From ad04426bec022a00d3406ea2cbeece5954f7f220 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 10 Apr 2022 10:55:53 +0200 Subject: [PATCH] Creation key private and public --- src/main/java/com/covas/TokenRessource.java | 16 +++++++++------- src/main/resources/application.properties | 6 ++++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/covas/TokenRessource.java b/src/main/java/com/covas/TokenRessource.java index 15324d9..ea7f27b 100644 --- a/src/main/java/com/covas/TokenRessource.java +++ b/src/main/java/com/covas/TokenRessource.java @@ -1,10 +1,11 @@ package com.covas; +import java.util.Arrays; +import java.util.HashSet; + import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; -import javax.enterprise.context.RequestScoped; import javax.inject.Inject; -import javax.print.attribute.standard.Media; import javax.ws.rs.CookieParam; import javax.ws.rs.GET; import javax.ws.rs.InternalServerErrorException; @@ -35,13 +36,13 @@ public class TokenRessource { private String secret = "AyM1SysPpbyDfgZld3umj1qzKObwVMko"; @GET - @Path("generate") + @Path("authentificate") @Produces(MediaType.APPLICATION_JSON) public Response getUserName(@CookieParam("jwt") String jwtCookie) { - Response response = null; if (jwtCookie == null) { // Create a JWT token signed using the 'HS256' algorithm - String newJwtCookie = Jwt.upn("Alice").signWithSecret(secret); + // String newJwtCookie = Jwt.upn("Alice").groups(new HashSet<>(Arrays.asList("User", "Admin"))).signWithSecret(secret); + String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn("Alice").groups(new HashSet<>(Arrays.asList("User", "Admin"))).sign(); // or create a JWT token encrypted using the 'A256KW' algorithm // Jwt.upn("alice").encryptWithSecret(secret); @@ -49,7 +50,8 @@ public class TokenRessource { } else { // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. try { - JsonWebToken jwt = parser.verify(jwtCookie, secret); + // jwt = parser.verify(jwtCookie, secret); + jwt = parser.parse(jwtCookie); } catch(ParseException p){ return Response.status(Response.Status.NOT_ACCEPTABLE).entity(new Jwt2("Alice", false, p.getMessage())).build(); @@ -73,7 +75,7 @@ public class TokenRessource { @Produces(MediaType.APPLICATION_JSON) public Token helloRolesAllowed(@Context SecurityContext ctx) { Token token = getResponseString(ctx); - token.birthday = jwt.getClaim("birthday").toString(); + token.name = jwt.getName().toString(); return token; } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e69de29..3e147b7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -0,0 +1,6 @@ +smallrye.jwt.sign.key.location=privateKey.pem + + + +mp.jwt.verify.publickey.location=publicKey.pem +mp.jwt.verify.issuer=https://example.com/issuer \ No newline at end of file