diff --git a/build.gradle.kts b/build.gradle.kts index 445dbbf4..69aa8ae2 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -209,7 +209,7 @@ configure(publishProjects) { } } configure { - val isInCI = null != System.getenv("CI"); + val isInCI = null != System.getenv("CI") if (isInCI) { val signingKeyId = System.getenv("SIGNING_KEYID") val signingKey = System.getenv("SIGNING_SECRETKEY") diff --git a/cosec-core/build.gradle.kts b/cosec-core/build.gradle.kts index 140a252f..394199c4 100644 --- a/cosec-core/build.gradle.kts +++ b/cosec-core/build.gradle.kts @@ -17,7 +17,6 @@ dependencies { compileOnly("org.springframework:spring-expression") api("io.projectreactor:reactor-core") api("io.projectreactor.kotlin:reactor-kotlin-extensions") - implementation("javax.validation:validation-api") implementation("com.fasterxml.jackson.core:jackson-databind") implementation("com.fasterxml.jackson.module:jackson-module-kotlin") testImplementation("ognl:ognl") diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/authentication/token/SwitchTenantCredentials.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/authentication/token/SwitchTenantCredentials.kt index 0c01c213..640a7072 100644 --- a/cosec-core/src/main/kotlin/me/ahoo/cosec/authentication/token/SwitchTenantCredentials.kt +++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/authentication/token/SwitchTenantCredentials.kt @@ -14,14 +14,13 @@ package me.ahoo.cosec.authentication.token import me.ahoo.cosec.authentication.Credentials import me.ahoo.cosec.principal.CoSecPrincipal -import javax.validation.constraints.NotBlank /** * Switch Tenant Credentials . * * @author ahoo wang */ -data class SwitchTenantCredentials( - @NotBlank val targetTenantId: String, - @NotBlank val principal: CoSecPrincipal -) : Credentials +interface SwitchTenantCredentials : Credentials { + val targetTenantId: String + val principal: CoSecPrincipal +} diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/principal/RoleCapable.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/principal/RoleCapable.kt index 015a1896..fa230374 100644 --- a/cosec-core/src/main/kotlin/me/ahoo/cosec/principal/RoleCapable.kt +++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/principal/RoleCapable.kt @@ -23,8 +23,8 @@ interface RoleCapable { * relation: * 
      * [CoSecPrincipal] 1:N [me.ahoo.cosec.tenant.Tenant]
-     * [me.ahoo.cosec.tenant.Tenant] 1:N [me.ahoo.cosec.role.Role]
-     * [CoSecPrincipal] 1:N [me.ahoo.cosec.role.Role]
+     * [me.ahoo.cosec.tenant.Tenant] 1:N Role
+     * [CoSecPrincipal] 1:N Role
* * * @return role ids.. diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/role/Role.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/role/Role.kt deleted file mode 100644 index 2ec0fcf8..00000000 --- a/cosec-core/src/main/kotlin/me/ahoo/cosec/role/Role.kt +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright [2021-present] [ahoo wang (https://github.com/Ahoo-Wang)]. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package me.ahoo.cosec.role - -import me.ahoo.cosec.tenant.Tenant - -/** - * Job function or title which defines an authority level. - * - * @author ahoo wang - */ -data class Role(override val tenantId: String, val id: String, val name: String) : Tenant diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/role/RoleConvert.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/role/RoleConvert.kt deleted file mode 100644 index e5bcc86d..00000000 --- a/cosec-core/src/main/kotlin/me/ahoo/cosec/role/RoleConvert.kt +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright [2021-present] [ahoo wang (https://github.com/Ahoo-Wang)]. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package me.ahoo.cosec.role - -/** - * Role tools. - * - * @author ahoo wang - */ -object RoleConvert { - const val SEPARATOR = "," - - @JvmStatic - fun asString(roles: Iterable): String { - return roles.joinToString(SEPARATOR) - } - - @JvmStatic - fun asSet(roles: String): Set { - return roles.split(SEPARATOR).toSet() - } -} diff --git a/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/JwtTokenConverter.kt b/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/JwtTokenConverter.kt index bb5f9d01..c2b3741e 100644 --- a/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/JwtTokenConverter.kt +++ b/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/JwtTokenConverter.kt @@ -20,7 +20,6 @@ import com.auth0.jwt.interfaces.JWTVerifier import me.ahoo.cosec.context.request.RequestTenantIdParser import me.ahoo.cosec.principal.CoSecPrincipal import me.ahoo.cosec.principal.RoleCapable -import me.ahoo.cosec.role.RoleConvert.asString import me.ahoo.cosec.tenant.TenantCapable import me.ahoo.cosec.token.AccessToken import me.ahoo.cosec.token.CompositeToken @@ -58,7 +57,7 @@ class JwtTokenConverter( .withJWTId(accessTokenId) .withSubject(principal.id) .withClaim(CoSecPrincipal.NAME_KEY, principal.name) - .withClaim(RoleCapable.ROLE_KEY, asString(principal.roles)) + .withClaim(RoleCapable.ROLE_KEY, principal.roles.joinToString(Jwts.ROLE_DELIMITER)) .withPayload(payloadClaims) .withIssuedAt(now) .withExpiresAt(accessTokenExp) diff --git a/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/Jwts.kt b/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/Jwts.kt index a0a5d6bf..67e314aa 100644 --- a/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/Jwts.kt +++ b/cosec-jwt/src/main/kotlin/me/ahoo/cosec/jwt/Jwts.kt @@ -20,7 +20,6 @@ import me.ahoo.cosec.policy.PolicyCapable import me.ahoo.cosec.principal.CoSecPrincipal import me.ahoo.cosec.principal.RoleCapable import me.ahoo.cosec.principal.SimplePrincipal -import me.ahoo.cosec.role.RoleConvert.asSet import me.ahoo.cosec.tenant.SimpleTenant import me.ahoo.cosec.token.SimpleAccessToken import me.ahoo.cosec.token.SimpleTokenPrincipal @@ -34,6 +33,7 @@ import me.ahoo.cosec.token.TokenTenantPrincipal * @author ahoo wang */ object Jwts { + const val ROLE_DELIMITER = "," const val AUTHORIZATION_KEY = "authorization" const val TOKEN_PREFIX = "Bearer " private val jwtParser = JWT() @@ -73,10 +73,12 @@ object Jwts { val attrs = decodedAccessToken .claims .filter { !isRegisteredClaim(it.key) } + val policyStr = decodedAccessToken.getClaim(PolicyCapable.POLICY_KEY).asString() - val policies = if (policyStr.isNullOrEmpty()) emptySet() else asSet(policyStr) + + val policies = if (policyStr.isNullOrEmpty()) emptySet() else policyStr.split(ROLE_DELIMITER).toSet() val rolesStr = decodedAccessToken.getClaim(RoleCapable.ROLE_KEY).asString() - val roles = if (rolesStr.isNullOrEmpty()) emptySet() else asSet(rolesStr) + val roles = if (rolesStr.isNullOrEmpty()) emptySet() else rolesStr.split(ROLE_DELIMITER).toSet() val principal = SimplePrincipal(principalId, name, policies, roles, attrs) val tenantId = decodedAccessToken.getClaim(RequestTenantIdParser.TENANT_ID_KEY).asString() val tokenPrincipal = SimpleTokenPrincipal(accessTokenId, principal) diff --git a/cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/AuthorizationHandlerInterceptor.kt b/cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/AuthorizationHandlerInterceptor.kt deleted file mode 100644 index d0adea9a..00000000 --- a/cosec-webmvc/src/main/kotlin/me/ahoo/cosec/servlet/AuthorizationHandlerInterceptor.kt +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright [2021-present] [ahoo wang (https://github.com/Ahoo-Wang)]. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package me.ahoo.cosec.servlet - -import me.ahoo.cosec.authorization.Authorization -import me.ahoo.cosec.context.SecurityContextParser -import me.ahoo.cosec.context.request.RequestParser -import org.springframework.web.servlet.HandlerInterceptor -import javax.servlet.http.HttpServletRequest -import javax.servlet.http.HttpServletResponse - -/** - * Authorization Handler Interceptor . - * - * @author ahoo wang - */ -class AuthorizationHandlerInterceptor( - securityContextParser: SecurityContextParser, - authorization: Authorization, - requestParser: RequestParser -) : AbstractAuthorizationInterceptor(requestParser, securityContextParser, authorization), HandlerInterceptor { - @Throws(Exception::class) - override fun preHandle(request: HttpServletRequest, response: HttpServletResponse, handler: Any): Boolean { - return authorize(request, response) - } -} diff --git a/gradle.properties b/gradle.properties index 9cc8dfd8..285a060f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -11,7 +11,7 @@ # limitations under the License. # group=me.ahoo.cosec -version=0.8.2 +version=0.8.5 description=RBAC-based And Policy-based Multi-Tenant Security Framework website=https://github.com/Ahoo-Wang/CoSec issues=https://github.com/Ahoo-Wang/CoSec/issues