From 9ad51de6ec09495f18c0d9438d79c23e30ec4c41 Mon Sep 17 00:00:00 2001 From: Deddy Syefria Date: Fri, 19 Jan 2018 23:17:10 +0700 Subject: [PATCH] use JWT_V3_SECRET --- conf/ApplicationServer.properties | 1 - conf/Direct.properties | 1 + .../services/view/interceptors/AuthenticationInterceptor.java | 2 +- .../direct/services/view/processor/security/LoginProcessor.java | 2 +- .../services/view/processor/security/MockLoginProcessor.java | 2 +- .../topcoder/direct/services/view/util/DirectProperties.java | 2 +- token.properties.docker | 1 + token.properties.example | 1 + 8 files changed, 7 insertions(+), 5 deletions(-) diff --git a/conf/ApplicationServer.properties b/conf/ApplicationServer.properties index 96290c3db..2ef6ba336 100644 --- a/conf/ApplicationServer.properties +++ b/conf/ApplicationServer.properties @@ -44,5 +44,4 @@ SSO_COOKIE_KEY = @ApplicationServer.SSO_COOKIE_KEY@ SSO_HASH_SECRET = @ApplicationServer.SSO_HASH_SECRET@ SSO_DOMAIN = @ApplicationServer.SSO_DOMAIN@ -JWT_COOKIE_KEY = @ApplicationServer.JWT_COOKIE_KEY@ JWT_V3_COOKIE_KEY = @ApplicationServer.JWT_V3_COOKIE_KEY@ diff --git a/conf/Direct.properties b/conf/Direct.properties index f68d84e7f..b69bbc4be 100644 --- a/conf/Direct.properties +++ b/conf/Direct.properties @@ -18,6 +18,7 @@ LDAP_AUTH0_CONNECTION_NAME = @LDAP_AUTH0_CONNECTION_NAME@ REDIRECT_URL_AUTH0 = /reg2/callback.action REG_SERVER_NAME= @REG_SERVER_NAME@ JWT_VALID_ISSUERS=@JWT_VALID_ISSUERS@ +JWT_V3_SECRET = @JWT_V3_SECRET@ #Parameter whether we use login processor or not USE_LOGIN_PROCESSOR = @useLoginProcessor@ diff --git a/src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java b/src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java index 586edc4d1..ef2f293b5 100644 --- a/src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java +++ b/src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java @@ -294,7 +294,7 @@ public String intercept(ActionInvocation invocation) throws Exception { JWTToken jwtToken = null; try { - jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.CLIENT_SECRET_AUTH0, + jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.JWT_V3_SECRET, DirectProperties.JWT_VALID_ISSUERS, authorizationURL, new JWTToken.Base64SecretEncoder()); jwtToken.verify(); } catch (TokenExpiredException e) { diff --git a/src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java b/src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java index 726741f69..3dbe7b3fd 100644 --- a/src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java +++ b/src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java @@ -119,7 +119,7 @@ public void processRequest(LoginAction action) { // generate the jwt cookie - DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.CLIENT_SECRET_AUTH0); + DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.JWT_V3_SECRET); Map claims = new HashMap(); claims.put("iss", "https://" + DirectProperties.DOMAIN_AUTH0); diff --git a/src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java b/src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java index 8903ae39c..3e77b8abd 100644 --- a/src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java +++ b/src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java @@ -200,7 +200,7 @@ public void processRequest(LoginAction action) { action.getFormData().isRemember()); // generate the jwt cookie - DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.CLIENT_SECRET_AUTH0); + DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.JWT_V3_SECRET); Map claims = new HashMap(); claims.put("iss", "https://" + DirectProperties.DOMAIN_AUTH0); diff --git a/src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java b/src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java index 3c220d2dc..9af37bbfe 100644 --- a/src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java +++ b/src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java @@ -99,7 +99,7 @@ public final class DirectProperties { * * @since 1.1 */ - public static String CLIENT_SECRET_AUTH0; + public static String JWT_V3_SECRET; /** *

diff --git a/token.properties.docker b/token.properties.docker index 4772d302c..e05f62d2b 100644 --- a/token.properties.docker +++ b/token.properties.docker @@ -324,6 +324,7 @@ @DOMAIN_AUTH0@ = sma.auth0.com @CLIENT_ID_AUTH0@ = CMaBuwSnY0Vu68PLrWatvvu3iIiGPh7t @CLIENT_SECRET_AUTH0@ = ZEEIRf_aLhvbYymAMTFefoEJ_8y7ELrUaboMTmE5fQoJXEo7sxxyg8IW6gtbyKuT +@JWT_V3_SECRET@ = ZEEIRf_aLhvbYymAMTFefoEJ_8y7ELrUaboMTmE5fQoJXEo7sxxyg8IW6gtbyKuT @REG_SERVER_NAME@= tc.cloud.topcoder.com @LDAP_AUTH0_CONNECTION_NAME@=vm-ldap-connection @JWT_VALID_ISSUERS@ = https://sma.auth0.com, https://newtc.auth0.com, https://topcoder-newauth.auth0.com/ diff --git a/token.properties.example b/token.properties.example index c05dd9908..0042771eb 100644 --- a/token.properties.example +++ b/token.properties.example @@ -388,6 +388,7 @@ @DOMAIN_AUTH0@= @CLIENT_ID_AUTH0@= @CLIENT_SECRET_AUTH0@= +@JWT_V3_SECRET@ = secret @JWT_EXPIRATION_SECONDS@=36000000 @REG_SERVER_NAME@=tc.cloud.topcoder.com @LDAP_AUTH0_CONNECTION_NAME@=vm-ldap-connection