diff --git a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java index c3458e6..569b64b 100644 --- a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java +++ b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java @@ -1,6 +1,8 @@ package com.eactive.eai.adapter.http.dynamic.filter; import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport; +//import com.eactive.eai.authserver.vo.BearerTokenInfo; +//import com.eactive.eai.authserver.custom.BearerTokenService; import com.eactive.eai.authserver.service.OAuth2Manager; import com.eactive.eai.authserver.vo.ClientVO; import com.eactive.eai.common.message.EAIMessage; @@ -9,6 +11,7 @@ import com.eactive.eai.common.property.PropGroupVO; import com.eactive.eai.common.property.PropManager; import com.eactive.eai.common.stdmessage.STDMessageManager; import com.eactive.eai.common.util.Logger; +import com.eactive.eai.common.util.StringUtil; import com.eactive.eai.inbound.action.ActionFactory; import com.eactive.eai.inbound.action.RequestAction; import com.eactive.eai.inbound.processor.Processor; @@ -35,7 +38,9 @@ import java.text.ParseException; import java.util.Base64; import java.util.Date; import java.util.HashSet; +import java.util.Map; import java.util.Properties; +import java.util.concurrent.ConcurrentHashMap; public class ApiAuthFilter implements HttpAdapterFilter { static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER); @@ -52,7 +57,10 @@ public class ApiAuthFilter implements HttpAdapterFilter { private JWSVerifier jwsVerifier; - public ApiAuthFilter() { +// // CA 토큰 저장소 +// private final Map CATokenStore = new ConcurrentHashMap<>(); + + public ApiAuthFilter() { super(); PropGroupVO vo = PropManager.getInstance().getPropGroupVO(PROP_GROUP_AUTH_SERVER); @@ -94,6 +102,7 @@ public class ApiAuthFilter implements HttpAdapterFilter { */ StandardMessage standardMessage = STDMessageManager.getInstance().getSTDMessage(apiId); String eaiSvcCd = StandardMessageManager.getInstance().getMapper().getEaiSvcCode(standardMessage); + if(!StringUtils.equals(eaiSvcCd, prop.getProperty("API_SERVICE_CODE"))) eaiSvcCd = prop.getProperty("API_SERVICE_CODE"); EAIMessage eaiMessage = EAIMessageManager.getInstance().getEAIMessage(eaiSvcCd); if(StringUtils.isBlank(eaiMessage.getAuthType())){ @@ -106,7 +115,9 @@ public class ApiAuthFilter implements HttpAdapterFilter { String token = ApiAuthFilter.extractJWTToken(request); SignedJWT signedJWT = SignedJWT.parse(token); - if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) { + if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) { + logger.debug("Static Token"); + } else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) { throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired"); } @@ -133,6 +144,26 @@ public class ApiAuthFilter implements HttpAdapterFilter { throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); } break; +// case "bearer": +// try { +// String token = ApiAuthFilter.extractJWTToken(request); +// BearerTokenInfo CATokenInfo = CATokenStore.get(token); +// +// if (CATokenInfo == null) { +// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); +// } +// +// if (CATokenInfo.isExpired()) { +// throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired"); +// } +// } catch (JwtAuthException e) { +// logger.debug(e.getMessage()); +// throw e; +// } catch (Exception e) { +// logger.error(e.getMessage()); +// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); +// } +// break; case "api_key": String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key"); String apiKey = request.getHeader(apiKeyName); @@ -158,7 +189,7 @@ public class ApiAuthFilter implements HttpAdapterFilter { return message; } - private boolean verifyClientId(Properties prop, SignedJWT signedJWT) { + private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException { try { // 이전 filter에서 셋팅한 clientId 확보 String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID); @@ -176,6 +207,7 @@ public class ApiAuthFilter implements HttpAdapterFilter { } } catch (Exception e) { logger.error(e.getMessage()); + throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); } return true; @@ -227,8 +259,16 @@ public class ApiAuthFilter implements HttpAdapterFilter { if (scopeArr == null || scopeArr.length == 0) { return false; } + + String passScope = "oob,public"; + String[] passScopeArr = org.springframework.util.StringUtils.tokenizeToStringArray(passScope, ","); for (String scope : scopeArr) { + for (String pScope : passScopeArr) { + if ( StringUtils.equalsAny(scope, pScope)) { + return true; + } + } if (scopeSet.contains(scope)) { return true; } diff --git a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/JwtAuthFilter.java b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/JwtAuthFilter.java index 1de5a38..306f651 100644 --- a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/JwtAuthFilter.java +++ b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/JwtAuthFilter.java @@ -88,7 +88,9 @@ public class JwtAuthFilter implements HttpAdapterFilter { String token = JwtAuthFilter.extractJWTToken(request); SignedJWT signedJWT = SignedJWT.parse(token); - if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) { + if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) { + logger.debug("Static Token"); + } else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) { throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired"); } @@ -118,7 +120,7 @@ public class JwtAuthFilter implements HttpAdapterFilter { return message; } - private boolean verifyClientId(Properties prop, SignedJWT signedJWT) { + private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException { try { // 이전 filter에서 셋팅한 clientId 확보 String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID); @@ -136,6 +138,7 @@ public class JwtAuthFilter implements HttpAdapterFilter { } } catch (Exception e) { logger.error(e.getMessage()); + throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); } return true;