honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

This commit is contained in:
patton73 2019-07-15 20:51:57 +02:00
parent 9bf487f0b7 17c3dcefd0
commit fd52e0ffc2
17 changed files with 290 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,64 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 60
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 7
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- help-wanted
- bug
- rfc-compliance
- "[Status] Maybe Later"
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: true
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Comment to post when marking as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale due to inactivity for 60 or more days.
It will be closed in 7 days if no further activity occurs.
# Comment to post when removing the stale label.
# unmarkComment: >
# Your comment here.
# Comment to post when closing a stale Issue or Pull Request.
closeComment: >
Closed due to inactivity.
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
# Limit to only `issues` or `pulls`
only: issues
# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
# pulls:
# daysUntilStale: 30
# markComment: >
# This pull request has been automatically marked as stale because it has not had
# recent activity. It will be closed if no further activity occurs. Thank you
# for your contributions.
# issues:
# exemptLabels:
# - confirmed

32
.travis.yml
View File

@ -3,21 +3,37 @@
#sudo: required
language: java
jdk:
- oraclejdk7
- openjdk7 # not really openjdk7 - we're just using this travis placeholder for our own Oracle JDK 7 installation
- oraclejdk8
- oraclejdk9
- oraclejdk10
- openjdk10
before_install:
- if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then export MAVEN_OPTS="-Dhttps.protocols=TLSv1.2 -Xmx512m -XX:MaxPermSize=128m"; fi
- if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then export JAVA_HOME="/usr/lib/jvm/java-7-oracle"; export PATH="${JAVA_HOME}/bin:${PATH}"; fi
- if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then test ! -d "${JAVA_HOME}" && (curl http://ftp.osuosl.org/pub/funtoo/distfiles/oracle-java/jdk-7u80-linux-x64.tar.gz | sudo tar xz -C /usr/lib/jvm; sudo mv /usr/lib/jvm/jdk1.7.0_80 "${JAVA_HOME}"); fi
- echo "TRAVIS_JDK_VERSION is ${TRAVIS_JDK_VERSION}"
- |
if [[ "${TRAVIS_JDK_VERSION}" == "openjdk7" ]]; then
export MAVEN_OPTS="-Dhttps.protocols=TLSv1.2 -Xmx512m -XX:MaxPermSize=128m"
export JAVA_HOME="/usr/lib/jvm/java-7-oracle" # Set JAVA_HOME to where we want to install Oracle JDK 7
export PATH="${JAVA_HOME}/bin:${PATH}"
if [[ ! -d "${JAVA_HOME}" ]]; then
# Download and install Oracle JDK 7:
wget https://s3.amazonaws.com/d2fbee19-5fe2-425f-ae11-cd25b35dc99a/jdk-7u80-linux-x64.tar.gz -O /tmp/jdk-7u80-linux-x64.tar.gz
tar xvfz /tmp/jdk-7u80-linux-x64.tar.gz -C /tmp
sudo mv /tmp/jdk1.7.0_80 "${JAVA_HOME}"
fi
# Download and install JCE Unlimited Strength Crypto policies for Oracle JDK 7:
curl -q -L -C - https://238dj3282as03k369.s3-us-west-1.amazonaws.com/UnlimitedJCEPolicyJDK7.zip -o /tmp/UnlimitedJCEPolicyJDK7.zip
sudo unzip -oj -d "$JAVA_HOME/jre/lib/security" /tmp/UnlimitedJCEPolicyJDK7.zip \*/\*.jar
rm /tmp/UnlimitedJCEPolicyJDK7.zip
fi
# If on JDK 8, ensure build coverage assertions are run (we only need to run this on one JDK to reduce overall build times):
- export BUILD_COVERAGE="$([ $TRAVIS_JDK_VERSION == 'oraclejdk8' ] && echo 'true')"
install: true
script: mvn install
after_success:
script:
- mvn install
- test -z "$BUILD_COVERAGE" || { mvn clean clover:setup test && mvn -pl . clover:clover clover:check coveralls:report; }

21
CHANGELOG.md
View File

@ -1,5 +1,26 @@
## Release Notes
### 0.10.7
This patch release:
* Adds a new [Community section](https://github.com/jwtk/jjwt#community) in the documentation discussing asking
questions, using Slack and Gittr, and opening new issues and pull requests.
* Fixes a [memory leak](https://github.com/jwtk/jjwt/issues/392) found in the DEFLATE compression
codec implementation.
* Updates the Jackson dependency version to [2.9.9.1](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
to address three security vulnerabilities in Jackson:
[CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086),
[CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384), and
[CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814).
* Fixes a [bug](https://github.com/jwtk/jjwt/issues/397) when Jackson is in the classpath but the `jjwt-jackson` .jar is not.
* Fixes various documentation and typo fixes.
### 0.10.6
This patch release updates the jackson-databind version to 2.9.8 to address a critical security vulnerability in that
library.
### 0.10.5
This patch release fixed an Android `org.json` library compatibility [issue](https://github.com/jwtk/jjwt/issues/388).

