Skip to content

Commit 440e38b

Browse files
stevehustevehu
authored
fixes #289 update unified security to support both jwt and swt for bearer token (#290)
1 parent 53c04be commit 440e38b

File tree

3 files changed

+79
-8
lines changed

3 files changed

+79
-8
lines changed

openapi-security/src/main/java/com/networknt/openapi/UnifiedPathPrefixAuth.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ public class UnifiedPathPrefixAuth {
99
boolean swt;
1010
boolean apikey;
1111
List<String> jwkServiceIds;
12+
List<String> swtServiceIds;
1213

1314
public String getPathPrefix() {
1415
return pathPrefix;
@@ -57,4 +58,12 @@ public List<String> getJwkServiceIds() {
5758
public void setJwkServiceIds(List<String> jwkServiceIds) {
5859
this.jwkServiceIds = jwkServiceIds;
5960
}
61+
62+
public List<String> getSwtServiceIds() {
63+
return swtServiceIds;
64+
}
65+
66+
public void setSwtServiceIds(List<String> swtServiceIds) {
67+
this.swtServiceIds = swtServiceIds;
68+
}
6069
}

openapi-security/src/main/java/com/networknt/openapi/UnifiedSecurityConfig.java

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ public class UnifiedSecurityConfig {
2323
public static final String SWT = "swt";
2424
public static final String APIKEY = "apikey";
2525
public static final String JWK_SERVICE_IDS = "jwkServiceIds";
26-
26+
public static final String SWT_SERVICE_IDS = "swtServiceIds";
2727
boolean enabled;
2828
List<String> anonymousPrefixes;
2929
List<UnifiedPathPrefixAuth> pathPrefixAuths;
@@ -150,8 +150,8 @@ private void setConfigList() {
150150
unifiedPathPrefixAuth.setJwt(value.get(JWT) == null ? false : (Boolean)value.get(JWT));
151151
unifiedPathPrefixAuth.setSwt(value.get(SWT) == null ? false : (Boolean)value.get(SWT));
152152
unifiedPathPrefixAuth.setApikey(value.get(APIKEY) == null ? false : (Boolean)value.get(APIKEY));
153-
Object ids = value.get(JWK_SERVICE_IDS);
154-
if(ids instanceof String) {
153+
Object jwkIds = value.get(JWK_SERVICE_IDS);
154+
if(jwkIds instanceof String) {
155155
String s = (String)value.get(JWK_SERVICE_IDS);
156156
if(s.startsWith("[")) {
157157
// json format
@@ -164,9 +164,27 @@ private void setConfigList() {
164164
// comma separated
165165
unifiedPathPrefixAuth.setJwkServiceIds(Arrays.asList(s.split("\\s*,\\s*")));
166166
}
167-
} else if(ids instanceof List ) {
167+
} else if(jwkIds instanceof List ) {
168+
// it must be a json array.
169+
unifiedPathPrefixAuth.setJwkServiceIds((List)jwkIds);
170+
}
171+
Object swtIds = value.get(SWT_SERVICE_IDS);
172+
if(swtIds instanceof String) {
173+
String s = (String)value.get(SWT_SERVICE_IDS);
174+
if(s.startsWith("[")) {
175+
// json format
176+
try {
177+
unifiedPathPrefixAuth.setSwtServiceIds(Config.getInstance().getMapper().readValue(s, new TypeReference<List<String>>() {}));
178+
} catch (Exception e) {
179+
throw new ConfigException("could not parse the swtServiceIds json with a list of strings.");
180+
}
181+
} else {
182+
// comma separated
183+
unifiedPathPrefixAuth.setSwtServiceIds(Arrays.asList(s.split("\\s*,\\s*")));
184+
}
185+
} else if(swtIds instanceof List ) {
168186
// it must be a json array.
169-
unifiedPathPrefixAuth.setJwkServiceIds((List)ids);
187+
unifiedPathPrefixAuth.setSwtServiceIds((List)swtIds);
170188
}
171189
pathPrefixAuths.add(unifiedPathPrefixAuth);
172190
}

