GERONIMO-6740 run-as feature + small dependencies upgrades
diff --git a/README.adoc b/README.adoc
index 2a55f71..1741f82 100644
--- a/README.adoc
+++ b/README.adoc
@@ -108,3 +108,8 @@
----
IMPORTANT: in any case it is not recommended to use CDI `Principal` API, always prefer `JsonWebToken` one.
+
+== Run-as
+
+To enable a "run as" feature - i.e. don't go through the JWT validation etc but still propagate a JWT considered as valid,
+you can set the servlet attribute `org.eclipse.microprofile.jwt.JsonWebToken` with an implementation of that API.
diff --git a/pom.xml b/pom.xml
index 7ef2740..b377b7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,7 +41,7 @@
</scm>
<properties>
- <spec.version>1.1</spec.version>
+ <spec.version>1.1.1</spec.version>
</properties>
<dependencies>
@@ -53,7 +53,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-servlet-api</artifactId>
- <version>9.0.7</version>
+ <version>9.0.22</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -100,12 +100,6 @@
<optional>true</optional>
</dependency>
- <dependency> <!-- issue with the cache key -->
- <groupId>org.apache.openwebbeans</groupId>
- <artifactId>openwebbeans-impl</artifactId>
- <version>2.0.6</version>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-jacc_1.1_spec</artifactId>
@@ -127,7 +121,7 @@
<dependency>
<groupId>org.apache.meecrowave</groupId>
<artifactId>meecrowave-arquillian</artifactId>
- <version>1.2.3</version>
+ <version>1.2.8</version>
<scope>test</scope>
<exclusions>
<exclusion>
diff --git a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthInitializer.java b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthInitializer.java
index 4b46ddd..215fe19 100644
--- a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthInitializer.java
+++ b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthInitializer.java
@@ -21,13 +21,11 @@
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Set;
-import java.util.function.Supplier;
import javax.servlet.DispatcherType;
import javax.servlet.FilterRegistration;
import javax.servlet.ServletContainerInitializer;
import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import javax.servlet.annotation.HandlesTypes;
import javax.ws.rs.ApplicationPath;
@@ -39,25 +37,20 @@
@HandlesTypes(LoginConfig.class)
public class GeronimoJwtAuthInitializer implements ServletContainerInitializer {
@Override
- public void onStartup(final Set<Class<?>> classes, final ServletContext ctx) throws ServletException {
+ public void onStartup(final Set<Class<?>> classes, final ServletContext ctx) {
final GeronimoJwtAuthConfig config = GeronimoJwtAuthConfig.create();
final boolean forceSetup = "true".equalsIgnoreCase(config.read("filter.active", "false"));
if (forceSetup) {
doSetup(ctx, config, null);
return;
}
- ofNullable(classes).filter(c -> !c.isEmpty()).ifPresent(marked -> // needed? what's the issue dropping it?
- // nothing normally
- // to be deterministic
- marked.stream()
- .filter(Application.class::isAssignableFrom) // needed? what's the issue dropping it? nothing
- // normally
- .filter(app -> forceSetup ||
- (app.isAnnotationPresent(LoginConfig.class) && "MP-JWT".equalsIgnoreCase(app.getAnnotation(LoginConfig.class).authMethod())))
- .min(Comparator.comparing(Class::getName))
- .ifPresent(app -> {
- doSetup(ctx, config, app);
- }));
+ ofNullable(classes).filter(c -> !c.isEmpty())
+ .flatMap(marked -> marked.stream()
+ .filter(Application.class::isAssignableFrom) // needed? what's the issue dropping it? nothing normally
+ .filter(app -> app.isAnnotationPresent(LoginConfig.class) &&
+ "MP-JWT".equalsIgnoreCase(app.getAnnotation(LoginConfig.class).authMethod()))
+ .min(Comparator.comparing(Class::getName))) // to be deterministic
+ .ifPresent(app -> doSetup(ctx, config, app));
}
private void doSetup(final ServletContext ctx, final GeronimoJwtAuthConfig config, final Class<?> app) {
diff --git a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.java b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.java
index fc346b4..3e82ffc 100644
--- a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.java
+++ b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.java
@@ -34,7 +34,6 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.geronimo.microprofile.impl.jwtauth.JwtException;
-import org.apache.geronimo.microprofile.impl.jwtauth.jaxrs.JAXRSRequestForwarder;
import org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser;
import org.eclipse.microprofile.jwt.JsonWebToken;
@@ -58,6 +57,14 @@
return token;
}
+ final Object existing = getAttribute(JsonWebToken.class.getName());
+ if (existing != null) {
+ token = JsonWebToken.class.isInstance(existing) ?
