Merge pull request #619 from sberyozkin/cleanup_security_jwt

Simplify security-jwt-quickstart

security-jwt-quickstart/src/main/java/org/acme/security/jwt/TokenSecuredResource.java

@@ -1,20 +1,14 @@
 package org.acme.security.jwt;
 
-import java.security.Principal;
-import java.time.LocalDate;
-import java.util.ArrayList;
-import java.util.Optional;
-
 import javax.annotation.security.DenyAll;
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
-import javax.json.JsonString;
 import javax.ws.rs.GET;
+import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
-import javax.ws.rs.container.ResourceContext;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
@@ -27,108 +21,62 @@
 @RequestScoped
 public class TokenSecuredResource {
 
-    @Context
-    ResourceContext resourceContext;
-
     @Inject
     JsonWebToken jwt;
     @Inject
     @Claim(standard = Claims.birthdate)
-    Optional<JsonString> birthdate;
+    String birthdate;
+
 
-    @GET()
+    @GET
     @Path("permit-all")
     @PermitAll
     @Produces(MediaType.TEXT_PLAIN)
     public String hello(@Context SecurityContext ctx) {
-        Principal caller = ctx.getUserPrincipal();
-        String name = caller == null ? "anonymous" : caller.getName();
-        boolean hasJWT = jwt.getClaimNames() != null;
-        String helloReply = String.format("hello + %s, isSecure: %s, authScheme: %s, hasJWT: %s", name, ctx.isSecure(),
-                ctx.getAuthenticationScheme(), hasJWT);
-        return helloReply;
+    	return getResponseString(ctx);
     }
 
-    @GET()
+    @GET
     @Path("roles-allowed")
-    @RolesAllowed({ "Echoer", "Subscriber" })
+    @RolesAllowed({ "User", "Admin" })
     @Produces(MediaType.TEXT_PLAIN)
     public String helloRolesAllowed(@Context SecurityContext ctx) {
-        Principal caller = ctx.getUserPrincipal();
-        String name = caller == null ? "anonymous" : caller.getName();
-        boolean hasJWT = jwt.getClaimNames() != null;
-        String helloReply = String.format("hello + %s, isSecure: %s, authScheme: %s, hasJWT: %s", name, ctx.isSecure(),
-                ctx.getAuthenticationScheme(), hasJWT);
-        return helloReply;
-    }
-
-    @GET()
-    @Path("deny-all")
-    @DenyAll
-    @Produces(MediaType.TEXT_PLAIN)
-    public String helloShouldDeny(@Context SecurityContext ctx) {
-        Principal caller = ctx.getUserPrincipal();
-        String name = caller == null ? "anonymous" : caller.getName();
-        return "hello + " + name;
+    	return getResponseString(ctx) + ", birthdate: " + jwt.getClaim("birthdate").toString();
     }
-
+    
     @GET
-    @Path("winners")
+    @Path("roles-allowed-admin")
+    @RolesAllowed("Admin")
     @Produces(MediaType.TEXT_PLAIN)
-    @RolesAllowed("Subscriber")
-    public String winners() {
-        int remaining = 6;
-        ArrayList<Integer> numbers = new ArrayList<>();
-
-        // If the JWT contains a birthdate claim, use the day of the month as a pick
-        if (jwt.containsClaim(Claims.birthdate.name())) {
-            String bdayString = jwt.getClaim(Claims.birthdate.name());
-            LocalDate bday = LocalDate.parse(bdayString);
-            numbers.add(bday.getDayOfMonth());
-            remaining--;
-        }
-        // Fill remaining picks with random numbers
-        while (remaining > 0) {
-            int pick = (int) Math.rint(64 * Math.random() + 1);
-            numbers.add(pick);
-            remaining--;
-        }
-        return numbers.toString();
+    public String helloRolesAllowedAdmin(@Context SecurityContext ctx) {
+    	return getResponseString(ctx) + ", birthdate: " + birthdate;
     }
 
     @GET
-    @Path("winners2")
+    @Path("deny-all")
+    @DenyAll
     @Produces(MediaType.TEXT_PLAIN)
-    @RolesAllowed("Subscriber")
-    public String winners2() {
-        int remaining = 6;
-        ArrayList<Integer> numbers = new ArrayList<>();
+    public String helloShouldDeny(@Context SecurityContext ctx) {
+        throw new InternalServerErrorException("This method must not be invoked");
+    }
 
-        // If the JWT contains a birthdate claim, use the day of the month as a pick
-        if (birthdate.isPresent()) {
-            String bdayString = birthdate.get().getString();
-            LocalDate bday = LocalDate.parse(bdayString);
-            numbers.add(bday.getDayOfMonth());
-            remaining--;
+    private String getResponseString(SecurityContext ctx) {
+    	String name;
+        if (ctx.getUserPrincipal() == null) {
+            name = "anonymous";
+        } else if (!ctx.getUserPrincipal().getName().equals(jwt.getName())) {
+            throw new InternalServerErrorException("Principal and JsonWebToken names do not match");
+        } else {
+            name = ctx.getUserPrincipal().getName();
         }
-        // Fill remaining picks with random numbers
-        while (remaining > 0) {
-            int pick = (int) Math.rint(64 * Math.random() + 1);
-            numbers.add(pick);
-            remaining--;
-        }
-        return numbers.toString();
+        return String.format("hello + %s,"
+        		+ " isHttps: %s,"
+        		+ " authScheme: %s,"
+        		+ " hasJWT: %s",
+        		name, ctx.isSecure(), ctx.getAuthenticationScheme(), hasJwt());
     }
 
-    /**
-     * Illustrate the same functionality as the winners endpoint using a sub-resource that has injected JsonWebToken and
-     * 
-     * @Claim values using the {@linkplain CDI#current()} API.
-     *
-     * @return LottoNumbersResource
-     */
-    @Path("/lotto")
-    public LottoNumbersResource lotto() {
-        return resourceContext.getResource(LottoNumbersResource.class);
-    }
+	private boolean hasJwt() {
+		return jwt.getClaimNames() != null;
+	}
 }