Jwttoken update

build-dependencies.xml

@@ -353,11 +353,11 @@
     <property name="asm-commons-5.2.jar" value="${ext_libdir}/asm/asm-commons-5.2.jar"/>
     <property name="asm-tree-5.2.jar" value="${ext_libdir}/asm/asm-tree-5.2.jar"/>
     <property name="aws-java-sdk.jar" value="${ext_libdir}/aws-java-sdk/aws-java-sdk-1.0.004.jar"/>
-    <property name="jackson-core.jar" value="${ext_libdir}/jackson/1.9.7/jackson-core-asl.jar"/>
-    <property name="jackson-mapper.jar" value="${ext_libdir}/jackson/1.9.7/jackson-mapper-asl.jar"/>
-    <property name="jackson-annotations-2.3.0.jar" value="${ext_libdir}/jackson/1.9.7/jackson-annotations-2.3.0.jar"/>
-    <property name="jackson-core-2.3.2.jar" value="${ext_libdir}/jackson/1.9.7/jackson-core-2.3.2.jar"/>
-    <property name="jackson-databind-2.3.2.jar" value="${ext_libdir}/jackson/1.9.7/jackson-databind-2.3.2.jar"/>
+    <property name="jackson-core.jar" value="${ext_libdir}/jackson/2.8.1/jackson-core-asl.jar"/>
+    <property name="jackson-mapper.jar" value="${ext_libdir}/jackson/2.8.1/jackson-mapper-asl.jar"/>
+    <property name="jackson-annotations-2.8.1.jar" value="${ext_libdir}/jackson/2.8.1/jackson-annotations-2.8.1.jar"/>
+    <property name="jackson-core-2.8.1.jar" value="${ext_libdir}/jackson/2.8.1/jackson-core-2.8.1.jar"/>
+    <property name="jackson-databind-2.8.1.jar" value="${ext_libdir}/jackson/2.8.1/jackson-databind-2.8.1.jar"/>
     <property name="axis.jar" value="${ext_libdir}/axis/1.3/axis.jar"/>
     <property name="commons-dbcp.jar" value="${ext_libdir}/commons-dbcp/commons-dbcp.jar"/>
     <property name="commons-discovery.jar" value="${ext_libdir}/commons-discovery/0.2/commons-discovery.jar"/>
@@ -442,7 +442,10 @@
     <property name="dom4j-1.6.1.jar" value="${poi_libdir}/ooxml-lib/dom4j-1.6.1.jar"/>
     <property name="xmlbeans-2.3.0.jar" value="${poi_libdir}/ooxml-lib/xmlbeans-2.3.0.jar"/>
 
-    <property name="java-jwt-1.0.0.jar" value="${ext_libdir}/jwt/java-jwt-1.0.0.jar"/>
+    <property name="java-jwt-3.3.0.jar" value="${ext_libdir}/jwt/java-jwt-3.3.0.jar"/>
+    <property name="jwks-rsa-0.3.0.jar" value="${ext_libdir}/jwt/jwks-rsa-0.3.0.jar"/>
+    <property name="guava-19.0.jar" value="${ext_libdir}/jwt/guava-19.0.jar"/>
+    <property name="commons-codec-1.9.jar" value="${ext_libdir}/jwt/commons-codec-1.9.jar"/>
 
     <!-- Http Client libs -->
     <property name="httpclient_libdir" value="${ext_libdir}/httpclient"/>
@@ -641,16 +644,18 @@
         <pathelement location="${yuicompressor.jar}"/>
         <pathelement location="${jackson-core.jar}"/>
         <pathelement location="${jackson-mapper.jar}"/>
-        <pathelement location="${jackson-annotations-2.3.0.jar}"/>
-        <pathelement location="${jackson-core-2.3.2.jar}"/>
-        <pathelement location="${jackson-databind-2.3.2.jar}"/>
+        <pathelement location="${jackson-annotations-2.8.1.jar}"/>
+        <pathelement location="${jackson-core-2.8.1.jar}"/>
+        <pathelement location="${jackson-databind-2.8.1.jar}"/>
         <pathelement location="${scribe.jar}"/>
         <pathelement location="${jedis.jar}"/>
 <!--
         <pathelement location="${jsr311.jar}"/>
         <pathelement location="${cxf.jar}"/>
 -->
-        <pathelement location="${java-jwt-1.0.0.jar}"/>
+        <pathelement location="${java-jwt-3.3.0.jar}"/>
+        <pathelement location="${jwks-rsa-0.3.0.jar}"/>
+        <pathelement location="${guava-19.0.jar}"/>
     </path>
 
