From bdc82558843ce79c5c8510e3d76a31dbc5eff103 Mon Sep 17 00:00:00 2001 From: Clement Bois Date: Fri, 26 Jan 2024 09:27:22 +0100 Subject: [PATCH] feat: add alpine.auth.jwt.ttl.seconds config --- .../src/main/java/alpine/Config.java | 3 +- .../java/alpine/server/auth/JsonWebToken.java | 33 ++++++++++++++----- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/alpine-common/src/main/java/alpine/Config.java b/alpine-common/src/main/java/alpine/Config.java index 2b12cb3f..1e32a9c3 100644 --- a/alpine-common/src/main/java/alpine/Config.java +++ b/alpine-common/src/main/java/alpine/Config.java @@ -181,7 +181,8 @@ public enum AlpineKey implements Key { CORS_ALLOW_CREDENTIALS ("alpine.cors.allow.credentials", true), CORS_MAX_AGE ("alpine.cors.max.age", 3600), WATCHDOG_LOGGING_INTERVAL ("alpine.watchdog.logging.interval", 0), - API_KEY_PREFIX ("alpine.api.key.prefix", "alpine_"); + API_KEY_PREFIX ("alpine.api.key.prefix", "alpine_"), + AUTH_JWT_TTL_SECONDS ("alpine.auth.jwt.ttl.seconds", 7 * 24 * 60); private String propertyName; diff --git a/alpine-server/src/main/java/alpine/server/auth/JsonWebToken.java b/alpine-server/src/main/java/alpine/server/auth/JsonWebToken.java index f74b7fbc..5e2ea5da 100644 --- a/alpine-server/src/main/java/alpine/server/auth/JsonWebToken.java +++ b/alpine-server/src/main/java/alpine/server/auth/JsonWebToken.java @@ -130,13 +130,30 @@ public String createToken(final Principal principal, final List perm * @return a String representation of the generated token * @since 1.8.0 */ - public String createToken(final Principal principal, final List permissions, final IdentityProvider identityProvider) { - final Date today = new Date(); + public String createToken(final Principal principal, final List permissions, + final IdentityProvider identityProvider) { + final int ttl = Config.getInstance().getPropertyAsInt(Config.AlpineKey.AUTH_JWT_TTL_SECONDS); + return createToken(principal, permissions, identityProvider, ttl); + } + + /** + * Creates a new JWT for the specified principal. Token is signed using + * the SecretKey with an HMAC 256 algorithm. + * + * @param principal the Principal to create the token for + * @param permissions the effective list of permissions for the principal + * @param identityProvider the identity provider the principal was authenticated with. If null, it will be derived from principal + * @param ttlSeconds the token time-to-live in seconds + * @return a String representation of the generated token + * @since 2.2.6 + */ + public String createToken(final Principal principal, final List permissions, final IdentityProvider identityProvider, final int ttlSeconds) { + final Date now = new Date(); final JwtBuilder jwtBuilder = Jwts.builder(); jwtBuilder.setSubject(principal.getName()); jwtBuilder.setIssuer(ISSUER); - jwtBuilder.setIssuedAt(today); - jwtBuilder.setExpiration(addDays(today, 7)); + jwtBuilder.setIssuedAt(now); + jwtBuilder.setExpiration(addSeconds(now, ttlSeconds)); if (permissions != null) { jwtBuilder.claim("permissions", permissions.stream() .map(Permission::getName) @@ -203,14 +220,14 @@ public boolean validateToken(final String token) { /** * Create a new future Date from the specified Date. * - * @param date The date to base the future date from - * @param days The number of dates to + offset + * @param date The date to base the future date from + * @param seconds The number of seconds to + offset * @return a future date */ - private Date addDays(final Date date, final int days) { + private Date addSeconds(final Date date, final int seconds) { final Calendar cal = Calendar.getInstance(); cal.setTime(date); - cal.add(Calendar.DATE, days); //minus number would decrement the days + cal.add(Calendar.SECOND, seconds); //minus number would decrement the seconds return cal.getTime(); }