upgrade enforcer dependencies

wso2 · Oct 14, 2024 · e9c57cf · e9c57cf
1 parent 55754a1
commit e9c57cf
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/gateway/enforcer/README.md b/gateway/enforcer/README.md
@@ -33,7 +33,7 @@ The following should be installed in your development machine.
     +       value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5006 -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2
     ```
 
-2. Start WSO2 API Platform for K8s.
+2. Start WSO2 API Platform for K8s in k8s cluster.
 
 3. Port forward the port 5006.
 

diff --git a/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java b/...o2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java
@@ -344,11 +344,13 @@ private APIKeyValidationInfoDTO getAPIKeyValidationDTO(RequestContext requestCon
             throws ParseException, APISecurityException {
 
         APIKeyValidationInfoDTO validationInfoDTO = new APIKeyValidationInfoDTO();
-        JSONObject app = payload.getJSONObjectClaim(APIConstants.JwtTokenConstants.APPLICATION);
+        Map<String, Object> appClaim = payload.getJSONObjectClaim(APIConstants.JwtTokenConstants.APPLICATION);
+        JSONObject app;
         JSONObject api = null;
         validationInfoDTO.setType(requestContext.getMatchedAPI().getEnvType());
 
-        if (app != null) {
+        if (appClaim != null) {
+            app = new JSONObject(appClaim);
             validationInfoDTO.setApplicationUUID(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_UUID));
             validationInfoDTO.setApplicationName(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_NAME));
             //validationInfoDTO.setSubscriber(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_OWNER));

diff --git a/...org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java b/...org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java
@@ -170,7 +170,7 @@ public boolean isJwtTokenExpired(JWTClaimsSet payload, String keyType, String or
         DefaultJWTClaimsVerifier jwtClaimsSetVerifier = new DefaultJWTClaimsVerifier();
         jwtClaimsSetVerifier.setMaxClockSkew((int) FilterUtils.getTimeStampSkewInSeconds());
         try {
-            jwtClaimsSetVerifier.verify(payload);
+            jwtClaimsSetVerifier.verify(payload,null);
         } catch (BadJWTException e) {
             if ("Expired JWT".equals(e.getMessage())) {
                 log.debug("{} API key is expired.", keyType);

diff --git a/libs.versions.toml b/libs.versions.toml
@@ -147,7 +147,7 @@ httpcomponents = "4.5.14"
 io-github-openfeign = "11.0"
 io-swagger = "1.6.9"
 io-swagger-v3 = "2.2.9"
-jackson = "2.14.2"
+jackson = "2.18.0"
 javax-cache = "1.1.1"
 javax-validation = "2.0.1.Final"
 javax-validation-api = "1.1.0.Final"
@@ -159,10 +159,10 @@ log4j = "2.19.0"
 mapstruct = "1.5.3.Final"
 minidev = "2.4.9"
 moandjiezana = "0.7.2"
-netty = "4.1.100.Final"
-nimbus = "7.9.0.wso2v1"
-okhttp = "4.9.3.wso2v1"
-okio = "2.8.0.wso2v1"
+netty = "4.1.114.Final"
+nimbus = "9.31.wso2v1"
+okhttp = "4.9.3.wso2v3"
+okio = "3.9.0.wso2v1"
 opentelemetry = "1.24.0"
 opentelemetry-jaeger-thrift = "1.24.0"
 opentelemetry-semconv = "1.24.0-alpha"