From d9649819c12c66c75b17f0a45f193177927e92e0 Mon Sep 17 00:00:00 2001
From: jcote <jcote@stingray.com>
Date: Wed, 23 Feb 2022 15:15:06 -0500
Subject: [PATCH] Fix sonarqube warnings / code smells from the generated code.
---
.../securityApiUtils.mustache | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
.../app/openapitools/SecurityAPIUtils.java | 29 ++++++++++---------
13 files changed, 208 insertions(+), 169 deletions(-)
diff --git a/modules/openapi-generator/src/main/resources/JavaPlayFramework/securityApiUtils.mustache b/modules/openapi-generator/src/main/resources/JavaPlayFramework/securityApiUtils.mustache
index ebbb7c0cd23..4e0fa109125 100644
--- a/modules/openapi-generator/src/main/resources/JavaPlayFramework/securityApiUtils.mustache
+++ b/modules/openapi-generator/src/main/resources/JavaPlayFramework/securityApiUtils.mustache
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -67,12 +68,13 @@ public class SecurityAPIUtils {
{{/hasOAuthMethods}}
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -86,9 +88,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -102,7 +104,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -118,8 +120,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -136,7 +139,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -148,7 +151,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -168,6 +171,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-async/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-async/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-async/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-async/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-controller-only/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-controller-only/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-controller-only/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-controller-only/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-fake-endpoints-with-security/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-fake-endpoints-with-security/app/openapitools/SecurityAPIUtils.java
index 6e3cdc69b8d..59eb09ed43d 100644
--- a/samples/server/petstore/java-play-framework-fake-endpoints-with-security/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-fake-endpoints-with-security/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_token", "https://keycloak-dev.business.stingray.com/auth/realms/CSLocal/protocol/openid-connect/certs");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-fake-endpoints/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-fake-endpoints/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-fake-endpoints/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-bean-validation/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-bean-validation/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-bean-validation/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-exception-handling/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-exception-handling/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-exception-handling/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-interface/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-interface/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-interface/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-interface/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-nullable/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-nullable/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-nullable/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-nullable/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-swagger-ui/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-swagger-ui/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-swagger-ui/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework-no-wrap-calls/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework-no-wrap-calls/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework-no-wrap-calls/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
diff --git a/samples/server/petstore/java-play-framework/app/openapitools/SecurityAPIUtils.java b/samples/server/petstore/java-play-framework/app/openapitools/SecurityAPIUtils.java
index 854be87f65a..6ea699069b1 100644
--- a/samples/server/petstore/java-play-framework/app/openapitools/SecurityAPIUtils.java
+++ b/samples/server/petstore/java-play-framework/app/openapitools/SecurityAPIUtils.java
@@ -6,6 +6,7 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -32,18 +33,18 @@ import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
- private final String bearerPrefix = "Bearer ";
+ private static final String BEARER_PREFIX = "Bearer ";
private final ObjectMapper mapper;
- private boolean useOnlineValidation = false;
+ private static final boolean USE_ONLINE_VALIDATION = false;
// Online validation
- private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
+ private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
- private HashMap<String, String> jwksEndpoints = new HashMap<>();
+ private final HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@@ -59,12 +60,13 @@ public class SecurityAPIUtils {
jwksEndpoints.put("petstore_auth", "");
}
+ //This function is not currently used because we hardcode USE_ONLINE_VALIDATION to false but might in the future versions
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
- String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
+ String tokenWithoutBearerPrefix = authToken.get().substring(BEARER_PREFIX.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
@@ -78,9 +80,9 @@ public class SecurityAPIUtils {
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
- HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
+ JsonNode responseJsonObject = mapper.readTree(responseJsonString);
- return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
+ return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && responseJsonObject.get("active").asBoolean();
}
} catch (Exception exception) {
return false;
@@ -94,7 +96,7 @@ public class SecurityAPIUtils {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
@@ -110,8 +112,9 @@ public class SecurityAPIUtils {
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
- if (securityMethodName == null) {
- securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
+ Optional<String> optionalSecurityMethodName = jwksEndpoints.keySet().stream().findFirst();
+ if (securityMethodName == null && optionalSecurityMethodName.isPresent()) {
+ securityMethodName = optionalSecurityMethodName.get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
@@ -128,7 +131,7 @@ public class SecurityAPIUtils {
tokenKeyId = keyId;
}
- DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
+ tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
@@ -140,7 +143,7 @@ public class SecurityAPIUtils {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
- String bearerToken = authHeader.get().substring(bearerPrefix.length());
+ String bearerToken = authHeader.get().substring(BEARER_PREFIX.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
@@ -160,6 +163,6 @@ public class SecurityAPIUtils {
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
- return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
+ return USE_ONLINE_VALIDATION ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}
--
GitLab