kangaroo-and-rabbit/archidata
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

[DEBUG] missing remove a last element of Zota

Browse Source
This commit is contained in:
Edouard DUPIN 2024-01-18 23:40:33 +01:00
parent 808784889b
commit 1a2302f548
4 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.classpath
View File

@ -25,7 +25,7 @@
<attribute name="optional" value="true"/> <attribute name="optional" value="true"/>
</attributes> </attributes>
</classpathentry> </classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-21"> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
<attributes> <attributes>
<attribute name="maven.pomderived" value="true"/> <attribute name="maven.pomderived" value="true"/>
</attributes> </attributes>

3
README.md
View File

@ -84,7 +84,6 @@ Reformat XML file like the pom.xml
XMLLINT_INDENT=" " xmllint --format "back/pom.xml" -o "back/pom.xml" XMLLINT_INDENT=" " xmllint --format "back/pom.xml" -o "back/pom.xml"
``` ```
Enable the pre-commit checker Enable the pre-commit checker
----------------------------- -----------------------------
@ -94,6 +93,8 @@ Enable the pre-commit checker
> **_Note_**: You can change the code in `.git/hooks/pre-commit` by replacing `formatter:verify` with `formatter:format` to auto format the code @ every commit > **_Note_**: You can change the code in `.git/hooks/pre-commit` by replacing `formatter:verify` with `formatter:format` to auto format the code @ every commit
Add Gitea in the dependency for the registry: Add Gitea in the dependency for the registry:
============================================= =============================================

28
src/org/kar/archidata/filter/AuthenticationFilter.java
View File

@ -42,14 +42,14 @@ public class AuthenticationFilter implements ContainerRequestFilter {
@Context @Context
private ResourceInfo resourceInfo; private ResourceInfo resourceInfo;
protected final String applicationName; protected final String applicationName;
private static final String AUTHENTICATION_SCHEME = "Bearer"; public static final String AUTHENTICATION_SCHEME = "Bearer";
private static final String APIKEY = "ApiKey"; public static final String APIKEY = "ApiKey";
public AuthenticationFilter(final String applicationName) { public AuthenticationFilter(final String applicationName) {
this.applicationName = applicationName; this.applicationName = applicationName;
} }
@Override @Override
public void filter(final ContainerRequestContext requestContext) throws IOException { public void filter(final ContainerRequestContext requestContext) throws IOException {
/* logger.debug("-----------------------------------------------------"); logger.debug("---- Check if have authorization ----"); /* logger.debug("-----------------------------------------------------"); logger.debug("---- Check if have authorization ----");
@ -61,7 +61,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithForbidden(requestContext, "Access blocked !!!"); abortWithForbidden(requestContext, "Access blocked !!!");
return; return;
} }
// Access allowed for all // Access allowed for all
if (method.isAnnotationPresent(PermitAll.class)) { if (method.isAnnotationPresent(PermitAll.class)) {
// logger.debug(" ==> permit all " + requestContext.getUriInfo().getPath()); // logger.debug(" ==> permit all " + requestContext.getUriInfo().getPath());
@ -74,7 +74,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithForbidden(requestContext, "Access ILLEGAL !!!"); abortWithForbidden(requestContext, "Access ILLEGAL !!!");
return; return;
} }
// Get the Authorization header from the request // Get the Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION); String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
String apikeyHeader = requestContext.getHeaderString(APIKEY); String apikeyHeader = requestContext.getHeaderString(APIKEY);
@ -129,7 +129,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithUnauthorized(requestContext, "get a NULL application ..."); abortWithUnauthorized(requestContext, "get a NULL application ...");
return; return;
} }
} }
// create the security context model: // create the security context model:
final String scheme = requestContext.getUriInfo().getRequestUri().getScheme(); final String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
