#397: support JWT microprofile (#399)

hohwille · web-flow · commit 833b1fd38573 · 2021-06-18T16:13:34.000+02:00
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -2,9 +2,23 @@
 
 This file documents all notable changes to https://https://github.com/devonfw/devon4j[devon4j].
 
+== 2021.04.003
+
+ATTENTION: This release is still work in progress.
+
+Bugfix release of with the following stories:
+
+* https://github.com/devonfw/devon4j/issues/336[#336]: archetype contains batch artefacts even when no batch was generated
+* https://github.com/devonfw/devon4j/issues/385[#385]: Access-control should honor roles by default
+* https://github.com/devonfw/devon4j/issues/397[#397]: security-jwt should support the claim "groups" from the microprofile jwt
+
+Documentation is available at https://repo.maven.apache.org/maven2/com/devonfw/java/doc/devon4j-doc/2021.04.003/devon4j-doc-2021.04.003.pdf[devon4j guide 2021.04.003].
+The full list of changes for this release can be found in https://github.com/devonfw/devon4j/milestone/19?closed=1[milestone devon4j 2020.04.003].
+
 == 2021.04.002
 
 Bugfix release of with the following stories:
+
 * https://github.com/devonfw/devon4j/issues/389[#389]: archetype build broken with ci-friendly-maven
 * https://github.com/devonfw/devon4j/pull/391[#391]: jasypt documentation improvements
 * https://github.com/devonfw/devon4j/pull/387[#387]: rebuild and updated diagram with drawio
diff --git a/documentation/guide-jwt.asciidoc b/documentation/guide-jwt.asciidoc
@@ -63,8 +63,14 @@ security.authentication.jwt.validation.not-before-required=false
 security.authentication.jwt.creation.add-issued-at=true
 security.authentication.jwt.creation.validity=4h
 security.authentication.jwt.creation.not-before-delay=1m
+# the following properties enable backward compatiblity for devon4j <= 2021.04.002
+# after microprofile JWT is used by default since 2021.04.003
+#security.authentication.jwt.claims.access-controls-name=roles
+#security.authentication.jwt.claims.access-controls-array=false
 ----
 
+See also https://github.com/devonfw/devon4j/blob/master/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtConfigProperties.java[JwtConfigProperties] for details about configuration.
+
 == Authentication with JWT via OAuth
 
 The authentication with JWT via OAuth (HTTP header), will happen via `JwtAuthenticationFilter` that is automatically added by `devon4j-starter-security-jwt` via `JwtAutoConfiguration`.
diff --git a/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/api/JwtManager.java b/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/api/JwtManager.java
@@ -14,7 +14,11 @@ public interface JwtManager {
   /**
    * Custom {@link Claims#get(String, Class) claim} for the
    * {@link com.devonfw.module.security.common.api.accesscontrol.AccessControl roles/permissions} assigned to the user.
+   *
+   * @deprecated configurable via {@link com.devonfw.module.security.jwt.common.impl.JwtConfigProperties#getClaims()} in
+   *             {@link com.devonfw.module.security.jwt.common.impl.JwtConfigProperties.ClaimsConfigProperties#getAccessControlsName()}.
    */
+  @Deprecated
   String CLAIM_ROLES = "roles";
 
   /** Custom {@link Claims#get(String, Class) claim} for the email address of the user. */
diff --git a/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/base/JwtConstants.java b/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/base/JwtConstants.java
@@ -9,7 +9,11 @@ public class JwtConstants {
 
   /**
    * The roles/permissions assigned to the user
+   *
+   * @deprecated configurable via {@link com.devonfw.module.security.jwt.common.impl.JwtConfigProperties#getClaims()} in
+   *             {@link com.devonfw.module.security.jwt.common.impl.JwtConfigProperties.ClaimsConfigProperties#getAccessControlsName()}.
    */
+  @Deprecated
   public static final String CLAIM_ROLES = "roles";
 
