Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixes #45 support specific swagger or openapi security and validator … #46

Merged
merged 3 commits into from
Aug 12, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
public class JwtVerifyHandler implements MiddlewareHandler {
static final Logger logger = LoggerFactory.getLogger(JwtVerifyHandler.class);

static final String OPENAPI_SECURITY_CONFIG = "openapi-security";
static final String ENABLE_VERIFY_SCOPE = "enableVerifyScope";

static final String STATUS_INVALID_AUTH_TOKEN = "ERR10000";
Expand All @@ -64,7 +65,13 @@ public class JwtVerifyHandler implements MiddlewareHandler {
static final String STATUS_INVALID_REQUEST_PATH = "ERR10007";
static final String STATUS_METHOD_NOT_ALLOWED = "ERR10008";

static final Map<String, Object> config = Config.getInstance().getJsonMapConfig(JwtHelper.SECURITY_CONFIG);
static Map<String, Object> config;
static {
// check if openapi-security.yml exist
config = Config.getInstance().getJsonMapConfig(OPENAPI_SECURITY_CONFIG);
// fallback to generic security.yml
if(config == null) config = Config.getInstance().getJsonMapConfig(JwtHelper.SECURITY_CONFIG);
}

private volatile HttpHandler next;

Expand Down
4 changes: 3 additions & 1 deletion openapi-security/src/main/resources/config/security.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# Security configuration in light framework.
# Security configuration in light framework. This is a generic security config
# for all frameworks. In most cases, you should just use this file if you have
# only one framework in your server instance.
---
# Enable JWT verification flag.
enableVerifyJwt: true
Expand Down
36 changes: 36 additions & 0 deletions openapi-security/src/test/resources/config/openapi-security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Security configuration for openapi-security in light-rest-4j. It is a specific config
# for OpenAPI framework and it can be used if you have other frameworks running in the
# same server instance and their security configurations are different then the OpenAPI.
# If this file cannot be found, the generic security.yml will be loaded as a fallback.
---
# Enable JWT verification flag.
enableVerifyJwt: true

# Enable JWT scope verification. Only valid when enableVerifyJwt is true.
enableVerifyScope: true

# User for test only. should be always be false on official environment.
enableMockJwt: false

# JWT signature public certificates. kid and certificate path mappings.
jwt:
certificate:
'100': oauth/primary.crt
'101': oauth/secondary.crt
clockSkewInSeconds: 60

# Enable or disable JWT token logging
logJwtToken: true

# Enable or disable client_id, user_id and scope logging.
logClientUserScope: false

# Enable JWT token cache to speed up verification. This will only verify expired time
# and skip the signature verification as it takes more CPU power and long time.
enableJwtCache: true

# If you are using light-oauth2, then you don't need to have oauth subfolder for public
# key certificate to verify JWT token, the key will be retrieved from key endpoint once
# the first token is arrived. Default to false for dev environment without oauth2 server
# or official environment that use other OAuth 2.0 providers.
bootstrapFromKeyService: false
4 changes: 2 additions & 2 deletions openapi-security/src/test/resources/logback-test.xml
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,11 @@
</triggeringPolicy>
</appender>

<root level="trace">
<root level="info">
<appender-ref ref="stdout" />
</root>

<logger name="com.networknt" level="trace">
<logger name="com.networknt.config" level="debug">
<appender-ref ref="log"/>
</logger>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,20 @@
* @author Steve Hu
*/
public class ValidatorHandler implements MiddlewareHandler {
public static final String OPENAPI_CONFIG_NAME = "openapi-validator";
public static final String CONFIG_NAME = "validator";

static final String STATUS_MISSING_OPENAPI_OPERATION = "ERR10012";

static final Logger logger = LoggerFactory.getLogger(ValidatorHandler.class);

static ValidatorConfig config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(CONFIG_NAME, ValidatorConfig.class);
static ValidatorConfig config;
static {
config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(OPENAPI_CONFIG_NAME, ValidatorConfig.class);
if(config == null) {
config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(CONFIG_NAME, ValidatorConfig.class);
}
}

private volatile HttpHandler next;

