Merge pull request #6144 from Pandrex247/Revert-FISH-6022-6047-6299

Revert "Merge pull request #6076 from pdudits/fish-6022-6047-p6"
payara · Jan 10, 2023 · d76809b · d76809b
2 parents 620ebea + ae27aa3
commit d76809b
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 532 deletions.
diff --git a/...file/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/CdiInitEventHandler.java b/...file/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/CdiInitEventHandler.java
@@ -106,6 +106,8 @@
  */
 public class CdiInitEventHandler {
 
+    private final static JsonWebTokenImpl emptyJsonWebToken = new JsonWebTokenImpl(null, Collections.emptyMap());
+
     public static void installAuthenticationMechanism(AfterBeanDiscovery afterBeanDiscovery) {
 
         afterBeanDiscovery.addBean(new PayaraCdiProducer<IdentityStore>()
@@ -122,6 +124,14 @@ public static void installAuthenticationMechanism(AfterBeanDiscovery afterBeanDi
                 .addToId("mechanism " + LoginConfig.class)
                 .create(e -> new JWTAuthenticationMechanism()));
 
+        // MP-JWT 1.0 7.1.1. Injection of JsonWebToken
+        afterBeanDiscovery.addBean(new PayaraCdiProducer<JsonWebToken>()
+                .scope(RequestScoped.class)
+                .beanClass(JsonWebToken.class)
+                .types(Object.class, JsonWebToken.class)
+                .addToId("token " + LoginConfig.class)
+                .create(e -> getJsonWebToken()));
+
         // MP-JWT 1.0 7.1.2
         for (JWTInjectableType injectableType : computeTypes()) {
 
@@ -243,8 +253,17 @@ public static <A extends Annotation> A getQualifier(InjectionPoint injectionPoin
     }
 
     public static JsonWebTokenImpl getJsonWebToken() {
-        JsonWebTokenImpl jsonWebToken = CdiUtils.getBeanReference(JsonWebTokenImpl.class);
-        return jsonWebToken;
+        SecurityContext context = CdiUtils.getBeanReference(SecurityContext.class);
+        Principal principal = context.getCallerPrincipal();
+        if (principal instanceof JsonWebTokenImpl) {
+            return (JsonWebTokenImpl) principal;
+        } else {
+            Set<JsonWebTokenImpl> principals = context.getPrincipalsByType(JsonWebTokenImpl.class);
+            if (!principals.isEmpty()) {
+                return principals.iterator().next();
+            }
+        }
+        return emptyJsonWebToken;
     }
 
     public static String getClaimName(Claim claim) {

diff --git a/...ile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/JsonWebTokenProducer.java b/...ile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/JsonWebTokenProducer.java
diff --git a/...file/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/JwtAuthCdiExtension.java b/...file/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/cdi/JwtAuthCdiExtension.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2017-2022 Payara Foundation and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017-2021 Payara Foundation and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -91,14 +91,13 @@ public class JwtAuthCdiExtension implements Extension {
 
     public void register(@Observes BeforeBeanDiscovery beforeBean, BeanManager beanManager) {
         beforeBean.addAnnotatedType(beanManager.createAnnotatedType(InjectionPointGenerator.class), "JWT InjectionPointGenerator ");
-        beforeBean.addAnnotatedType(beanManager.createAnnotatedType(JsonWebTokenProducer.class), JsonWebTokenProducer.class.getName());
     }
 
     /**
      * This method tries to find the LoginConfig annotation and if does flags that fact.
      * 
      */
-    public <T> void findLoginConfigAnnotation(@Observes ProcessBean<T> eventIn) {
+    public <T> void findLoginConfigAnnotation(@Observes ProcessBean<T> eventIn, BeanManager beanManager) {
 
         ProcessBean<T> event = eventIn; // JDK8 u60 workaround
 
@@ -113,7 +112,7 @@ public <T> void findLoginConfigAnnotation(@Observes ProcessBean<T> eventIn) {
      * declared later on. 
      * 
      */
-    public <T> void findRoles(@Observes ProcessManagedBean<T> eventIn) {
+    public <T> void findRoles(@Observes ProcessManagedBean<T> eventIn, BeanManager beanManager) {
 
         ProcessManagedBean<T> event = eventIn; // JDK8 u60 workaround
 
@@ -134,7 +133,7 @@ public <T> void findRoles(@Observes ProcessManagedBean<T> eventIn) {
 