 </project>

build.xml

@@ -309,13 +309,16 @@
         </copy>
     	<copy file="${jackson-core.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
     	<copy file="${jackson-mapper.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
-        <copy file="${jackson-annotations-2.3.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
-        <copy file="${jackson-core-2.3.2.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
-        <copy file="${jackson-databind-2.3.2.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${jackson-annotations-2.8.1.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${jackson-core-2.8.1.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${jackson-databind-2.8.1.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
         <copy file="${encoder.jar}" todir="${ear_shared_libdir}" overwrite="true" />
 
     	<copy file="${yuicompressor.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
-        <copy file="${java-jwt-1.0.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${java-jwt-3.3.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${jwks-rsa-0.3.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${guava-19.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${commons-codec-1.9.jar}" tofile="${jboss_lib}/commons-codec.jar" overwrite="true"/>
 
         <!-- EJB components -->
         <copy file="${catalog_services_id_generator.jar}" todir="${build_distdir}/ejb" overwrite="true"/>

components/topcoder_cockpit_asset_services/build-dependencies.xml

@@ -23,7 +23,7 @@
     <property name="spring-framework.dir" value="${ext_libdir}/spring/"/>
     <property name="commons-logging.jar" value="${ext_libdir}/commons-logging/1.1.1/commons-logging-1.1.1.jar"/>
     <property name="hibernate.dir" value="${ext_libdir}/hibernate"/>
-    <property name="jackson.dir" value="${ext_libdir}/jackson/1.9.7"/>
+    <property name="jackson.dir" value="${ext_libdir}/jackson/2.8.1"/>
     <property name="aspectj.dir" value="${ext_libdir}/aspectj/"/>
 
     <path id="component.tcs-dependencies">
@@ -58,4 +58,4 @@
         <pathelement location="${ifxjdbc.jar}"/>
     </path>
 
-</project>
+</project>

conf/Direct.properties

@@ -17,6 +17,7 @@ JWT_EXPIRATION_SECONDS = @JWT_EXPIRATION_SECONDS@
 LDAP_AUTH0_CONNECTION_NAME = @LDAP_AUTH0_CONNECTION_NAME@
 REDIRECT_URL_AUTH0 = /reg2/callback.action
 REG_SERVER_NAME= @REG_SERVER_NAME@
+JWT_VALID_ISSUERS=@JWT_VALID_ISSUERS@
 
 #Parameter whether we use login processor or not
 USE_LOGIN_PROCESSOR = @useLoginProcessor@

services/cloud_vm_service/build-dependencies.xml

@@ -167,8 +167,8 @@
     <property name="xerces.jar" value="${ext_libdir}/xerces/2.6.2/xerces.jar"/>
     <property name="commons-discovery.jar" value="${ext_libdir}/commons-discovery/0.2/commons-discovery.jar"/>
     <property name="aws-java" value="${ext_libdir}/aws-java-sdk/aws-java-sdk-1.0.004.jar"/>
-    <property name="jackson-core" value="${ext_libdir}/jackson/1.9.7/jackson-core-asl.jar"/>
-    <property name="jackson-mapper" value="${ext_libdir}/jackson/1.9.7/jackson-mapper-asl.jar"/>
+    <property name="jackson-core" value="${ext_libdir}/jackson/2.8.1/jackson-core-asl.jar"/>
+    <property name="jackson-mapper" value="${ext_libdir}/jackson/2.8.1/jackson-mapper-asl.jar"/>
 
 
     <path id="component.tcs-dependencies">

src/java/main/com/topcoder/direct/services/view/action/ServiceBackendDataTablesAction.java

@@ -323,7 +323,7 @@ protected JsonNode getJsonResultFromAPI(URI apiEndPoint) throws Exception {
             // specify the get request
             HttpGet getRequest = new HttpGet(apiEndPoint);
 
-            String token = jwtTokenUpdater.check().getToken();
+            String token = jwtTokenUpdater.getV3Token();
 
             getRequest.setHeader(HttpHeaders.AUTHORIZATION,
                     "Bearer " + token);

src/java/main/com/topcoder/direct/services/view/action/contest/launch/GetGroupMemberAction.java

@@ -190,7 +190,7 @@ private RestResult<GroupMember> getGroupMemberByGid(Long gid) throws Exception {
             HttpGet request = new HttpGet(groupApiEndpointUri);
             String jwtToken;
             try{
-                jwtToken = jwtTokenUpdater.check().getToken();
+                jwtToken = jwtTokenUpdater.getV3Token();
             } catch (Exception e) {
                 logger.error("Can't get jwt token");
                 throw e;

src/java/main/com/topcoder/direct/services/view/action/my/MyChallengesAction.java

@@ -3,12 +3,15 @@
  */
 package com.topcoder.direct.services.view.action.my;
 