Expand Down
2 changes: 2 additions & 0 deletions openapi-validator/src/main/resources/config/validator.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# A generic light-4j framework validator configuration. If multiple frameworks are used in the
# same server instance and they have different configurations. You can use openapi-validator.yml
---
# Enable request validation. Response validation is not done on the server but client.
enabled: true
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# This is specific OpenAPI validator configuration file. It should be used if you have multiple
# frameworks implemented in the same server instance and they all need to have different validator
# configurations. If they share the same validator.yml then you can still use that one.
---
# Enable request validation. Response validation is not done on the server but client.
enabled: true
# Log error message if validation error occurs
logError: true
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
public class JwtVerifyHandler implements MiddlewareHandler {
static final Logger logger = LoggerFactory.getLogger(JwtVerifyHandler.class);

static final String SWAGGER_SECURITY_CONFIG = "swagger-security";
static final String ENABLE_VERIFY_SCOPE = "enableVerifyScope";

static final String STATUS_INVALID_AUTH_TOKEN = "ERR10000";
Expand All @@ -65,7 +66,13 @@ public class JwtVerifyHandler implements MiddlewareHandler {
static final String STATUS_INVALID_REQUEST_PATH = "ERR10007";
static final String STATUS_METHOD_NOT_ALLOWED = "ERR10008";

static final Map<String, Object> config = Config.getInstance().getJsonMapConfig(JwtHelper.SECURITY_CONFIG);
static Map<String, Object> config;
static {
// check if swagger-security.yml exist
config = Config.getInstance().getJsonMapConfig(SWAGGER_SECURITY_CONFIG);
// fallback to generic security.yml
if(config == null) config = Config.getInstance().getJsonMapConfig(JwtHelper.SECURITY_CONFIG);
}

private volatile HttpHandler next;

Expand Down
4 changes: 3 additions & 1 deletion swagger-security/src/main/resources/config/security.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# Security configuration in light framework.
# Security configuration in light framework. This is a generic security config
# for all frameworks. In most cases, you should just use this file if you have
# only one framework in your server instance.
---
# Enable JWT verification flag.
enableVerifyJwt: true
Expand Down
36 changes: 36 additions & 0 deletions swagger-security/src/test/resources/config/swagger-security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Security configuration for swagger-security in light-rest-4j. It is a specific config
# for Swagger framework and it can be used if you have other frameworks running in the
# same server instance and their security configurations are different then the Swagger.
# If this file cannot be found, the generic security.yml will be loaded as a fallback.
---
# Enable JWT verification flag.
enableVerifyJwt: true

# Enable JWT scope verification. Only valid when enableVerifyJwt is true.
enableVerifyScope: true

# User for test only. should be always be false on official environment.
enableMockJwt: false

# JWT signature public certificates. kid and certificate path mappings.
jwt:
certificate:
'100': oauth/primary.crt
'101': oauth/secondary.crt
clockSkewInSeconds: 60

# Enable or disable JWT token logging
logJwtToken: true

# Enable or disable client_id, user_id and scope logging.
logClientUserScope: false

# Enable JWT token cache to speed up verification. This will only verify expired time
# and skip the signature verification as it takes more CPU power and long time.
enableJwtCache: true

# If you are using light-oauth2, then you don't need to have oauth subfolder for public
# key certificate to verify JWT token, the key will be retrieved from key endpoint once
# the first token is arrived. Default to false for dev environment without oauth2 server
# or official environment that use other OAuth 2.0 providers.
bootstrapFromKeyService: false
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,21 @@
* @author Steve Hu
*/
public class ValidatorHandler implements MiddlewareHandler {

public static final String SWAGGER_CONFIG_NAME = "swagger-validator";
public static final String CONFIG_NAME = "validator";

static final String STATUS_MISSING_SWAGGER_OPERATION = "ERR10012";

static final Logger logger = LoggerFactory.getLogger(ValidatorHandler.class);

static ValidatorConfig config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(CONFIG_NAME, ValidatorConfig.class);
static ValidatorConfig config;
static {
config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(SWAGGER_CONFIG_NAME, ValidatorConfig.class);
if(config == null) {
config = (ValidatorConfig)Config.getInstance().getJsonObjectConfig(CONFIG_NAME, ValidatorConfig.class);
}
}

private volatile HttpHandler next;

Expand Down
2 changes: 2 additions & 0 deletions swagger-validator/src/main/resources/config/validator.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# A generic light-4j framework validator configuration. If multiple frameworks are used in the
# same server instance and they have different configurations. You can use swagger-validator.yml
---
# Enable request validation. Response validation is not done on the server but client.
enabled: true
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# This is specific Swagger validator configuration file. It should be used if you have multiple
# frameworks implemented in the same server instance and they all need to have different validator
# configurations. If they share the same validator.yml then you can still use that one.
---
# Enable request validation. Response validation is not done on the server but client.
enabled: true
# Log error message if validation error occurs
logError: true