   /**
diff --git a/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtAuthenticatorImpl.java b/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtAuthenticatorImpl.java
@@ -1,6 +1,8 @@
 package com.devonfw.module.security.jwt.common.impl;
 
 import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 
 import javax.inject.Inject;
@@ -30,13 +32,30 @@ public class JwtAuthenticatorImpl implements JwtAuthenticator {
   @Inject
   private AccessControlProvider accessControlProvider;
 
+  @Inject
+  private JwtConfigProperties jwtConfig;
+
+  @SuppressWarnings("unchecked")
   @Override
   public Authentication authenticate(String jwt) {
 
     Claims claims = this.jwtManager.decodeAndVerify(jwt);
     String principal = claims.getSubject();
-    String[] roleIds = claims.get(JwtManager.CLAIM_ROLES, String.class).split(",");
-    Set<AccessControl> permissions = this.accessControlProvider.expandPermissions(Arrays.asList(roleIds));
+    String accessControlsName = this.jwtConfig.getClaims().getAccessControlsName();
+    Collection<String> accessControlIds;
+    Object accessControls = claims.get(accessControlsName);
+    if (accessControls instanceof String) {
+      accessControlIds = Arrays.asList(accessControls.toString().split(","));
+    } else if (accessControls instanceof String[]) {
+      accessControlIds = Arrays.asList((String[]) accessControls);
+    } else if (accessControls instanceof Collection) {
+      accessControlIds = (Collection<String>) accessControls;
+    } else if (accessControls == null) {
+      accessControlIds = Collections.emptyList();
+    } else {
+      throw new IllegalStateException("Invalid or malformed JWT claim " + accessControlsName + ": " + accessControls);
+    }
+    Set<AccessControl> permissions = this.accessControlProvider.expandPermissions(accessControlIds);
     return DefaultAuthentication.ofAccessControls(principal, jwt, permissions, claims);
   }
 
diff --git a/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtConfigProperties.java b/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtConfigProperties.java
@@ -18,6 +18,8 @@ public class JwtConfigProperties {
 
   private String alias = "jwt";
 
+  private ClaimsConfigProperties claims = new ClaimsConfigProperties();
+
   private ValidationConfigProperties validation = new ValidationConfigProperties();
 
   private CreationConfigProperties creation = new CreationConfigProperties();
@@ -39,6 +41,14 @@ public CreationConfigProperties getCreation() {
     return this.creation;
   }
 
+  /**
+   * @return the {@link ClaimsConfigProperties configuration of the JWT claims}.
+   */
+  public ClaimsConfigProperties getClaims() {
+
+    return this.claims;
+  }
+
   /**
    * @return algorithm, which can be configured
    */
@@ -221,4 +231,56 @@ public void setAddIssuedAt(boolean addIssuedAt) {
 
   }
 
+  /**
+   * {@link ConfigurationProperties} for claims of the JWT.
+   *
+   * @see JwtConfigProperties#getClaims
+   */
+  public static class ClaimsConfigProperties {
+
+    private String accessControlsName = "groups";
+
+    private boolean accessControlsArray = true;
+
+    /**
+     * @return name of the claim containing the access-controls (groups, roles, permissions). Defaults to "groups"
+     *         according to
+     *         <a href="https://www.eclipse.org/community/eclipse_newsletter/2017/september/article2.php">MP-JWT</a>
+     *         standard.
+     */
+    public String getAccessControlsName() {
+
+      return this.accessControlsName;
+    }
+
+    /**
+     * @param accessControlsName new value of {@link #getAccessControlsName()}.
+     */
+    public void setAccessControlsName(String accessControlsName) {
+
+      this.accessControlsName = accessControlsName;
+    }
+
+    /**
+     * @return {@code true} if a JSON array should be used to encode the actual items in the
+     *         {@link #getAccessControlsName() access controls claim}, {@code false} to use a comma separated JSON
+     *         string. Defaults to {@code true} according to
+     *         <a href="https://www.eclipse.org/community/eclipse_newsletter/2017/september/article2.php">MP-JWT</a>
+     *         standard.
+     */
+    public boolean isAccessControlsArray() {
+
+      return this.accessControlsArray;
+    }
+
+    /**
+     * @param accessControlsArray new value of {@link #isAccessControlsArray()}.
+     */
+    public void setAccessControlsArray(boolean accessControlsArray) {
+
+      this.accessControlsArray = accessControlsArray;
+    }
+
+  }
+
 }
diff --git a/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtCreatorImpl.java b/modules/security-jwt/src/main/java/com/devonfw/module/security/jwt/common/impl/JwtCreatorImpl.java
@@ -27,6 +27,9 @@ public class JwtCreatorImpl implements JwtCreator {
   @Inject
   private JwtManager jwtManager;
 
