- fix gestione token in richieste cross profile

2025-11-26 16:19:17 +01:00
parent c291db3e34
commit 46e47a9549
3 changed files with 42 additions and 16 deletions
--- a/ems-core/src/main/java/it/integry/security/jwt/AccessTokenProvider.java
+++ b/ems-core/src/main/java/it/integry/security/jwt/AccessTokenProvider.java
@@ -4,8 +4,10 @@ import io.jsonwebtoken.*;
 import io.jsonwebtoken.jackson.io.JacksonSerializer;
 import it.integry.ems.json.ResponseJSONObjectMapper;
 import it.integry.ems.settings.Model.SettingsModel;
+import it.integry.ems_model.utility.UtilityString;
 import it.integry.security.cache.SecretKeyCacheComponent;
 import it.integry.security.dto.AuthTokenDetails;
+import it.integry.security.utility.JWTUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.InitializingBean;
@@ -71,11 +73,7 @@ public class AccessTokenProvider implements InitializingBean {

    public UsernamePasswordAuthenticationToken getAuthentication(String profileDb, String token) {
        String dbName = settingsModel.getDbNameFromProfileDb(profileDb);
-        Claims claims = Jwts.parserBuilder()
-                .setSigningKey(this.secretKeyCacheComponent.getKey(dbName))
-                .build()
-                .parseClaimsJws(token)
-                .getBody();
+        Claims claims = JWTUtils.getTokenClaimsSigned(token, this.secretKeyCacheComponent.getKey(dbName));

        Collection<? extends GrantedAuthority> authorities =
                Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(","))
@@ -104,11 +102,7 @@ public class AccessTokenProvider implements InitializingBean {
        String dbName = settingsModel.getDbNameFromProfileDb(profileDb);

        try {
-            final Jws<Claims> claimsJws = Jwts
-                    .parserBuilder()
-                    .setSigningKey(this.secretKeyCacheComponent.getKey(dbName))
-                    .build()
-                    .parseClaimsJws(token);
+            final Claims claims = JWTUtils.getTokenClaimsSigned(token, this.secretKeyCacheComponent.getKey(dbName));
        } catch (MalformedJwtException mjex) {
            throw new RuntimeException("Token malformato: [" + token + "]", mjex);
        }
@@ -118,12 +112,8 @@ public class AccessTokenProvider implements InitializingBean {

    public Date getTokenExpiryFromJWT(String profileDb, String token) {
        String dbName = settingsModel.getDbNameFromProfileDb(profileDb);
-        Claims claims = Jwts
-                .parserBuilder()
-                .setSigningKey(this.secretKeyCacheComponent.getKey(dbName))
-                .build()
-                .parseClaimsJws(token)
-                .getBody();
+        final Claims claims = JWTUtils.getTokenClaimsSigned(token, this.secretKeyCacheComponent.getKey(dbName));
+

        return claims.getExpiration();
    }
--- a/ems-core/src/main/java/it/integry/security/jwt/JWTFilter.java
+++ b/ems-core/src/main/java/it/integry/security/jwt/JWTFilter.java
@@ -1,7 +1,9 @@
 package it.integry.security.jwt;

 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
 import it.integry.common.var.CommonConstants;
 import it.integry.ems._context.ApplicationContextProvider;
 import it.integry.ems.response.ServiceRestResponse;
@@ -10,6 +12,7 @@ import it.integry.ems.system.GlobalExceptionHandler;
 import it.integry.ems_model.entity.StbAuthToken;
 import it.integry.security.cache.JwtTokenCacheComponent;
 import it.integry.security.exception.InvalidTokenException;
+import it.integry.security.utility.JWTUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.security.access.AccessDeniedException;
@@ -27,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.LinkedHashMap;

 public class JWTFilter extends GenericFilterBean {
    public static final String AUTHORIZATION_HEADER = "Authorization";
@@ -58,6 +62,11 @@ public class JWTFilter extends GenericFilterBean {

        if (StringUtils.hasText(token)) {
            try {
+                final Claims tmpClaims = JWTUtils.getTokenClaimsUnsigned(token);
+                LinkedHashMap<?, ?> details = (LinkedHashMap<?, ?>) tmpClaims.get("details");
+                if (details != null && details.containsKey("profileDb")){
+                    profileDb = details.get("profileDb").toString();
+                }
                if (accessTokenProvider.validateToken(profileDb, token)) {

                    StbAuthToken stbAuthToken = tokenCache.getTokenByAccessToken(profileDb, token);
--- a/ems-core/src/main/java/it/integry/security/utility/JWTUtils.java
+++ b/ems-core/src/main/java/it/integry/security/utility/JWTUtils.java
@@ -0,0 +1,27 @@
+package it.integry.security.utility;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.Jwts;
+
+import javax.crypto.SecretKey;
+
+public class JWTUtils {
+    public static Claims getTokenClaimsUnsigned(String token) {
+        int lastDotIndex = token.lastIndexOf('.');
+        String withoutSignature = token.substring(0, lastDotIndex + 1);
+        return Jwts
+                .parserBuilder()
+                .build()
+                .parseClaimsJwt(withoutSignature)
+                .getBody();
+    }
+    public static Claims getTokenClaimsSigned(String token, SecretKey signingKey) {
+        return Jwts
+                .parserBuilder()
+                .setSigningKey(signingKey)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}