Skip to content

fixes #289 update unified security to support both jwt and swt for be… #290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stevehu merged 1 commit into from
Mar 11, 2023
Merged

fixes #289 update unified security to support both jwt and swt for be… #290

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions openapi-security/src/main/java/com/networknt/openapi/UnifiedPathPrefixAuth.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ public class UnifiedPathPrefixAuth {
boolean swt;
boolean apikey;
List<String> jwkServiceIds;
List<String> swtServiceIds;

public String getPathPrefix() {
return pathPrefix;
Expand Down Expand Up @@ -57,4 +58,12 @@ public List<String> getJwkServiceIds() {
public void setJwkServiceIds(List<String> jwkServiceIds) {
this.jwkServiceIds = jwkServiceIds;
}

public List<String> getSwtServiceIds() {
return swtServiceIds;
}

public void setSwtServiceIds(List<String> swtServiceIds) {
this.swtServiceIds = swtServiceIds;
}
}
28 changes: 23 additions & 5 deletions openapi-security/src/main/java/com/networknt/openapi/UnifiedSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public class UnifiedSecurityConfig {
public static final String SWT = "swt";
public static final String APIKEY = "apikey";
public static final String JWK_SERVICE_IDS = "jwkServiceIds";

public static final String SWT_SERVICE_IDS = "swtServiceIds";
boolean enabled;
List<String> anonymousPrefixes;
List<UnifiedPathPrefixAuth> pathPrefixAuths;
Expand Down Expand Up @@ -150,8 +150,8 @@ private void setConfigList() {
unifiedPathPrefixAuth.setJwt(value.get(JWT) == null ? false : (Boolean)value.get(JWT));
unifiedPathPrefixAuth.setSwt(value.get(SWT) == null ? false : (Boolean)value.get(SWT));
unifiedPathPrefixAuth.setApikey(value.get(APIKEY) == null ? false : (Boolean)value.get(APIKEY));
Object ids = value.get(JWK_SERVICE_IDS);
if(ids instanceof String) {
Object jwkIds = value.get(JWK_SERVICE_IDS);
if(jwkIds instanceof String) {
String s = (String)value.get(JWK_SERVICE_IDS);
if(s.startsWith("[")) {
// json format
Expand All @@ -164,9 +164,27 @@ private void setConfigList() {
// comma separated
unifiedPathPrefixAuth.setJwkServiceIds(Arrays.asList(s.split("\\s*,\\s*")));
}
} else if(ids instanceof List ) {
} else if(jwkIds instanceof List ) {
// it must be a json array.
unifiedPathPrefixAuth.setJwkServiceIds((List)jwkIds);
}
Object swtIds = value.get(SWT_SERVICE_IDS);
if(swtIds instanceof String) {
String s = (String)value.get(SWT_SERVICE_IDS);
if(s.startsWith("[")) {
// json format
try {
unifiedPathPrefixAuth.setSwtServiceIds(Config.getInstance().getMapper().readValue(s, new TypeReference<List<String>>() {}));
} catch (Exception e) {
throw new ConfigException("could not parse the swtServiceIds json with a list of strings.");
}
} else {
// comma separated
unifiedPathPrefixAuth.setSwtServiceIds(Arrays.asList(s.split("\\s*,\\s*")));
}
} else if(swtIds instanceof List ) {
// it must be a json array.
unifiedPathPrefixAuth.setJwkServiceIds((List)ids);
unifiedPathPrefixAuth.setSwtServiceIds((List)swtIds);
}
pathPrefixAuths.add(unifiedPathPrefixAuth);
}
Expand Down
50 changes: 47 additions & 3 deletions openapi-security/src/main/java/com/networknt/openapi/UnifiedSecurityHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.utility.ModuleRegistry;
import com.networknt.utility.StringUtils;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
Expand Down Expand Up @@ -99,8 +100,50 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
}
}
} else if (BEARER_PREFIX.equalsIgnoreCase(authorization.substring(0, 6))) {
// in the case that a bearer token is used, there are three scenarios: both jwt and swt are true, only jwt is true and only swt is true
// in the first case, we need to identify if the token is jwt or swt before calling the right handler to verify it.
Map<String, HttpHandler> handlers = Handler.getHandlers();
if(pathPrefixAuth.isJwt()) {
if(pathPrefixAuth.isJwt() && pathPrefixAuth.isSwt()) {
// both jwt and swt are enabled.
boolean isJwt = StringUtils.isJwtToken(authorization);
if(logger.isTraceEnabled()) logger.trace("Both jwt and swt are true and check token is jwt = {}", isJwt);
if(isJwt) {
JwtVerifyHandler handler = (JwtVerifyHandler) handlers.get(JWT);
if (handler == null) {
logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
setExchangeStatus(exchange, HANDLER_NOT_FOUND, "com.networknt.openapi.JwtVerifyHandler@jwt");
exchange.endExchange();
return;
} else {
// get the jwkServiceIds list.
if (handler.handleJwt(exchange, pathPrefixAuth.getPathPrefix(), reqPath, pathPrefixAuth.getJwkServiceIds())) {
// verification is passed, go to the next handler in the chain.
break;
} else {
// verification is not passed and an error is returned. Don't call the next handler.
return;
}
}
} else {
SwtVerifyHandler handler = (SwtVerifyHandler) handlers.get(SWT);
if (handler == null) {
logger.error("Cannot find SwtVerifyHandler with alias name swt.");
setExchangeStatus(exchange, HANDLER_NOT_FOUND, "com.networknt.openapi.SwtVerifyHandler@swt");
exchange.endExchange();
return;
} else {
// get the jwkServiceIds list.
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getSwtServiceIds())) {
// verification is passed, go to the next handler in the chain.
break;
} else {
// verification is not passed and an error is returned. Don't call the next handler.
return;
}
}
}
} else if(pathPrefixAuth.isJwt()) {
// only jwt is enabled
JwtVerifyHandler handler = (JwtVerifyHandler) handlers.get(JWT);
if (handler == null) {
logger.error("Cannot find JwtVerifyHandler with alias name jwt.");
Expand All @@ -118,7 +161,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
}
}
} else {
// this must be swt token
// only swt is enabled
SwtVerifyHandler handler = (SwtVerifyHandler) handlers.get(SWT);
if (handler == null) {
logger.error("Cannot find SwtVerifyHandler with alias name swt.");
Expand All @@ -127,7 +170,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
return;
} else {
// get the jwkServiceIds list.
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getJwkServiceIds())) {
if (handler.handleSwt(exchange, reqPath, pathPrefixAuth.getSwtServiceIds())) {
// verification is passed, go to the next handler in the chain.
break;
} else {
Expand Down Expand Up @@ -184,6 +227,7 @@ public void handleRequest(HttpServerExchange exchange) throws Exception {
Handler.next(exchange, next);
}


@Override
public HttpHandler getNext() {
return next;
Expand Down