+  @Inject
+  private JwtConfigProperties jwtConfig;
+
   @Override
   public String create(Authentication authentication) {
 
@@ -37,6 +40,7 @@ public String create(Authentication authentication) {
       if (attributes instanceof Claims) {
         Object credentials = authentication.getCredentials();
         if (credentials instanceof String) {
+          // in this case we already have the existing encoded JWT
           return (String) credentials;
         }
         claims = (Claims) attributes;
@@ -46,8 +50,14 @@ public String create(Authentication authentication) {
       claims = new DefaultClaims();
       claims.setSubject(authentication.getName());
       Set<String> permissions = AdvancedAuthentication.getPermissions(authentication);
-      String roles = String.join(",", permissions);
-      claims.put(JwtManager.CLAIM_ROLES, roles);
+      String accessControlsName = this.jwtConfig.getClaims().getAccessControlsName();
+      Object accessControls;
+      if (this.jwtConfig.getClaims().isAccessControlsArray()) {
+        accessControls = permissions;
+      } else {
+        accessControls = String.join(",", permissions);
+      }
+      claims.put(accessControlsName, accessControls);
     }
     return this.jwtManager.encodeAndSign(claims);
   }
diff --git a/modules/security/src/main/java/com/devonfw/module/security/common/api/accesscontrol/AccessControlProvider.java b/modules/security/src/main/java/com/devonfw/module/security/common/api/accesscontrol/AccessControlProvider.java
@@ -54,16 +54,16 @@ public interface AccessControlProvider {
   boolean collectAccessControls(String id, Set<AccessControl> permissions);
 
   /**
-   * This is a convenvience method to expand the permissions for all given roleIds. So for each provided roleId the
+   * This is a convenience method to expand the permissions for all given roleIds. So for each provided roleId the
    * corresponding {@link AccessControl} are collected via {@link #collectAccessControls(String, Set)}.
-   * 
-   * @param roleIds The IDs of the roles.
+   *
+   * @param accessControlIds the {@link Collection} of {@link AccessControl#getId()} access control IDs.
    * @return A collection of {@link AccessControl} belonging to the given roleIds.
    */
-  default Set<AccessControl> expandPermissions(Collection<String> roleIds) {
+  default Set<AccessControl> expandPermissions(Collection<String> accessControlIds) {
 
     Set<AccessControl> accessControlSet = new HashSet<>();
-    for (String id : roleIds) {
+    for (String id : accessControlIds) {
       collectAccessControls(id, accessControlSet);
     }
     return accessControlSet;
diff --git a/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtAuthenticatorTest.java b/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtAuthenticatorTest.java
@@ -22,7 +22,7 @@ public class JwtAuthenticatorTest extends JwtComponentTest {
    * Test of {@link JwtAuthenticator#authenticate(String)}.
    */
   @Test
-  public void testDo() {
+  public void testAuthenticateJwt() {
 