+import com.topcoder.direct.services.configs.ServerConfiguration;
 import com.topcoder.direct.services.view.action.ServiceBackendDataTablesAction;
 import com.topcoder.direct.services.view.dto.my.Challenge;
 import com.topcoder.direct.services.view.dto.my.RestResult;
-import com.topcoder.direct.services.view.exception.JwtAuthenticationException;
+import com.topcoder.direct.services.view.util.DirectUtils;
 import org.codehaus.jackson.JsonNode;
 
+import org.apache.struts2.ServletActionContext;
+
 import java.text.DateFormat;
 import java.text.NumberFormat;
 import java.text.SimpleDateFormat;
@@ -46,11 +49,9 @@ public class MyChallengesAction extends ServiceBackendDataTablesAction {
      */
     @Override
     public String execute() throws Exception {
-        try {
-            getJwtTokenUpdater().check();
-        } catch (JwtAuthenticationException e) {
+        if (DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
+                ServerConfiguration.JWT_COOOKIE_KEY) == null)
             return "forward";
-        }
 
         // populate filter data
         this.setupFilterPanel();

src/java/main/com/topcoder/direct/services/view/action/my/MyCreatedChallengesAction.java

@@ -7,14 +7,11 @@
 import com.topcoder.direct.services.view.action.ServiceBackendDataTablesAction;
 import com.topcoder.direct.services.view.dto.my.Challenge;
 import com.topcoder.direct.services.view.dto.my.RestResult;
-import com.topcoder.direct.services.view.exception.JwtAuthenticationException;
 import com.topcoder.direct.services.view.util.DirectUtils;
-import com.topcoder.direct.services.view.util.JwtTokenUpdater;
 import com.topcoder.service.user.UserService;
 import org.apache.struts2.ServletActionContext;
 import org.codehaus.jackson.JsonNode;
 
-import javax.servlet.http.Cookie;
 import java.text.DateFormat;
 import java.text.NumberFormat;
 import java.text.SimpleDateFormat;
@@ -63,11 +60,9 @@ public class MyCreatedChallengesAction extends ServiceBackendDataTablesAction {
      */
     @Override
     public String execute() throws Exception {
-        try {
-            getJwtTokenUpdater().check();
-        } catch (JwtAuthenticationException e) {
+        if (DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
+                ServerConfiguration.JWT_COOOKIE_KEY) == null)
             return "forward";
-        }
 
         // populate filter data
         this.setupFilterPanel();

src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java

@@ -5,16 +5,17 @@
 package com.topcoder.direct.services.view.interceptors;
 
 
+import java.util.Arrays;
 import java.util.Set;
-import java.util.Map;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import com.topcoder.direct.services.view.util.jwt.JWTToken;
+import com.topcoder.direct.services.view.util.jwt.TokenExpiredException;
 import org.apache.struts2.ServletActionContext;
-import com.auth0.jwt.JWTVerifier;
 
 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
@@ -282,30 +283,30 @@ public String intercept(ActionInvocation invocation) throws Exception {
             new SimpleResponse(response), BasicAuthentication.MAIN_SITE, DBMS.JTS_OLTP_DATASOURCE_NAME);
         User user = auth.getActiveUser();
 
-        boolean jwtValid = true;
-
         Cookie jwtCookie = DirectUtils.getCookieFromRequest(ServletActionContext.getRequest(),
                 ServerConfiguration.JWT_COOOKIE_KEY);
 
-
-
         if (jwtCookie == null) {
             return loginPageName;
         }
 
-        Map<String, Object> decodedPayload;
-
+        JWTToken jwtToken = null;
         try {
-            decodedPayload = new JWTVerifier(DirectProperties.CLIENT_SECRET_AUTH0, DirectProperties.CLIENT_ID_AUTH0).verify(jwtCookie.getValue());
+            jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.CLIENT_SECRET_AUTH0,
+                    DirectProperties.JWT_VALID_ISSUERS, new JWTToken.Base64SecretEncoder());
+        } catch (TokenExpiredException e) {
+            //refresh token here
+            //redirect to loginpage for now
+            logger.error("Token is expired. Should do refresh token here");
+            return loginPageName;
         } catch (Exception e) {
             return loginPageName;
         }
-       
-        if (decodedPayload.get("sub") == null) {
+
+        if (jwtToken.getSubject() == null) {
             return loginPageName;
         }
 
-
         if (user != null  && !user.isAnonymous()) {
             // get user roles for the user id
             Set<TCPrincipal> roles = DirectUtils.getUserRoles(user.getId());

src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java

@@ -3,14 +3,15 @@
  */
 package com.topcoder.direct.services.view.processor.security;
 