openapi-security/src/main/java/com/networknt/openapi/UnifiedSecurityHandler.java

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
import com.networknt.handler.Handler;
77
import com.networknt.handler.MiddlewareHandler;
88
import com.networknt.utility.ModuleRegistry;
9+
import com.networknt.utility.StringUtils;
910
import io.undertow.Handlers;
1011
import io.undertow.server.HttpHandler;
1112
import io.undertow.server.HttpServerExchange;
@@ -99,8 +100,50 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
99100
}
100101
}
101102
} else if (BEARER_PREFIX.equalsIgnoreCase(authorization.substring(0, 6))) {
103+
// in the case that a bearer token is used, there are three scenarios: both jwt and swt are true, only jwt is true and only swt is true
104+
// in the first case, we need to identify if the token is jwt or swt before calling the right handler to verify it.
102105
Map<String, HttpHandler> handlers = Handler.getHandlers();
103-
if(pathPrefixAuth.isJwt()) {
106+
if(pathPrefixAuth.isJwt() && pathPrefixAuth.isSwt()) {
107+
// both jwt and swt are enabled.
108+
boolean isJwt = StringUtils.isJwtToken(authorization);
109+
if(logger.isTraceEnabled()) logger.trace("Both jwt and swt are true and check token is jwt = {}", isJwt);
110+
if(isJwt) {
111+
JwtVerifyHandler handler = (JwtVerifyHandler) handlers.get(JWT);
112+
if (handler == null) {
113+
logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
114+
setExchangeStatus(exchange, HANDLER_NOT_FOUND, "com.networknt.openapi.JwtVerifyHandler@jwt");
115+
exchange.endExchange();
116+
return;
117+
} else {
118+
// get the jwkServiceIds list.
119+
if (handler.handleJwt(exchange, pathPrefixAuth.getPathPrefix(), reqPath, pathPrefixAuth.getJwkServiceIds())) {
120+
// verification is passed, go to the next handler in the chain.
121+
break;
122+
} else {
123+
// verification is not passed and an error is returned. Don't call the next handler.
124+
return;
125+
}
126+
}
127+
} else {
128+
SwtVerifyHandler handler = (SwtVerifyHandler) handlers.get(SWT);
129+
if (handler == null) {
130+
logger.error("Cannot find SwtVerifyHandler with alias name swt.");
131+
setExchangeStatus(exchange, HANDLER_NOT_FOUND, "com.networknt.openapi.SwtVerifyHandler@swt");
132+
exchange.endExchange();
133+
return;
134+
} else {
135+
// get the jwkServiceIds list.
136+
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getSwtServiceIds())) {
137+
// verification is passed, go to the next handler in the chain.
138+
break;
139+
} else {
140+
// verification is not passed and an error is returned. Don't call the next handler.
141+
return;
142+
}
143+
}
144+
}
145+
} else if(pathPrefixAuth.isJwt()) {
146+
// only jwt is enabled
104147
JwtVerifyHandler handler = (JwtVerifyHandler) handlers.get(JWT);
105148
if (handler == null) {
106149
logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
@@ -118,7 +161,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
118161
}
119162
}
120163
} else {
121-
// this must be swt token
164+
// only swt is enabled
122165
SwtVerifyHandler handler = (SwtVerifyHandler) handlers.get(SWT);
123166
if (handler == null) {
124167
logger.error("Cannot find SwtVerifyHandler with alias name swt.");
@@ -127,7 +170,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
127170
return;
128171
} else {
129172
// get the jwkServiceIds list.
130-
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getJwkServiceIds())) {
173+
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getSwtServiceIds())) {
131174
// verification is passed, go to the next handler in the chain.
132175
break;
133176
} else {
@@ -184,6 +227,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
184227
Handler.next(exchange, next);
185228
}
186229

230+
187231
@Override
188232
public HttpHandler getNext() {
189233
return next;

0 commit comments

Comments
 (0)