     // prepare
     adjustClock();
@@ -41,10 +41,7 @@ public void testDo() {
     assertThat(authentication).isInstanceOf(AdvancedAuthentication.class);
     assertThat(authentication.getCredentials()).isEqualTo(token);
     AdvancedAuthentication advancedAuthentication = (AdvancedAuthentication) authentication;
-    assertThat((Number) advancedAuthentication.getAttribute(Claims.EXPIRATION)).isEqualTo(1587742156);
-
-    // reset/cleanup
-    resetClock();
+    assertThat((Number) advancedAuthentication.getAttribute(Claims.EXPIRATION)).isEqualTo(1587730516);
   }
 
 }
diff --git a/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtComponentTest.java b/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtComponentTest.java
@@ -3,6 +3,8 @@
 import java.time.Clock;
 import java.time.Instant;
 import java.time.ZoneOffset;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.Date;
 
 import javax.inject.Inject;
@@ -12,8 +14,8 @@
 
 import com.devonfw.module.security.jwt.common.impl.JwtManagerImpl;
 import com.devonfw.module.test.common.base.ComponentTest;
-import com.devonfw.test.app.TestJwtAccessControlConfig;
 import com.devonfw.test.app.TestApplication;
+import com.devonfw.test.app.TestJwtAccessControlConfig;
 
 /**
  * Abstract test class for JWT {@link ComponentTest}s.
@@ -28,8 +30,8 @@ public abstract class JwtComponentTest extends ComponentTest {
   protected static final String TEST_ISSUER = "devon4j";
 
   /** Roles for testing. */
-  protected static final String TEST_ROLES = TestJwtAccessControlConfig.GROUP_READ_MASTER_DATA + ","
-      + TestJwtAccessControlConfig.GROUP_SAVE_USER;
+  protected static final Collection<String> TEST_ACCESS_CONTROLS = Arrays
+      .asList(TestJwtAccessControlConfig.GROUP_READ_MASTER_DATA, TestJwtAccessControlConfig.GROUP_SAVE_USER);
 
   /** Expiration in millis as configured in application.properties */
   protected long EXPIRATION_MS = 4 * 60 * 60 * 1000;
@@ -38,7 +40,7 @@ public abstract class JwtComponentTest extends ComponentTest {
   protected long NOT_BEFORE_DELAY_MS = 1 * 60 * 1000;
 
