Skip to content

Commit

Permalink
add new variable to create JWT that allows changing steps.
Browse files Browse the repository at this point in the history
  • Loading branch information
@opaetzel
opaetzel committed Nov 6, 2018
1 parent e3b6968 commit d17380c
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 5 deletions.
1 change: 1 addition & 0 deletions Goobi/.classpath
View file
Expand Up @@ -160,6 +160,7 @@
<classpathentry kind="lib" path="webapp/WEB-INF/lib/commons-net-3.6.jar"/>
<classpathentry kind="lib" path="webapp/WEB-INF/lib/commons-ip-math-1.32.jar"/>
<classpathentry kind="lib" path="webapp/WEB-INF/lib/normdataimporter-1.2.jar"/>
<classpathentry kind="lib" path="webapp/WEB-INF/lib/java-jwt-3.4.1.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
<attributes>
Expand Down
1 change: 1 addition & 0 deletions Goobi/.gitignore
View file
Expand Up @@ -12,3 +12,4 @@
/goobi-jar/
/goobi-war/
/target/
/module-war/
13 changes: 8 additions & 5 deletions Goobi/src/de/sub/goobi/config/ConfigurationHelper.java
View file
Expand Up @@ -320,6 +320,10 @@ public int getBatchMaxSize() {
return getLocalInt("batchMaxSize", 100);
}

public String getJwtSecret() {
return getLocalString("jwtSecret", null);
}

public boolean useS3() {
return getLocalBoolean("useS3", false);
}
Expand Down Expand Up @@ -525,8 +529,7 @@ public boolean isMetsEditorShowOCRButton() {
public boolean isMetsEditorShowMetadataPopup() {
return getLocalBoolean("MetsEditorShowMetadataPopup", true);
}



public String getFormatOfMetsBackup() {
return getLocalString("formatOfMetaBackups");
}
Expand Down Expand Up @@ -683,17 +686,17 @@ public List<String> getMetsEditorImageSizes() {
return getLocalList("MetsEditorImageSize");

}

public List<String> getMetsEditorImageTileSizes() {
return getLocalList("MetsEditorImageTileSize");

}

public List<String> getMetsEditorImageTileScales() {
return getLocalList("MetsEditorImageTileScale");

}

public boolean getMetsEditorUseImageTiles() {
return getLocalBoolean("MetsEditorUseImageTiles", true);

Expand Down
66 changes: 66 additions & 0 deletions Goobi/src/de/sub/goobi/helper/JwtHelper.java
View file
@@ -0,0 +1,66 @@
package de.sub.goobi.helper;

import java.util.Date;

import javax.naming.ConfigurationException;

import org.goobi.beans.Step;
import org.joda.time.DateTime;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import de.sub.goobi.config.ConfigurationHelper;
import lombok.extern.log4j.Log4j;

@Log4j
public class JwtHelper {
public static String createChangeStepToken(Step step) throws ConfigurationException {
String secret = ConfigurationHelper.getInstance().getJwtSecret();
if (secret == null) {
throw new ConfigurationException(
"Could not get JWT secret from configuration. Please configure the key 'jwtSecret' in the file goobi_config.properties");
}
Algorithm algorithm = Algorithm.HMAC256("secret");
Date expiryDate = new DateTime().plusHours(37).toDate();
String token = JWT.create()
.withIssuer("Goobi")
.withClaim("stepId", step.getId())
.withClaim("changeStepAllowed", true)
.withExpiresAt(expiryDate)
.sign(algorithm);
return token;
}

public static boolean verifyChangeStepToken(String token, Integer stepId) throws ConfigurationException {
String secret = ConfigurationHelper.getInstance().getJwtSecret();
if (secret == null) {
throw new ConfigurationException(
"Could not get JWT secret from configuration. Please configure the key 'jwtSecret' in the file goobi_config.properties");
}
try {
Algorithm algorithm = Algorithm.HMAC256("secret");
JWTVerifier verifier = JWT.require(algorithm)
.withIssuer("Goobi")
.build();
DecodedJWT jwt = verifier.verify(token);
Integer claimId = jwt.getClaim("stepId").asInt();
if (claimId == null || !stepId.equals(claimId)) {
log.debug("token rejected: step IDs do not match");
return false;
}
Boolean changeStepAllowed = jwt.getClaim("changeStepAllowed").asBoolean();
if (changeStepAllowed == null || !changeStepAllowed) {
log.debug("token rejected: changing the step not allowed");
return false;
}
} catch (JWTVerificationException exception) {
//Invalid signature/claims
return false;
}
return true;
}
}
13 changes: 13 additions & 0 deletions Goobi/src/de/sub/goobi/helper/VariableReplacer.java
View file
Expand Up @@ -35,6 +35,8 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.naming.ConfigurationException;

import org.apache.commons.lang.SystemUtils;
import org.apache.commons.lang.text.StrTokenizer;
import org.apache.log4j.Logger;
Expand Down Expand Up @@ -94,6 +96,7 @@ private enum MetadataLevel {
private static Pattern pMetaFile = Pattern.compile("\\$?(:?\\(|\\{)metaFile(:?\\}|\\))");
private static Pattern pStepId = Pattern.compile("\\$?(:?\\(|\\{)stepid(:?\\}|\\))");
private static Pattern pStepName = Pattern.compile("\\$?(:?\\(|\\{)stepname(:?\\}|\\))");
private static Pattern pChangeStepToken = Pattern.compile("\\\\$?(:?\\\\(|\\\\{)changesteptoken(:?\\\\}|\\\\))");

DigitalDocument dd;
Prefs prefs;
Expand Down Expand Up @@ -258,6 +261,16 @@ public String replace(String inString) {

inString = pStepId.matcher(inString).replaceAll(stepId);
inString = pStepName.matcher(inString).replaceAll(stepname);

Matcher tokenMatcher = pChangeStepToken.matcher(inString);
if (tokenMatcher.find()) {
try {
String token = JwtHelper.createChangeStepToken(step);
inString = tokenMatcher.replaceAll(token);
} catch (ConfigurationException e) {
logger.error(e);
}
}
}

// replace WerkstueckEigenschaft, usage: (product.PROPERTYTITLE)
Expand Down
Binary file added Goobi/webapp/WEB-INF/lib/java-jwt-3.4.1.jar
View file
Binary file not shown.

0 comments on commit d17380c

Please sign in to comment.