@ -154,16 +154,16 @@ public class AuthenticationFilter implements ContainerRequestFilter {
requestContext.setSecurityContext(userContext); requestContext.setSecurityContext(userContext);
// logger.debug("Get local user : {} / {}", user, userByToken); // logger.debug("Get local user : {} / {}", user, userByToken);
} }
private boolean isTokenBasedAuthentication(final String authorizationHeader) { private boolean isTokenBasedAuthentication(final String authorizationHeader) {
// Check if the Authorization header is valid // Check if the Authorization header is valid
// It must not be null and must be prefixed with "Bearer" plus a whitespace // It must not be null and must be prefixed with "Bearer" plus a whitespace
// The authentication scheme comparison must be case-insensitive // The authentication scheme comparison must be case-insensitive
return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " "); return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
} }
private void abortWithUnauthorized(final ContainerRequestContext requestContext, final String message) { private void abortWithUnauthorized(final ContainerRequestContext requestContext, final String message) {
// Abort the filter chain with a 401 status code response // Abort the filter chain with a 401 status code response
// The WWW-Authenticate header is sent along with the response // The WWW-Authenticate header is sent along with the response
LOGGER.warn("abortWithUnauthorized:"); LOGGER.warn("abortWithUnauthorized:");
@ -172,18 +172,18 @@ public class AuthenticationFilter implements ContainerRequestFilter {
requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME + " base64(HEADER).base64(CONTENT).base64(KEY)").entity(ret) requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME + " base64(HEADER).base64(CONTENT).base64(KEY)").entity(ret)
.type(MediaType.APPLICATION_JSON).build()); .type(MediaType.APPLICATION_JSON).build());
} }
private void abortWithForbidden(final ContainerRequestContext requestContext, final String message) { private void abortWithForbidden(final ContainerRequestContext requestContext, final String message) {
final RestErrorResponse ret = new RestErrorResponse(Response.Status.FORBIDDEN, "FORBIDDEN", message); final RestErrorResponse ret = new RestErrorResponse(Response.Status.FORBIDDEN, "FORBIDDEN", message);
LOGGER.error("Error UUID={}", ret.uuid); LOGGER.error("Error UUID={}", ret.uuid);
requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, message).entity(ret).type(MediaType.APPLICATION_JSON).build()); requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, message).entity(ret).type(MediaType.APPLICATION_JSON).build());
} }
protected UserByToken validateToken(final String authorization) throws Exception { protected UserByToken validateToken(final String authorization) throws Exception {
LOGGER.info("Must be Override by the application implmentation, otherwise it dose not work"); LOGGER.info("Must be Override by the application implmentation, otherwise it dose not work");
return null; return null;
} }
// must be override to be good implementation // must be override to be good implementation
protected UserByToken validateJwtToken(final String authorization) throws Exception { protected UserByToken validateJwtToken(final String authorization) throws Exception {
// logger.debug(" validate token : " + authorization); // logger.debug(" validate token : " + authorization);

59
src/org/kar/archidata/tools/JWTWrapper.java
View File

@ -11,6 +11,7 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
import org.kar.archidata.filter.AuthenticationFilter;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -33,7 +34,7 @@ import com.nimbusds.jwt.SignedJWT;
class TestSigner implements JWSSigner { class TestSigner implements JWSSigner {
public static String test_signature = "TEST_SIGNATURE_FOR_LOCAL_TEST_AND_TEST_E2E"; public static String test_signature = "TEST_SIGNATURE_FOR_LOCAL_TEST_AND_TEST_E2E";
/** Signs the specified {@link JWSObject#getSigningInput input} of a {@link JWSObject JWS object}. /** Signs the specified {@link JWSObject#getSigningInput input} of a {@link JWSObject JWS object}.
* *
* @param header The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be {@code null}. * @param header The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be {@code null}.