   /** Test JSON Web Token. */
-  protected static final String TEST_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huLmRvZSIsInJvbGVzIjoidGVzdC5SZWFkTWFzdGVyRGF0YSx0ZXN0LlNhdmVVc2VyIiwiaXNzIjoiZGV2b240aiIsIm5iZiI6MTU4NzcxMzA1NiwiZXhwIjoxNTg3NzQyMTU2fQ.Onx1p7ZrscBcGRcfVlRncVKLL-j1QMC_n9SgPLq1PjjEJMS6VRz52u0o2lI2LwdPCjve0ujdHfuYHje4jyGgFJwMbL45CpYijl9gFsHzu4WLvw8qH2sZgpe0LSl0ZqdpvpsGtBYqQeL0jdIkz0ppai9U5Ctyr6fxl5LCXeLrQ991dK3n9vJ6i5eEPVL_6TyK5nzTMuJfgxNNLxqxo_drKQGywitQfv0IPpwFdEe5537_buibF1QAOdDCCi-qN8hyZiut0wXmBu1k4yDgw3IwdkCBngi7KAGaHlSI0smRH-wNpsf0pTlYwk1U6AGCCyrxks0WMJG528rtA3HQL5lae6KtyCGW6xfHav9HvmAMU0y7TQlzqadVddxrxdGTP342Y2yjc0HKeKDLLi84Rzp8Z5AkJrG-f0Gcah_ExO9rU9jE3OUpSTmbZAuks56hLC6bik8cZHh9aJ7J-7CG7_5c224fRtlayp0GHPAIYSLZU1SIvN68mgGLpJKGQYNA7l3RFQbfe-h_nfBMAM0Izk7TiHyEM_E7rkh2aBxgkByXdMzm8GQmvDV_is7It2r1DIyHUydYkGAJuJB0sbuX8bkIR3t9ylW-MoGZw5KVUWkNNDlBEzw1bgX6j17JU8al6CWsau9LIt9tSLnrY7YDCpQG1lEXHk95OQCp83wminUnbU8";
+  protected static final String TEST_JWT = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huLmRvZSIsImdyb3VwcyI6WyJ0ZXN0LlJlYWRNYXN0ZXJEYXRhIiwidGVzdC5TYXZlVXNlciJdLCJpc3MiOiJkZXZvbjRqIiwibmJmIjoxNTg3NzE2MDU2LCJleHAiOjE1ODc3MzA1MTZ9.MXNd7Z8hlqzoeR_HcN39f-vzscoS8aTQf9PXO5ATsV1Rre9vihq-IIxKIEY8-JXd7NJ_9TMlMpY70l--0A0EsyBU3ZTbiV8yNMe_k6AteBiZhZ7WR31JhtuEMVViCTHlTXnRlWpYMtTCCNFSI9sNv_s7YU38pgHmojmAI-so09F8c9uOb1PyWlX-lBfkr39AIFq2RgcAiAVApiXNqlgvrDSGQgV72Gjqt7JOjc38wi0DZBVYscRCkkrxMuIH1j1BsCciuwZCpKURhKJ2dl5KaGkCt0xVuEAKuOc31zOPiBjf8M-5lqHkEKD9ei9lPIPKI0gMbwal2YGexJE36qnB_K0aLktsjNfUf6dtxhqUVIL45OeWAXjWwnQNsLr7Lc92scRYU2Eh9KzRp18R8W1lRgRrXlETErpDDbKf1Or8NDQtbUmoS7tNWZsSWVmXhC5-ScFSFxZjA88Eo7vtS0SM2S1O8dz6iEaiXB8xDqRWkqKaBLPFznzs3iwj-LW2WZPLDM7Md8f9_1dV9JMZVXPBU9wL-R9udjXzDoI1-1yOxEyNgXWp83AmDSlsHGgBDRVkxVaaKrkTzLzVadrv8KRHsSrIPTxk4R6EBL7exbC-JB5_CKfH9pMzzIrkAws3uAGQyekAlqnWtwy-vE2stzyBF9I6EU9Tj4xE60zTBWbXPX8";
 
   /** Test JSON Invalid Web Token. */
   protected static final String INVALID_TEST_JWT = "AeyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huLmRvZSIsInJvbGVzIjoidGVzdC5SZWFkTWFzdGVyRGF0YSx0ZXN0LlNhdmVVc2VyIiwiaXNzIjoiZGV2b240aiIsIm5iZiI6MTU4NzcxMzA1NiwiZXhwIjoxNTg3NzQyMTU2fQ.Onx1p7ZrscBcGRcfVlRncVKLL-j1QMC_n9SgPLq1PjjEJMS6VRz52u0o2lI2LwdPCjve0ujdHfuYHje4jyGgFJwMbL45CpYijl9gFsHzu4WLvw8qH2sZgpe0LSl0ZqdpvpsGtBYqQeL0jdIkz0ppai9U5Ctyr6fxl5LCXeLrQ991dK3n9vJ6i5eEPVL_6TyK5nzTMuJfgxNNLxqxo_drKQGywitQfv0IPpwFdEe5537_buibF1QAOdDCCi-qN8hyZiut0wXmBu1k4yDgw3IwdkCBngi7KAGaHlSI0smRH-wNpsf0pTlYwk1U6AGCCyrxks0WMJG528rtA3HQL5lae6KtyCGW6xfHav9HvmAMU0y7TQlzqadVddxrxdGTP342Y2yjc0HKeKDLLi84Rzp8Z5AkJrG-f0Gcah_ExO9rU9jE3OUpSTmbZAuks56hLC6bik8cZHh9aJ7J-7CG7_5c224fRtlayp0GHPAIYSLZU1SIvN68mgGLpJKGQYNA7l3RFQbfe-h_nfBMAM0Izk7TiHyEM_E7rkh2aBxgkByXdMzm8GQmvDV_is7It2r1DIyHUydYkGAJuJB0sbuX8bkIR3t9ylW-MoGZw5KVUWkNNDlBEzw1bgX6j17JU8al6CWsau9LIt9tSLnrY7YDCpQG1lEXHk95OQCp83wminUnbU8";
@@ -71,9 +73,10 @@ protected void adjustClock() {
    */
   protected void resetClock() {
 
