From 402a3100d0b95ffeb93bcf2bc0bf3d3ce7184ab9 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 4 Apr 2022 23:02:00 +0200 Subject: [PATCH] token WIP --- pom.xml | 8 ++ src/main/java/com/covas/Token.java | 33 ++++++++ src/main/java/com/covas/TokenRessource.java | 91 +++++++++++++++++++++ 3 files changed, 132 insertions(+) create mode 100644 src/main/java/com/covas/Token.java create mode 100644 src/main/java/com/covas/TokenRessource.java diff --git a/pom.xml b/pom.xml index 566f406..e7fe8c7 100644 --- a/pom.xml +++ b/pom.xml @@ -40,6 +40,14 @@ io.quarkus quarkus-resteasy + + io.quarkus + quarkus-smallrye-jwt-build + + + io.quarkus + quarkus-smallrye-jwt + io.quarkus quarkus-junit5 diff --git a/src/main/java/com/covas/Token.java b/src/main/java/com/covas/Token.java new file mode 100644 index 0000000..0786ca3 --- /dev/null +++ b/src/main/java/com/covas/Token.java @@ -0,0 +1,33 @@ +package com.covas; + +import io.quarkus.runtime.annotations.RegisterForReflection; + +@RegisterForReflection +public class Token { + + public String name; + public Boolean isHttps; + public String authScheme; + public Boolean hasJwt; + public String birthday; + + public Token(){ + this.name = "anonymous"; + this.isHttps = false; + this.authScheme = ""; + this.hasJwt = false; + this.birthday = ""; + } + + public Token(String name, Boolean isHttps, String authScheme, Boolean hasJwt){ + this.name = name; + this.isHttps = isHttps; + this.authScheme = authScheme; + this.hasJwt = hasJwt; + this.birthday = ""; + } + + + + +} diff --git a/src/main/java/com/covas/TokenRessource.java b/src/main/java/com/covas/TokenRessource.java new file mode 100644 index 0000000..a90bb17 --- /dev/null +++ b/src/main/java/com/covas/TokenRessource.java @@ -0,0 +1,91 @@ +package com.covas; + +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.print.attribute.standard.Media; +import javax.ws.rs.CookieParam; +import javax.ws.rs.GET; +import javax.ws.rs.InternalServerErrorException; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.NewCookie; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.SecurityContext; + +import io.smallrye.jwt.auth.principal.JWTParser; +import io.smallrye.jwt.auth.principal.ParseException; +import io.smallrye.jwt.build.Jwt; + +import org.eclipse.microprofile.jwt.JsonWebToken; + + +@Path("/token") +public class TokenRessource { + + + @Inject + JsonWebToken jwt; + + @Inject JWTParser parser; + + private String secret = "AyM1SysPpbyDfgZld3umj1qzKObwVMko"; + + @GET + @Path("generate") + @Produces("text/plain") + public Response getUserName(@CookieParam("jwt") String jwtCookie) throws ParseException { + Response response = null; + if (jwtCookie == null) { + // Create a JWT token signed using the 'HS256' algorithm + String newJwtCookie = Jwt.upn("Alice").signWithSecret(secret); + // or create a JWT token encrypted using the 'A256KW' algorithm + // Jwt.upn("alice").encryptWithSecret(secret); + return Response.ok("Alice").cookie(new NewCookie("jwt", newJwtCookie)).build(); + } else { + // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. + JsonWebToken jwt = parser.verify(jwtCookie, secret); + // or jwt = parser.decrypt(jwtCookie, secret); + return Response.ok(jwt.getName()).build(); + } + } + + @GET + @Path("permit-all") + @PermitAll + @Produces(MediaType.APPLICATION_JSON) + public Token hello(@Context SecurityContext ctx) { + return getResponseString(ctx); + } + + @GET + @Path("roles-allowed") + @RolesAllowed({ "User", "Admin" }) + @Produces(MediaType.APPLICATION_JSON) + public Token helloRolesAllowed(@Context SecurityContext ctx) { + Token token = getResponseString(ctx); + token.birthday = jwt.getClaim("birthday").toString(); + return token; + } + + + private Token getResponseString(SecurityContext ctx) { + String name; + if (ctx.getUserPrincipal() == null) { + name = "anonymous"; + } else if (!ctx.getUserPrincipal().getName().equals(jwt.getName())) { + throw new InternalServerErrorException("Principal and JsonWebToken names do not match"); + } else { + name = ctx.getUserPrincipal().getName(); + } + return new Token(name, ctx.isSecure(), ctx.getAuthenticationScheme(), hasJwt()); + } + + private boolean hasJwt() { + return jwt.getClaimNames() != null; + } + +}