 61c6324c972e085c4f26b598b7afae55ac6f750e
Author: tichovz <10...@users.noreply.github.com>
AuthorDate: Fri Feb 2 14:33:50 2024 +0100
TOMEE-4296 - MicroProfile JWT 2.1 (#962)
* Implement MP-JWT-TCK 2.1
---
boms/tomee-microprofile-api/pom.xml | 2 +-
boms/tomee-microprofile/pom.xml | 2 +-
boms/tomee-plume-api/pom.xml | 2 +-
boms/tomee-plume/pom.xml | 2 +-
boms/tomee-plus-api/pom.xml | 2 +-
boms/tomee-plus/pom.xml | 2 +-
.../org/apache/tomee/microprofile/jwt/MPJWTFilter.java | 11 +++++++----
.../microprofile/jwt/config/JWTAuthConfiguration.java | 14 +++++++++++++-
.../jwt/config/JWTAuthConfigurationProperties.java | 6 +++++-
pom.xml | 2 +-
10 files changed, 32 insertions(+), 13 deletions(-)
diff --git a/boms/tomee-microprofile-api/pom.xml b/boms/tomee-microprofile-api/pom.xml
index 82e8f21181..3e44dcaa2d 100644
--- a/boms/tomee-microprofile-api/pom.xml
+++ b/boms/tomee-microprofile-api/pom.xml
@@ -219,7 +219,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/boms/tomee-microprofile/pom.xml b/boms/tomee-microprofile/pom.xml
index 912418f606..0e7b2a1527 100644
--- a/boms/tomee-microprofile/pom.xml
+++ b/boms/tomee-microprofile/pom.xml
@@ -1929,7 +1929,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/boms/tomee-plume-api/pom.xml b/boms/tomee-plume-api/pom.xml
index 2a198d8172..4034be43d2 100644
--- a/boms/tomee-plume-api/pom.xml
+++ b/boms/tomee-plume-api/pom.xml
@@ -219,7 +219,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/boms/tomee-plume/pom.xml b/boms/tomee-plume/pom.xml
index cfd3338217..6f0ca4ff86 100644
--- a/boms/tomee-plume/pom.xml
+++ b/boms/tomee-plume/pom.xml
@@ -2050,7 +2050,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/boms/tomee-plus-api/pom.xml b/boms/tomee-plus-api/pom.xml
index 972aea21ec..6aff812a58 100644
--- a/boms/tomee-plus-api/pom.xml
+++ b/boms/tomee-plus-api/pom.xml
@@ -230,7 +230,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/boms/tomee-plus/pom.xml b/boms/tomee-plus/pom.xml
index 03ab63e980..7a68ad7334 100644
--- a/boms/tomee-plus/pom.xml
+++ b/boms/tomee-plus/pom.xml
@@ -2072,7 +2072,7 @@
<dependency>
<groupId>org.eclipse.microprofile.jwt</groupId>
<artifactId>microprofile-jwt-auth-api</artifactId>
- <version>2.0</version>
+ <version>2.1</version>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
index 3bf36224d6..7d03074bb6 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java
@@ -425,8 +425,8 @@ public class MPJWTFilter implements Filter {
if (authContextInfo.getIssuer() != null) {
builder.setExpectedIssuer(authContextInfo.getIssuer());
}
- if (authContextInfo.getExpGracePeriodSecs() > 0) {
- builder.setAllowedClockSkewInSeconds(authContextInfo.getExpGracePeriodSecs());
+ if (authContextInfo.getClockSkew()>= 0) {
+ builder.setAllowedClockSkewInSeconds(authContextInfo.getClockSkew());
} else {
builder.setEvaluationTime(NumericDate.fromSeconds(0));
}
@@ -460,7 +460,11 @@ public class MPJWTFilter implements Filter {
builder.setEnableRequireEncryption();
}
-
+ if (authContextInfo.getTokenAge() != null){
+ builder.setRequireIssuedAt();
+ builder.setIssuedAtRestrictions(authContextInfo.getTokenAge(), authContextInfo.getTokenAge());
+ }
+
final JwtConsumer jwtConsumer = builder.build();
final JwtContext jwtContext = jwtConsumer.process(token);
final String type = jwtContext.getJoseObjects().get(0).getHeader("typ");
@@ -478,7 +482,6 @@ public class MPJWTFilter implements Filter {
}
claimsSet.setClaim(Claims.raw_token.name(), token);
principal = new JWTCallerPrincipal(token, type, claimsSet, principalName);
-
} catch (final InvalidJwtException e) {
VALIDATION.warning(e.getMessage());
throw new ParseException("Failed to verify token", e);
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfiguration.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfiguration.java