-import com.auth0.jwt.Algorithm;
+import com.auth0.jwt.algorithms.Algorithm;
 import com.topcoder.direct.services.configs.ServerConfiguration;
 import com.topcoder.direct.services.view.action.LoginAction;
 import com.topcoder.direct.services.view.form.LoginForm;
 import com.topcoder.direct.services.view.processor.RequestProcessor;
 import com.topcoder.direct.services.view.util.DirectProperties;
 import com.topcoder.direct.services.view.util.DirectUtils;
 import com.topcoder.direct.services.view.util.jwt.DirectJWTSigner;
+import com.topcoder.direct.services.view.util.jwt.JWTToken;
 import com.topcoder.security.TCSubject;
 import com.topcoder.security.login.AuthenticationException;
 import com.topcoder.security.login.LoginRemote;
@@ -75,7 +76,6 @@ public class LoginProcessor implements RequestProcessor<LoginAction> {
 
     static {
         JWT_OPTIONS = new DirectJWTSigner.Options();
-        JWT_OPTIONS.setAlgorithm(Algorithm.HS256);
         JWT_OPTIONS.setExpirySeconds(DirectProperties.JWT_EXPIRATION_SECONDS);
         JWT_OPTIONS.setIssuedAt(true);
     }
@@ -131,6 +131,7 @@ public void processRequest(LoginAction action) {
             String sign = jwtSigner.sign(claims, JWT_OPTIONS);
 
             // add session cookie, use -1 for expiration time
+            log.info("Signed JWT: " + sign);
             DirectUtils.addDirectCookie(ServletActionContext.getResponse(),
                     ServerConfiguration.JWT_COOOKIE_KEY, sign, -1);
 

src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java

@@ -3,14 +3,15 @@
  */
 package com.topcoder.direct.services.view.processor.security;
 
-import com.auth0.jwt.Algorithm;
+import com.auth0.jwt.algorithms.Algorithm;
 import com.topcoder.direct.services.configs.ServerConfiguration;
 import com.topcoder.direct.services.view.action.LoginAction;
 import com.topcoder.direct.services.view.form.LoginForm;
 import com.topcoder.direct.services.view.processor.RequestProcessor;
 import com.topcoder.direct.services.view.util.DirectProperties;
 import com.topcoder.direct.services.view.util.DirectUtils;
 import com.topcoder.direct.services.view.util.jwt.DirectJWTSigner;
+import com.topcoder.direct.services.view.util.jwt.JWTToken;
 import com.topcoder.security.RolePrincipal;
 import com.topcoder.security.TCPrincipal;
 import com.topcoder.security.TCSubject;
@@ -99,7 +100,6 @@ public class MockLoginProcessor implements RequestProcessor<LoginAction> {
 
     static {
         JWT_OPTIONS = new DirectJWTSigner.Options();
-        JWT_OPTIONS.setAlgorithm(Algorithm.HS256);
         JWT_OPTIONS.setExpirySeconds(DirectProperties.JWT_EXPIRATION_SECONDS);
         JWT_OPTIONS.setIssuedAt(true);
     }
@@ -210,12 +210,14 @@ public void processRequest(LoginAction action) {
                 claims.put("aud", DirectProperties.CLIENT_ID_AUTH0);
 
                 String sign = jwtSigner.sign(claims, JWT_OPTIONS);
-
+                log.info("SIgned JWT: " + sign);
                 // add session cookie, use -1 for expiration time
                 DirectUtils.addDirectCookie(ServletActionContext.getResponse(),
                         ServerConfiguration.JWT_COOOKIE_KEY, sign, -1);
             } catch (Exception e) {
-                log.error("User " + username + " could not set cookie");
+                log.error("User " + username + " could not set cookie", e);
+                log.error(e.getMessage() + e.getCause());
+                log.error(e.getStackTrace());
                 action.setResultCode(LoginAction.RC_INVALID_CREDENTIALS);
             }
         }

src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java

@@ -138,6 +138,11 @@ public final class DirectProperties {
      */
     public static String USE_LOGIN_PROCESSOR;
 
+    /**
+     * List of known JWT issuers
+     */
+    public static String JWT_VALID_ISSUERS;
+
     /**
      * <p>
      * Initializes non-final static fields for this class with values for the same-named properties from the resource

src/java/main/com/topcoder/direct/services/view/util/DirectUtils.java

@@ -3787,7 +3787,7 @@ public static Set<ProjectGroup> getGroupsFromApi(TCSubject tcSubject, JwtTokenUp
         HttpGet getRequest = new HttpGet(uri.build());
         logger.info("Getting Group with thi uri: " + uri.build().toString());
 
-        String v3Token = jwtTokenUpdater.check().getToken();
+        String v3Token = jwtTokenUpdater.getV3Token();
 
         getRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + v3Token);