     }
 
-    public <T> void checkInjectIntoRightScope(@Observes ProcessInjectionTarget<T> eventIn) {
+    public <T> void checkInjectIntoRightScope(@Observes ProcessInjectionTarget<T> eventIn, BeanManager beanManager) {
 
         ProcessInjectionTarget<T> event = eventIn; // JDK8 u60 workaround
 
@@ -164,7 +163,7 @@ public <T> void checkInjectIntoRightScope(@Observes ProcessInjectionTarget<T> ev
         }
     }
 
-    public void installMechanismIfNeeded(@Observes AfterBeanDiscovery eventIn) {
+    public void installMechanismIfNeeded(@Observes AfterBeanDiscovery eventIn, BeanManager beanManager) {
 
         AfterBeanDiscovery afterBeanDiscovery = eventIn; // JDK8 u60 workaround
 

diff --git a/...src/main/java/fish/payara/microprofile/jwtauth/eesecurity/JWTAuthenticationMechanism.java b/...src/main/java/fish/payara/microprofile/jwtauth/eesecurity/JWTAuthenticationMechanism.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) [2017-2022] Payara Foundation and/or its affiliates. All rights reserved.
+ * Copyright (c) [2017-2021] Payara Foundation and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -66,7 +66,6 @@
  * @author Arjan Tijms
  */
 public class JWTAuthenticationMechanism implements HttpAuthenticationMechanism {
-    public static String INVALID_JWT_TOKEN = JWTAuthenticationMechanism.class.getName()+".invalidJwt";
 
     public static final String CONFIG_TOKEN_HEADER_AUTHORIZATION = "Authorization";
     public static final String CONFIG_TOKEN_HEADER_COOKIE = "Cookie";
@@ -92,6 +91,8 @@ public JWTAuthenticationMechanism() {
     @Override
     public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
 
+        // Don't limit processing of JWT to protected pages (httpMessageContext.isProtected())
+        // as MP TCK requires JWT being parsed (if provided) even if not in protected pages.
         IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get();
 
         SignedJWTCredential credential = getCredential(request);
@@ -106,13 +107,7 @@ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServ
                 return httpMessageContext.notifyContainerAboutLogin(result);
             }
 
-
-            if (httpMessageContext.isProtected()) {
-                return httpMessageContext.responseUnauthorized();
-            }
-
-            // put validation result in an attribute in case unauthenticated endpoint want to touch the token
-            request.setAttribute(INVALID_JWT_TOKEN, true);
+            return httpMessageContext.responseUnauthorized();
         }
 
         return httpMessageContext.doNothing();

diff --git a/...profile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/jwt/JsonWebTokenImpl.java b/...profile/jwt-auth/src/main/java/fish/payara/microprofile/jwtauth/jwt/JsonWebTokenImpl.java
@@ -1,7 +1,7 @@
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
- * Copyright (c) 2017-2022 Payara Foundation and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017-2021 Payara Foundation and/or its affiliates. All rights reserved.
  *
  * The contents of this file are subject to the terms of either the GNU
  * General Public License Version 2 only ("GPL") or the Common Development
@@ -40,8 +40,6 @@
 package fish.payara.microprofile.jwtauth.jwt;
 
 import static java.util.Collections.singleton;
-
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -65,12 +63,6 @@ public class JsonWebTokenImpl extends CallerPrincipal implements JsonWebToken {
 
     private final Map<String, JsonValue> claims;
 
-    protected JsonWebTokenImpl() {
-        // for proxying request-scoped bean
-        super(null);
-        claims = Collections.EMPTY_MAP;
-    }
-
     public JsonWebTokenImpl(String callerName, Map<String, JsonValue> claims) {
         super(callerName);
         this.claims = claims;

diff --git a/...a-samples/samples/microprofile-endpoints/secure/src/test/resources/post-boot-commands.txt b/...a-samples/samples/microprofile-endpoints/secure/src/test/resources/post-boot-commands.txt
@@ -1,3 +1,3 @@
-set-metrics-configuration --securityenabled=true --endpoint=mpmetrics
-set-microprofile-healthcheck-configuration --securityenabled=true --endpoint=mphealth
-set-openapi-configuration --securityenabled=true --endpoint=openapi
+set-metrics-configuration --securityenabled=true
+set-microprofile-healthcheck-configuration --securityenabled=true
+set-openapi-configuration --securityenabled=true