index 640f9649d8..3656c4f953 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfiguration.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfiguration.java
@@ -36,6 +36,8 @@ public class JWTAuthConfiguration {
private final String headerScheme = "Bearer";
private final boolean allowNoExpiryClaim;
private final String cookieName;
+ private final Integer tokenAge;
+ private final Integer clockSkew;
/**
* mp.jwt.verify.publickey.algorithm
@@ -54,7 +56,7 @@ public class JWTAuthConfiguration {
*/
private String decryptAlgorithm;
- public JWTAuthConfiguration(final Supplier<Map<String, Key>> publicKeys, final String issuer, final boolean allowNoExpiryClaim, final String[] audiences, final Supplier<Map<String, Key>> decryptKeys, final String header, final String cookie, final String decryptAlgorithm, final String signatureAlgorithm) {
+ public JWTAuthConfiguration(final Supplier<Map<String, Key>> publicKeys, final String issuer, final boolean allowNoExpiryClaim, final String[] audiences, final Supplier<Map<String, Key>> decryptKeys, final String header, final String cookie, final String decryptAlgorithm, final String signatureAlgorithm, final Integer tokenAge, final Integer clockSkew) {
this.publicKeys = publicKeys;
this.decryptKeys = decryptKeys;
this.issuer = issuer;
@@ -64,6 +66,8 @@ public class JWTAuthConfiguration {
this.cookieName = cookie;
this.decryptAlgorithm = decryptAlgorithm;
this.signatureAlgorithm = signatureAlgorithm;
+ this.tokenAge = tokenAge;
+ this.clockSkew = clockSkew;
}
public String getCookieName() {
@@ -109,4 +113,12 @@ public class JWTAuthConfiguration {
public String getDecryptAlgorithm() {
return decryptAlgorithm;
}
+
+ public Integer getTokenAge() {
+ return tokenAge;
+ }
+
+ public Integer getClockSkew() {
+ return clockSkew;
+ }
}
diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.java
index f258d8f4ca..bd17c75acd 100644
--- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.java
+++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.java
@@ -47,6 +47,8 @@ import static org.eclipse.microprofile.jwt.config.Names.TOKEN_COOKIE;
import static org.eclipse.microprofile.jwt.config.Names.TOKEN_HEADER;
import static org.eclipse.microprofile.jwt.config.Names.VERIFIER_PUBLIC_KEY;
import static org.eclipse.microprofile.jwt.config.Names.VERIFIER_PUBLIC_KEY_LOCATION;
+import static org.eclipse.microprofile.jwt.config.Names.TOKEN_AGE;
+import static org.eclipse.microprofile.jwt.config.Names.CLOCK_SKEW;
/**
* The purpose of this class is to create an instance of JWTAuthConfiguration using
@@ -117,7 +119,9 @@ public class JWTAuthConfigurationProperties {
config.getOptionalValue(TOKEN_HEADER, String.class).map(String::toLowerCase).orElse("authorization"),
config.getOptionalValue(TOKEN_COOKIE, String.class).map(String::toLowerCase).orElse("bearer"),
config.getOptionalValue("mp.jwt.decrypt.key.algorithm", String.class).orElse(null),
- config.getOptionalValue("mp.jwt.verify.publickey.algorithm", String.class).orElse(null));
+ config.getOptionalValue("mp.jwt.verify.publickey.algorithm", String.class).orElse(null),
+ config.getOptionalValue(TOKEN_AGE, Integer.class).orElse(null),
+ config.getOptionalValue(CLOCK_SKEW, Integer.class).orElse(0));
}
private Boolean queryAllowExp(){
diff --git a/pom.xml b/pom.xml
index 8cb0013bce..822260afbb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -179,7 +179,7 @@
<version.microprofile.config>3.0.3</version.microprofile.config>
<version.microprofile.fault-tolerance>4.0.2</version.microprofile.fault-tolerance>
<version.microprofile.health>4.0.1</version.microprofile.health>
- <version.microprofile.jwt>2.0</version.microprofile.jwt>
+ <version.microprofile.jwt>2.1</version.microprofile.jwt>
<version.microprofile.metrics>4.0.1</version.microprofile.metrics>
<version.microprofile.openapi>3.0</version.microprofile.openapi>
<version.microprofile.opentracing>3.0</version.microprofile.opentracing>