@ -47,13 +48,13 @@ class TestSigner implements JWSSigner {
public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException {
return new Base64URL(test_signature); return new Base64URL(test_signature);
} }
@Override @Override
public Set<JWSAlgorithm> supportedJWSAlgorithms() { public Set<JWSAlgorithm> supportedJWSAlgorithms() {
// TODO Auto-generated method stub // TODO Auto-generated method stub
return Set.of(JWSAlgorithm.RS256); return Set.of(JWSAlgorithm.RS256);
} }
@Override @Override
public JCAContext getJCAContext() { public JCAContext getJCAContext() {
// TODO Auto-generated method stub // TODO Auto-generated method stub
@ -63,20 +64,20 @@ class TestSigner implements JWSSigner {
public class JWTWrapper { public class JWTWrapper {
static final Logger LOGGER = LoggerFactory.getLogger(JWTWrapper.class); static final Logger LOGGER = LoggerFactory.getLogger(JWTWrapper.class);
private static RSAKey rsaJWK = null;; private static RSAKey rsaJWK = null;
private static RSAKey rsaPublicJWK = null; private static RSAKey rsaPublicJWK = null;
public static class PublicKey { public static class PublicKey {
public String key; public String key;
public PublicKey(final String key) { public PublicKey(final String key) {
this.key = key; this.key = key;
} }
public PublicKey() {} public PublicKey() {}
} }
public static void initLocalTokenRemote(final String ssoUri, final String application) throws IOException, ParseException { public static void initLocalTokenRemote(final String ssoUri, final String application) throws IOException, ParseException {
// check Token: // check Token:
final URL obj = new URL(ssoUri + "public_key"); final URL obj = new URL(ssoUri + "public_key");
@ -89,14 +90,14 @@ public class JWTWrapper {
con.setRequestProperty("Accept", "application/json"); con.setRequestProperty("Accept", "application/json");
final String ssoToken = ConfigBaseVariable.ssoToken(); final String ssoToken = ConfigBaseVariable.ssoToken();
if (ssoToken != null) { if (ssoToken != null) {
con.setRequestProperty("Authorization", "Zota " + ssoToken); con.setRequestProperty(AuthenticationFilter.APIKEY, ssoToken);
} }
final int responseCode = con.getResponseCode(); final int responseCode = con.getResponseCode();
// LOGGER.debug("GET Response Code :: {}", responseCode); // LOGGER.debug("GET Response Code :: {}", responseCode);
if (responseCode == HttpURLConnection.HTTP_OK) { // success if (responseCode == HttpURLConnection.HTTP_OK) { // success
final BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); final BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine; String inputLine;
final StringBuffer response = new StringBuffer(); final StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) { while ((inputLine = in.readLine()) != null) {
@ -112,7 +113,7 @@ public class JWTWrapper {
} }
LOGGER.debug("GET JWT validator token not worked response code {} from {} ", responseCode, obj); LOGGER.debug("GET JWT validator token not worked response code {} from {} ", responseCode, obj);
} }
public static void initLocalToken(final String baseUUID) throws Exception { public static void initLocalToken(final String baseUUID) throws Exception {
// RSA signatures require a public and private RSA key pair, the public key // RSA signatures require a public and private RSA key pair, the public key
// must be made known to the JWS recipient in order to verify the signatures // must be made known to the JWS recipient in order to verify the signatures
@ -136,7 +137,7 @@ public class JWTWrapper {
rsaPublicJWK = null; rsaPublicJWK = null;
} }
} }
public static void initValidateToken(final String publicKey) { public static void initValidateToken(final String publicKey) {
try { try {
rsaPublicJWK = RSAKey.parse(publicKey); rsaPublicJWK = RSAKey.parse(publicKey);
@ -144,16 +145,16 @@ public class JWTWrapper {
e.printStackTrace(); e.printStackTrace();
LOGGER.debug("Can not retrieve public Key !!!!!!!! RSAKey='{}'", publicKey); LOGGER.debug("Can not retrieve public Key !!!!!!!! RSAKey='{}'", publicKey);
} }
} }
public static String getPublicKeyJson() { public static String getPublicKeyJson() {
if (rsaPublicJWK == null) { if (rsaPublicJWK == null) {
return null; return null;
} }
return rsaPublicJWK.toJSONString(); return rsaPublicJWK.toJSONString();
} }
public static java.security.interfaces.RSAPublicKey getPublicKeyJava() throws JOSEException { public static java.security.interfaces.RSAPublicKey getPublicKeyJava() throws JOSEException {
if (rsaPublicJWK == null) { if (rsaPublicJWK == null) {
return null; return null;
@ -161,7 +162,7 @@ public class JWTWrapper {
// Convert back to std Java interface // Convert back to std Java interface
return rsaPublicJWK.toRSAPublicKey(); return rsaPublicJWK.toRSAPublicKey();
} }
/** Create a token with the provided elements /** Create a token with the provided elements