-    assertThat(this.clock).as("Original clock stored on adjustClock()").isNotNull();
-    this.jwtManager.setClock(this.clock);
-    this.clock = null;
+    if (this.clock != null) {
+      this.jwtManager.setClock(this.clock);
+      this.clock = null;
+    }
   }
 
   /**
@@ -86,4 +89,10 @@ protected Date addToDate(Date date, long millis) {
     return new Date(date.getTime() + millis);
   }
 
+  @Override
+  protected void doTearDown() {
+
+    resetClock();
+  }
+
 }
diff --git a/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtCreatorTest.java b/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtCreatorTest.java
@@ -28,7 +28,7 @@ public class JwtCreatorTest extends JwtComponentTest {
    * Test of {@link JwtCreator#create(Authentication)}.
    */
   @Test
-  public void testDo() {
+  public void testCreateJwt() {
 
     // given
     List<GrantedAuthority> authorities = new ArrayList<>();
diff --git a/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtManagerTest.java b/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/api/JwtManagerTest.java
@@ -4,8 +4,6 @@
 
 import org.junit.jupiter.api.Test;
 
-import com.devonfw.module.security.jwt.common.base.JwtConstants;
-
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.impl.DefaultClaims;
 
@@ -14,6 +12,8 @@
  */
 public class JwtManagerTest extends JwtComponentTest {
 
+  private static final String CLAIM_GROUPS = "groups";
+
   /**
    * Test of encoding claims to JWT and decoding to assert claims afterwards.
    */
@@ -24,7 +24,7 @@ public void testEncodeAndDecode() {
     String login = TEST_LOGIN;
     DefaultClaims claims = new DefaultClaims();
     claims.setSubject(login);
-    claims.put(JwtConstants.CLAIM_ROLES, TEST_ROLES);
+    claims.put(CLAIM_GROUPS, TEST_ACCESS_CONTROLS);
     Date now = new Date();
     JwtManager jwtManager = getJwtManager();
 
@@ -59,12 +59,9 @@ public void testDecodeAndVerify() {
     // then
     assertThat(claims.getIssuer()).isEqualTo(TEST_ISSUER);
     assertThat(claims.getSubject()).isEqualTo(TEST_LOGIN);
-    assertThat(claims.get(JwtConstants.CLAIM_ROLES)).isEqualTo(TEST_ROLES);
-    assertThat(claims.getNotBefore()).isEqualTo(new Date(1587713056000L));
-    assertThat(claims.getExpiration()).isEqualTo(new Date(1587742156000L));
-
-    // cleanup/reset
-    resetClock();
+    assertThat(claims.get(CLAIM_GROUPS)).isEqualTo(TEST_ACCESS_CONTROLS);
+    assertThat(claims.getNotBefore()).isEqualTo(new Date(1587716056000L));
+    assertThat(claims.getExpiration()).isEqualTo(new Date(1587730516000L));
   }
 
 }
diff --git a/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/base/kafka/JwtTokenValidationAspectTest.java b/starters/starter-security-jwt/src/test/java/com/devonfw/module/security/jwt/common/base/kafka/JwtTokenValidationAspectTest.java
