Merge pull request quarkusio#850 from gsmet/security-jwt-fixes

Security JWT quickstart fixes

security-jwt-quickstart/src/main/java/org/acme/security/jwt/TokenSecuredResource.java

@@ -26,30 +26,29 @@ public class TokenSecuredResource {
     @Inject
     @Claim(standard = Claims.birthdate)
     String birthdate;
-
 
     @GET
     @Path("permit-all")
     @PermitAll
     @Produces(MediaType.TEXT_PLAIN)
     public String hello(@Context SecurityContext ctx) {
-    	return getResponseString(ctx);
+        return getResponseString(ctx);
     }
 
     @GET
     @Path("roles-allowed")
     @RolesAllowed({ "User", "Admin" })
     @Produces(MediaType.TEXT_PLAIN)
     public String helloRolesAllowed(@Context SecurityContext ctx) {
-    	return getResponseString(ctx) + ", birthdate: " + jwt.getClaim("birthdate").toString();
+        return getResponseString(ctx) + ", birthdate: " + jwt.getClaim("birthdate").toString();
     }
-    
+
     @GET
     @Path("roles-allowed-admin")
     @RolesAllowed("Admin")
     @Produces(MediaType.TEXT_PLAIN)
     public String helloRolesAllowedAdmin(@Context SecurityContext ctx) {
-    	return getResponseString(ctx) + ", birthdate: " + birthdate;
+        return getResponseString(ctx) + ", birthdate: " + birthdate;
     }
 
     @GET
@@ -61,7 +60,7 @@ public String helloShouldDeny(@Context SecurityContext ctx) {
     }
 
     private String getResponseString(SecurityContext ctx) {
-    	String name;
+        String name;
         if (ctx.getUserPrincipal() == null) {
             name = "anonymous";
         } else if (!ctx.getUserPrincipal().getName().equals(jwt.getName())) {
@@ -70,13 +69,13 @@ private String getResponseString(SecurityContext ctx) {
             name = ctx.getUserPrincipal().getName();
         }
         return String.format("hello + %s,"
-        		+ " isHttps: %s,"
-        		+ " authScheme: %s,"
-        		+ " hasJWT: %s",
-        		name, ctx.isSecure(), ctx.getAuthenticationScheme(), hasJwt());
+                + " isHttps: %s,"
+                + " authScheme: %s,"
+                + " hasJWT: %s",
+                name, ctx.isSecure(), ctx.getAuthenticationScheme(), hasJwt());
     }
 
-	private boolean hasJwt() {
-		return jwt.getClaimNames() != null;
-	}
+    private boolean hasJwt() {
+        return jwt.getClaimNames() != null;
+    }
 }

security-jwt-quickstart/src/main/resources/application.properties

@@ -1,6 +1,9 @@
 # Public verification key
-mp.jwt.verify.publickey.location=META-INF/resources/publicKey.pem
+mp.jwt.verify.publickey.location=publicKey.pem
+quarkus.native.resources.includes=publicKey.pem
+
 # Required issuer
 mp.jwt.verify.issuer=https://example.com/issuer
+
 # Private signing key
 smallrye.jwt.sign.key.location=privateKey.pem

security-jwt-quickstart/src/test/java/org/acme/security/jwt/GenerateToken.java

@@ -15,11 +15,11 @@ public class GenerateToken {
      * Generate JWT token
      */
     public static void main(String[] args) {
-    	String token = Jwt.issuer("https://example.com/issuer")
-    	   .upn("jdoe@quarkus.io")
-    	   .groups(new HashSet<>(Arrays.asList("User", "Admin")))
-    	   .claim(Claims.birthdate.name(), "2001-07-13")
-    	   .sign();
+        String token = Jwt.issuer("https://example.com/issuer")
+                .upn("jdoe@quarkus.io")
+                .groups(new HashSet<>(Arrays.asList("User", "Admin")))
+                .claim(Claims.birthdate.name(), "2001-07-13")
+                .sign();
         System.out.println(token);
     }
 }

security-jwt-quickstart/src/test/java/org/acme/security/jwt/TokenSecuredResourceTest.java

