TOMEE-2247 - Removed CDI RequestScope from ConfigurableJWTAuthContextInfo.
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/92994d4a Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/92994d4a Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/92994d4a Branch: refs/heads/master Commit: 92994d4af4f4e6834d2c20065ee7d87e686d28c9 Parents: ac382e9 Author: Roberto Cortez <[email protected]> Authored: Fri Sep 14 15:59:15 2018 +0100 Committer: Roberto Cortez <[email protected]> Committed: Fri Dec 7 18:10:46 2018 +0000 ---------------------------------------------------------------------- .../tomee/microprofile/jwt/MPJWTFilter.java | 5 +- .../config/ConfigurableJWTAuthContextInfo.java | 76 +++++++++++++------- .../META-INF/org.apache.openejb.extension | 0 3 files changed, 51 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/92994d4a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java ---------------------------------------------------------------------- diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java index ee3be1b..6590e69 100644 --- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java +++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/MPJWTFilter.java @@ -16,6 +16,7 @@ */ package org.apache.tomee.microprofile.jwt; +import org.apache.openejb.loader.SystemInstance; import org.apache.tomee.microprofile.jwt.config.ConfigurableJWTAuthContextInfo; import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo; import org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory; @@ -92,15 +93,13 @@ public class MPJWTFilter implements Filter { @Inject private Instance<JWTAuthContextInfo> authContextInfo; - @Inject - private ConfigurableJWTAuthContextInfo configurableJWTAuthContextInfo; private Optional<JWTAuthContextInfo> getAuthContextInfo() { if (!authContextInfo.isUnsatisfied()) { return Optional.of(authContextInfo.get()); } - return configurableJWTAuthContextInfo.getJWTAuthContextInfo(); + return SystemInstance.get().getComponent(ConfigurableJWTAuthContextInfo.class).getJWTAuthContextInfo(); } private static Function<HttpServletRequest, JsonWebToken> token(final HttpServletRequest httpServletRequest, final JWTAuthContextInfo authContextInfo) { http://git-wip-us.apache.org/repos/asf/tomee/blob/92994d4a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/ConfigurableJWTAuthContextInfo.java ---------------------------------------------------------------------- diff --git a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/ConfigurableJWTAuthContextInfo.java b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/ConfigurableJWTAuthContextInfo.java index 4532336..b258088 100644 --- a/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/ConfigurableJWTAuthContextInfo.java +++ b/mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/ConfigurableJWTAuthContextInfo.java @@ -16,11 +16,13 @@ */ package org.apache.tomee.microprofile.jwt.config; +import org.apache.openejb.loader.SystemInstance; +import org.apache.openejb.observer.Observes; +import org.apache.openejb.server.cxf.rs.event.ServerCreated; import org.eclipse.microprofile.config.Config; +import org.eclipse.microprofile.config.ConfigProvider; -import javax.enterprise.context.RequestScoped; import javax.enterprise.inject.spi.DeploymentException; -import javax.inject.Inject; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -35,45 +37,64 @@ import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import java.util.Optional; import java.util.function.Supplier; +import java.util.logging.Logger; import java.util.stream.Stream; import static org.eclipse.microprofile.jwt.config.Names.ISSUER; import static org.eclipse.microprofile.jwt.config.Names.VERIFIER_PUBLIC_KEY; import static org.eclipse.microprofile.jwt.config.Names.VERIFIER_PUBLIC_KEY_LOCATION; -// TODO - This cannot be a CDI Bean, because the keys needs to be validated at deployment time. -@RequestScoped public class ConfigurableJWTAuthContextInfo { - @Inject + private static final Logger log = Logger.getLogger(ConfigurableJWTAuthContextInfo.class.getName()); + private