* @param userID UniqueId of the USER (global unique ID) * @param userID UniqueId of the USER (global unique ID)
* @param userLogin Login of the user (never change) * @param userLogin Login of the user (never change)
@ -178,12 +179,12 @@ public class JWTWrapper {
try { try {
// Create RSA-signer with the private key // Create RSA-signer with the private key
final JWSSigner signer = new RSASSASigner(rsaJWK); final JWSSigner signer = new RSASSASigner(rsaJWK);
LOGGER.warn("timeOutInMunites= {}", timeOutInMunites); LOGGER.warn("timeOutInMunites= {}", timeOutInMunites);
final Date now = new Date(); final Date now = new Date();
LOGGER.warn("now = {}", now); LOGGER.warn("now = {}", now);
final Date expiration = new Date(new Date().getTime() - 60 * timeOutInMunites * 1000 /* millisecond */); final Date expiration = new Date(new Date().getTime() - 60 * timeOutInMunites * 1000 /* millisecond */);
LOGGER.warn("expiration= {}", expiration); LOGGER.warn("expiration= {}", expiration);
final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now) final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now)
.expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning .expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning
@ -194,7 +195,7 @@ public class JWTWrapper {
// Prepare JWT with claims set // Prepare JWT with claims set
final JWTClaimsSet claimsSet = builder.build(); final JWTClaimsSet claimsSet = builder.build();
final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet); final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet);
// Compute the RSA signature // Compute the RSA signature
signedJWT.sign(signer); signedJWT.sign(signer);
// serialize the output... // serialize the output...
@ -204,7 +205,7 @@ public class JWTWrapper {
} }
return null; return null;
} }
public static JWTClaimsSet validateToken(final String signedToken, final String isuer, final String application) { public static JWTClaimsSet validateToken(final String signedToken, final String isuer, final String application) {
try { try {
// On the consumer side, parse the JWS and verify its RSA signature // On the consumer side, parse the JWS and verify its RSA signature
@ -244,14 +245,12 @@ public class JWTWrapper {
// LOGGER.debug("JWT token is verified 'alice' =?= '" + signedJWT.getJWTClaimsSet().getSubject() + "'"); // LOGGER.debug("JWT token is verified 'alice' =?= '" + signedJWT.getJWTClaimsSet().getSubject() + "'");
// LOGGER.debug("JWT token isuer 'https://c2id.com' =?= '" + signedJWT.getJWTClaimsSet().getIssuer() + "'"); // LOGGER.debug("JWT token isuer 'https://c2id.com' =?= '" + signedJWT.getJWTClaimsSet().getIssuer() + "'");
return signedJWT.getJWTClaimsSet(); return signedJWT.getJWTClaimsSet();
} catch (final JOSEException ex) { } catch (final JOSEException | ParseException e) {
ex.printStackTrace();
} catch (final ParseException e) {
e.printStackTrace(); e.printStackTrace();
} }
return null; return null;
} }
public static String createJwtTestToken(final long userID, final String userLogin, final String isuer, final String application, final Map<String, Map<String, Object>> rights) { public static String createJwtTestToken(final long userID, final String userLogin, final String isuer, final String application, final Map<String, Map<String, Object>> rights) {
if (!ConfigBaseVariable.getTestMode()) { if (!ConfigBaseVariable.getTestMode()) {
LOGGER.error("Test mode disable !!!!!"); LOGGER.error("Test mode disable !!!!!");
@ -259,10 +258,10 @@ public class JWTWrapper {
} }
try { try {
final int timeOutInMunites = 3600; final int timeOutInMunites = 3600;
final Date now = new Date(); final Date now = new Date();
final Date expiration = new Date(new Date().getTime() + timeOutInMunites * 1000 /* ms */); final Date expiration = new Date(new Date().getTime() + timeOutInMunites * 1000 /* ms */);
final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now) final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now)
.expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning .expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning
// add right if needed: // add right if needed:
@ -272,10 +271,10 @@ public class JWTWrapper {
// Prepare JWT with claims set // Prepare JWT with claims set
final JWTClaimsSet claimsSet = builder.build(); final JWTClaimsSet claimsSet = builder.build();
final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet); final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet);
// Compute the RSA signature // Compute the RSA signature
signedJWT.sign(new TestSigner()); signedJWT.sign(new TestSigner());
// serialize the output... // serialize the output...
return signedJWT.serialize(); return signedJWT.serialize();
} catch (final Exception ex) { } catch (final Exception ex) {