This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-manager.git
The following commit(s) were added to refs/heads/master by this push:
new 4476f5e Remove JWT validation from production code (#547)
4476f5e is described below
commit 4476f5e5537c701744da80b6e9cdf9634f341723
Author: Jonathan Leitschuh <[email protected]>
AuthorDate: Wed Feb 7 06:51:47 2024 -0500
Remove JWT validation from production code (#547)
Signed-off-by: Jonathan Leitschuh <[email protected]>
---
.../apache/pulsar/manager/service/JwtService.java | 6 -----
.../manager/service/impl/JwtServiceImpl.java | 31 ++++++++--------------
.../{ => impl}/BrokerTokensServiceImplTest.java | 19 ++++++++++---
3 files changed, 27 insertions(+), 29 deletions(-)
diff --git a/src/main/java/org/apache/pulsar/manager/service/JwtService.java
b/src/main/java/org/apache/pulsar/manager/service/JwtService.java
index 64d5162..3c126d7 100644
--- a/src/main/java/org/apache/pulsar/manager/service/JwtService.java
+++ b/src/main/java/org/apache/pulsar/manager/service/JwtService.java
@@ -13,10 +13,6 @@
*/
package org.apache.pulsar.manager.service;
-import io.jsonwebtoken.Claims;
-import org.springframework.stereotype.Service;
-
-import java.security.Key;
import java.util.Optional;
public interface JwtService {
@@ -27,8 +23,6 @@ public interface JwtService {
String createBrokerToken(String role, String expiryTime);
- Claims validateBrokerToken(String token);
-
void setToken(String key, String value);
String getToken(String key);
diff --git
a/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java
b/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java
index fa460e5..fe9d816 100644
--- a/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java
+++ b/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java
@@ -13,6 +13,7 @@
*/
package org.apache.pulsar.manager.service.impl;
+import com.google.common.annotations.VisibleForTesting;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import org.apache.pulsar.manager.service.JwtService;
@@ -24,6 +25,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
+import javax.annotation.Nullable;
import java.io.IOException;
import java.security.Key;
import java.util.Date;
@@ -111,16 +113,21 @@ public class JwtServiceImpl implements JwtService {
}
}
- public String createBrokerToken(String role, String expiryTime) {
- Key signingKey;
+ @VisibleForTesting
+ @Nullable
+ Key getSigningKey() {
if (jwtBrokerTokenMode.equals("SECRET")) {
- signingKey = decodeBySecretKey();
+ return decodeBySecretKey();
} else if (jwtBrokerTokenMode.equals("PRIVATE")){
- signingKey = decodeByPrivateKey();
+ return decodeByPrivateKey();
} else {
log.info("Default disable JWT auth, please set
jwt.broker.token.mode.");
return null;
}
+ }
+
+ public String createBrokerToken(String role, String expiryTime) {
+ Key signingKey = getSigningKey();
if (signingKey == null) {
log.error("JWT Auth failed, signingKey is not empty");
return null;
@@ -144,20 +151,4 @@ public class JwtServiceImpl implements JwtService {
return null;
}
}
-
- public Claims validateBrokerToken(String token) {
- Key validationKey;
- if (jwtBrokerTokenMode.equals("SECRET")) {
- validationKey = decodeBySecretKey();
- } else if (jwtBrokerTokenMode.equals("PRIVATE")){
- validationKey = decodeByPrivateKey();
- } else {
- log.info("Default disable JWT auth, please set
jwt.broker.token.mode.");
- return null;
- }
- Jwt<?, Claims> jwt = Jwts.parser()
- .setSigningKey(validationKey)
- .parse(token);
- return jwt.getBody();
- }
}
diff --git
a/src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java
b/src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java
similarity index 78%
rename from
src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java
rename to
src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java
index 618dee7..3b936fc 100644
---
a/src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java
+++
b/src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java
@@ -11,11 +11,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.pulsar.manager.service;
+package org.apache.pulsar.manager.service.impl;
import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwt;
+import io.jsonwebtoken.Jwts;
import org.apache.pulsar.manager.PulsarManagerApplication;
import org.apache.pulsar.manager.profiles.HerdDBTestProfile;
+import org.apache.pulsar.manager.service.impl.JwtServiceImpl;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -28,6 +31,8 @@ import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
+import java.security.Key;
+
@RunWith(PowerMockRunner.class)
@PowerMockRunnerDelegate(SpringRunner.class)
@PowerMockIgnore( {"javax.*", "sun.*", "com.sun.*", "org.xml.*", "org.w3c.*"})
@@ -47,13 +52,21 @@ import org.springframework.test.context.junit4.SpringRunner;
public class BrokerTokensServiceImplTest {
@Autowired
- private JwtService jwtService;
+ private JwtServiceImpl jwtService;
+
+ public Claims validateBrokerToken(String token) {
+ Key validationKey = jwtService.getSigningKey();
+ Jwt jwt = Jwts.parser()
+ .setSigningKey(validationKey)
+ .parse(token);
+ return (Claims) jwt.getBody();
+ }
@Test
public void createBrokerTokenTest() {
String role = "test";
String token = jwtService.createBrokerToken(role, null);
- Claims jwtBody = jwtService.validateBrokerToken(token);
+ Claims jwtBody = validateBrokerToken(token);
Assert.assertEquals(role, jwtBody.getSubject());
}
}
