diff --git a/dspace-api/src/main/java/org/dspace/eperson/EPerson.java b/dspace-api/src/main/java/org/dspace/eperson/EPerson.java index 2f97545ffa..0c63a52865 100644 --- a/dspace-api/src/main/java/org/dspace/eperson/EPerson.java +++ b/dspace-api/src/main/java/org/dspace/eperson/EPerson.java @@ -65,6 +65,9 @@ public class EPerson extends DSpaceObject implements DSpaceObjectLegacySupport @Column(name="salt", length = 32) private String salt; + @Column(name="jwt_salt", length = 16) + private String jwtSalt; + @Column(name="digest_algorithm", length = 16) private String digestAlgorithm; @@ -433,4 +436,12 @@ public class EPerson extends DSpaceObject implements DSpaceObjectLegacySupport } return ePersonService; } + + public String getJwtSalt() { + return jwtSalt; + } + + public void setJwtSalt(String jwtSalt) { + this.jwtSalt = jwtSalt; + } } diff --git a/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/JWTTokenHandler.java b/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/JWTTokenHandler.java index a052004ce0..780bea4c9a 100644 --- a/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/JWTTokenHandler.java +++ b/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/JWTTokenHandler.java @@ -11,6 +11,9 @@ import org.dspace.core.Context; import org.dspace.eperson.EPerson; import org.dspace.eperson.Group; import org.dspace.eperson.factory.EPersonServiceFactory; +import org.dspace.eperson.service.EPersonService; +import org.springframework.security.crypto.keygen.KeyGenerators; +import org.springframework.security.crypto.keygen.StringKeyGenerator; import java.sql.SQLException; import java.text.ParseException; @@ -21,25 +24,36 @@ import java.util.stream.Collectors; public class JWTTokenHandler { + private static String jwtKey = "testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"; private AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService(); - + private EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService(); public EPerson parseEPersonFromToken(String token) throws JOSEException, ParseException, SQLException { - JWSVerifier verifier = new MACVerifier("testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"); + SignedJWT signedJWT = SignedJWT.parse(token); + Context context = new Context(); + EPerson ePerson = ePersonService.find(context, UUID.fromString(signedJWT.getJWTClaimsSet().getClaim("EPersonID").toString())); + JWSVerifier verifier = new MACVerifier(jwtKey + ePerson.getJwtSalt()); if (signedJWT.verify(verifier)) { - Context context = new Context(); - return EPersonServiceFactory.getInstance().getEPersonService().find(context, UUID.fromString(signedJWT.getJWTClaimsSet().getClaim("EPersonID").toString())); + return ePerson; } else { return null; } } - public String createTokenForEPerson(EPerson ePerson, List groups) throws JOSEException { - JWSSigner signer = new MACSigner("testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"); + public String createTokenForEPerson(Context context, EPerson ePerson, List groups) throws JOSEException { + StringKeyGenerator stringKeyGenerator = KeyGenerators.string(); + String salt = stringKeyGenerator.generateKey(); + JWSSigner signer = new MACSigner(jwtKey + salt); List groupIds = groups.stream().map(Group::getLegacyId).collect(Collectors.toList()); + ePerson.setJwtSalt(salt); + try { + context.commit(); + } catch (SQLException e) { + e.printStackTrace(); + } JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .claim("EPersonID", ePerson.getID().toString()) diff --git a/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/TokenAuthenticationService.java b/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/TokenAuthenticationService.java index 5a90a915a8..1b7812a0a8 100644 --- a/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/TokenAuthenticationService.java +++ b/dspace-spring-rest/src/main/java/org/dspace/app/rest/security/TokenAuthenticationService.java @@ -4,6 +4,7 @@ import com.nimbusds.jose.JOSEException; import org.dspace.app.rest.utils.ContextUtil; import org.dspace.authenticate.factory.AuthenticateServiceFactory; import org.dspace.authenticate.service.AuthenticationService; +import org.dspace.core.Context; import org.dspace.eperson.EPerson; import org.dspace.eperson.Group; import org.dspace.eperson.factory.EPersonServiceFactory; @@ -32,8 +33,9 @@ public class TokenAuthenticationService { public void addAuthentication(HttpServletRequest request, HttpServletResponse response, String email) { try { EPerson ePerson = ePersonService.findByEmail(ContextUtil.obtainContext(request), email); - List groups = authenticationService.getSpecialGroups(ContextUtil.obtainContext(request), request); - String token = jwtTokenHandler.createTokenForEPerson(ePerson, groups); + Context context = ContextUtil.obtainContext(request); + List groups = authenticationService.getSpecialGroups(context, request); + String token = jwtTokenHandler.createTokenForEPerson(context, ePerson, groups); Cookie cookie = new Cookie("access_token", token); response.addCookie(cookie); } catch (JOSEException e) {