+ JsonWebToken.class.cast(existing) :
+ service.parse(String.valueOf(existing));
+ return token;
+ }
+
boolean fromHeader = true;
String auth = String.class.cast(
getAttribute("org.apache.geronimo.microprofile.impl.jwtauth.jaxrs.JAXRSRequestForwarder.header"));
diff --git a/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/PreProvidedTokenTest.java b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/PreProvidedTokenTest.java
new file mode 100644
index 0000000..663e5a5
--- /dev/null
+++ b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/PreProvidedTokenTest.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.microprofile.impl.jwtauth.tck.jaxrs;
+
+import static javax.ws.rs.core.MediaType.TEXT_PLAIN_TYPE;
+import static org.testng.Assert.assertEquals;
+
+import java.net.URL;
+
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+
+import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.arquillian.testng.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.testng.annotations.Test;
+
+// NOTE: reuses tck resources and token generation
+public class PreProvidedTokenTest extends Arquillian {
+ @Deployment(testable = false)
+ public static Archive<?> war() {
+ return ShrinkWrap.create(WebArchive.class, PreProvidedTokenTest.class.getSimpleName() + ".war")
+ .addClasses(TCKApplication.class, TokenInspector.class, RunAsFilter.class)
+ .addAsResource(PreProvidedTokenTest.class.getResource("/publicKey.pem"), "/publicKey.pem");
+ }
+
+ @ArquillianResource
+ private URL base;
+
+ @Test
+ public void runAsync() {
+ final Client client = ClientBuilder.newClient();
+ try {
+ final String value = client.target(base.toExternalForm())
+ .path("inspector")
+ .queryParam("claim", "name")
+ .request(TEXT_PLAIN_TYPE)
+ .get(String.class)
+ .trim();
+ assertEquals("run-as", value);
+ } finally {
+ client.close();
+ }
+ }
+}
diff --git a/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/RunAsFilter.java b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/RunAsFilter.java
new file mode 100644
index 0000000..afe19d3
--- /dev/null
+++ b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/RunAsFilter.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.microprofile.impl.jwtauth.tck.jaxrs;
+
+import static java.util.Collections.singleton;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+@WebFilter("/inspector")
+public class RunAsFilter implements Filter {
+ @Override
+ public void doFilter(final ServletRequest request, final ServletResponse response,
+ final FilterChain chain) throws IOException, ServletException {
+ request.setAttribute(JsonWebToken.class.getName(), new JsonWebToken() {
+ @Override
+ public String getName() {
+ return "run-as";
+ }
+
+ @Override
+ public Set<String> getClaimNames() {
+ return singleton("name");
+ }
+
+ @Override
+ public <T> T getClaim(final String s) {
+ return "name".equals(s) ? (T) "the-name" : null;
+ }
+ });
+ chain.doFilter(request, response);
+ }
+}
diff --git a/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/TokenInspector.java b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/TokenInspector.java
new file mode 100644
index 0000000..3fb52e1
--- /dev/null
+++ b/src/test/java/org/apache/geronimo/microprofile/impl/jwtauth/tck/jaxrs/TokenInspector.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.microprofile.impl.jwtauth.tck.jaxrs;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+@Path("inspector")
+@ApplicationScoped
+public class TokenInspector {
+ @Inject
+ private JsonWebToken token;
+
+ @GET
+ @Produces(MediaType.TEXT_PLAIN)
+ public String inspect(@QueryParam("claim") final String name) {
+ return "name".equals(name) ? token.getName() : token.getClaim(name);
+ }
+}