Config config; + private JWTAuthContextInfo jwtAuthContextInfo; + + public ConfigurableJWTAuthContextInfo() { + config = ConfigProvider.getConfig(); + + SystemInstance.get().setComponent(ConfigurableJWTAuthContextInfo.class, this); + } + + public void initMPJWTConfig(@Observes final ServerCreated serverCreated) { + this.jwtAuthContextInfo = createJWTAuthContextInfo(); + } public Optional<JWTAuthContextInfo> getJWTAuthContextInfo() { - final Optional<String> publicKey = config.getOptionalValue(VERIFIER_PUBLIC_KEY, String.class); - final Optional<String> publicKeyLocation = config.getOptionalValue(VERIFIER_PUBLIC_KEY_LOCATION, String.class); - final Optional<String> issuer = config.getOptionalValue(ISSUER, String.class); - - if (publicKey.isPresent()) { - final Optional<RSAPublicKey> rsaPublicKey = readPublicKey(publicKey.get()); - if (rsaPublicKey.isPresent()) { - return Optional.of(new JWTAuthContextInfo(rsaPublicKey.get(), issuer.orElse(""))); - } - } + return Optional.ofNullable(jwtAuthContextInfo); + } - if (publicKeyLocation.isPresent()) { - final Optional<RSAPublicKey> rsaPublicKey = readPublicKey(readPublicKeyFromLocation(publicKeyLocation.get())); - if (rsaPublicKey.isPresent()) { - return Optional.of(new JWTAuthContextInfo(rsaPublicKey.get(), issuer.orElse(""))); - } - } + private Optional<String> getVerifierPublicKey() { + return config.getOptionalValue(VERIFIER_PUBLIC_KEY, String.class); + } - return Optional.empty(); + private Optional<String> getPublicKeyLocation() { + return config.getOptionalValue(VERIFIER_PUBLIC_KEY_LOCATION, String.class); + } + + private Optional<String> getIssuer() { + return config.getOptionalValue(ISSUER, String.class); } - private Optional<RSAPublicKey> readPublicKey(final String publicKey) { + private JWTAuthContextInfo createJWTAuthContextInfo() { + final Stream<Supplier<Optional<RSAPublicKey>>> possiblePublicKeys = + Stream.of(() -> getVerifierPublicKey().map(this::readPublicKey), + () -> getPublicKeyLocation().map(this::readPublicKeyFromLocation)); + + return possiblePublicKeys + .map(Supplier::get) + .filter(Optional::isPresent) + .map(Optional::get) + .findFirst() + .map(key -> new JWTAuthContextInfo(key, getIssuer().orElse(null))) + .orElse(null); + } + + private RSAPublicKey readPublicKey(final String publicKey) { return parsePCKS8(publicKey); } - private String readPublicKeyFromLocation(final String publicKeyLocation) { + private RSAPublicKey readPublicKeyFromLocation(final String publicKeyLocation) { final Stream<Supplier<Optional<String>>> possiblePublicKeysLocations = Stream.of(() -> readPublicKeyFromClasspath(publicKeyLocation), () -> readPublicKeyFromFile(publicKeyLocation), @@ -85,6 +106,7 @@ public class ConfigurableJWTAuthContextInfo { .filter(Optional::isPresent) .map(Optional::get) .findFirst() + .map(this::readPublicKey) .orElseThrow(() -> new DeploymentException("Could not read MicroProfile Public Key from Location: " + publicKeyLocation)); } @@ -145,14 +167,14 @@ public class ConfigurableJWTAuthContextInfo { return Optional.empty(); } - private Optional<RSAPublicKey> parsePCKS8(final String publicKey) { + private RSAPublicKey parsePCKS8(final String publicKey) { isPrivatePCKS8(publicKey); try { final X509EncodedKeySpec spec = new X509EncodedKeySpec(normalizeAndDecodePCKS8(publicKey)); final KeyFactory kf = KeyFactory.getInstance("RSA"); - return Optional.of((RSAPublicKey) kf.generatePublic(spec)); + return (RSAPublicKey) kf.generatePublic(spec); } catch (final NoSuchAlgorithmException | InvalidKeySpecException e) { - return Optional.empty(); + throw new DeploymentException("Could not read MicroProfile Public Key: " + publicKey, e); } } http://git-wip-us.apache.org/repos/asf/tomee/blob/92994d4a/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension ---------------------------------------------------------------------- diff --git a/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension b/mp-jwt/src/main/resources/META-INF/org.apache.openejb.extension new file mode 100644 index 0000000..e69de29