@@ -41,9 +41,10 @@ public void testHelloRolesAllowedUser() {
 
         response.then()
                 .statusCode(200)
-                .body(containsString("hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
+                .body(containsString(
+                        "hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
     }
-    
+
     @Test
     public void testHelloRolesAllowedAdminOnlyWithUserRole() {
         Response response = given().auth()
@@ -53,7 +54,7 @@ public void testHelloRolesAllowedAdminOnlyWithUserRole() {
 
         response.then().statusCode(403);
     }
-    
+
     @Test
     public void testHelloRolesAllowedAdmin() {
         Response response = given().auth()
@@ -63,9 +64,10 @@ public void testHelloRolesAllowedAdmin() {
 
         response.then()
                 .statusCode(200)
-                .body(containsString("hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
+                .body(containsString(
+                        "hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
     }
-    
+
     @Test
     public void testHelloRolesAllowedAdminOnlyWithAdminRole() {
         Response response = given().auth()
@@ -75,9 +77,10 @@ public void testHelloRolesAllowedAdminOnlyWithAdminRole() {
 
         response.then()
                 .statusCode(200)
-                .body(containsString("hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
+                .body(containsString(
+                        "hello + jdoe@quarkus.io, isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13"));
     }
-    
+
     @Test
     public void testHelloRolesAllowedExpiredToken() {
         Response response = given().auth()
@@ -87,7 +90,7 @@ public void testHelloRolesAllowedExpiredToken() {
 
         response.then().statusCode(401);
     }
-    
+
     @Test
     public void testHelloRolesAllowedModifiedToken() {
         Response response = given().auth()
@@ -97,7 +100,7 @@ public void testHelloRolesAllowedModifiedToken() {
 
         response.then().statusCode(401);
     }
-    
+
     @Test
     public void testHelloRolesAllowedWrongIssuer() {
         Response response = given().auth()
@@ -117,36 +120,36 @@ public void testHelloDenyAll() {
 
         response.then().statusCode(403);
     }
-    
+
     static String generateValidUserToken() {
         return Jwt.upn("jdoe@quarkus.io")
-        		   .issuer("https://example.com/issuer")
-        		   .groups("User")
-        		   .claim(Claims.birthdate.name(), "2001-07-13")
-        		   .sign();
+                .issuer("https://example.com/issuer")
+                .groups("User")
+                .claim(Claims.birthdate.name(), "2001-07-13")
+                .sign();
     }
-    
+
     static String generateValidAdminToken() {
         return Jwt.upn("jdoe@quarkus.io")
-        		   .issuer("https://example.com/issuer")
-        		   .groups("Admin")
-        		   .claim(Claims.birthdate.name(), "2001-07-13")
-        		   .sign();
+                .issuer("https://example.com/issuer")
+                .groups("Admin")
+                .claim(Claims.birthdate.name(), "2001-07-13")
+                .sign();
     }
-    
+
     static String generateExpiredToken() {
         return Jwt.upn("jdoe@quarkus.io")
-        		   .issuer("https://example.com/issuer")
-        		   .groups(new HashSet<>(Arrays.asList("User", "Admin")))
-        		   .expiresAt(Instant.now().minusSeconds(10))
-        		   .sign();
+                .issuer("https://example.com/issuer")
+                .groups(new HashSet<>(Arrays.asList("User", "Admin")))
+                .expiresAt(Instant.now().minusSeconds(10))
+                .sign();
     }
-    
+
     static String generateWrongIssuerToken() {
         return Jwt.upn("jdoe@quarkus.io")
-        		   .issuer("https://wrong-issuer")
-        		   .groups(new HashSet<>(Arrays.asList("User", "Admin")))
-        		   .expiresAt(Instant.now().minusSeconds(10))
-        		   .sign();
+                .issuer("https://wrong-issuer")
+                .groups(new HashSet<>(Arrays.asList("User", "Admin")))
+                .expiresAt(Instant.now().minusSeconds(10))
+                .sign();
     }
 }