117
README.md
View File

@ -1,5 +1,6 @@
[![Build Status](https://travis-ci.org/jwtk/jjwt.svg?branch=master)](https://travis-ci.org/jwtk/jjwt)
[![Coverage Status](https://coveralls.io/repos/github/jwtk/jjwt/badge.svg?branch=master)](https://coveralls.io/github/jwtk/jjwt?branch=master)
[![Gitter](https://badges.gitter.im/jwtk/jjwt.svg)](https://gitter.im/jwtk/jjwt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
## Java JWT: JSON Web Token for Java and Android
@ -17,13 +18,20 @@ and is supported and maintained by a [community](https://github.com/jwtk/jjwt/gr
[Okta](https://developer.okta.com/) is a complete authentication and user management API for developers.
We've also added some convenience extensions that are not part of the specification, such as JWT compression and claim
We've also added some convenience extensions that are not part of the specification, such as JWS compression and claim
enforcement.
## Table of Contents
* [Features](#features)
* [Currently Unsupported Features](#features-unsupported)
* [Community](#community)
* [Getting Help](#help)
* [Questions](#help-questions)
* [Bugs and Feature Requests](#help-issues)
* [Contributing](#contributing)
* [Pull Requests](#contributing-pull-requests)
* [Help Wanted](#contributing-help-wanted)
* [What is a JSON Web Token?](#overview)
* [Installation](#install)
* [JDK Projects](#install-jdk)
@ -110,6 +118,79 @@ enforcement.
These features will be implemented in a future release. Community contributions are welcome!
<a name="community"></a>
## Community
<a name="help"></a>
### Getting Help
If you have trouble using JJWT, please first read the documentation on this page before asking questions. We try
very hard to ensure JJWT's documentation is robust, categorized with a table of contents, and up to date for each release.
<a name="help-questions"></a>
#### Questions
If the documentation or the API JavaDoc isn't sufficient, and you either have usability questions or are confused
about something, please [ask your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false).
After asking your question, you may wish to join our [Slack](https://jwtk.slack.com/messages/CBNACTN3A) or
[Gittr](https://gitter.im/jwtk/jjwt) chat rooms, but note that they may not always be attended. You will usually
have a better chance of having your question answered by
[asking your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false).
If you believe you have found a bug or would like to suggest a feature enhancement, please create a new GitHub issue,
however:
**Please do not create a GitHub issue to ask a question.**
We use GitHub Issues to track actionable work that requires changes to JJWT's design and/or codebase. If you have a
usability question, instead please
[ask your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false), or try Slack or Gittr as
described above.
**If a GitHub Issue is created that does not represent actionable work for JJWT's codebase, it will be promptly closed.**
<a name="help-issues"></a>
#### Bugs and Feature Requests
If you do not have a usability question and believe you have a legitimate bug or feature request,
please do [create a new JJWT issue](https://github.com/jwtk/jjwt/issues/new).
If you feel like you'd like to help fix a bug or implement the new feature yourself, please read the Contributing
section next before starting any work.
<a name="contributing"></a>
### Contributing
<a name="contributing-pull-requests"></a>
#### Pull Requests
Simple Pull Requests that fix anything other than JJWT core code (documentation, JavaDoc, typos, test cases, etc) are
always appreciated and have a high likelihood of being merged quickly. Please send them!
However, if you want or feel the need to change JJWT's functionality or core code, please do not issue a pull request
without [creating a new JJWT issue](https://github.com/jwtk/jjwt/issues/new) and discussing your desired
changes **first**, _before you start working on it_.
It would be a shame to reject your earnest and genuinely appreciated pull request if it might not not align with the
project's goals, design expectations or planned functionality. We've sadly had to reject large PRs in the past because
they were out of sync with project or design expectations - all because the PR author didn't first check in with
the team first before working on a solution.
So, please [create a new JJWT issue](https://github.com/jwtk/jjwt/issues/new) first to discuss, and then we can see if
(or how) a PR is warranted. Thank you!
<a name="contributing-help-wanted"></a>
#### Help Wanted
If you would like to help, but don't know where to start, please visit the
[Help Wanted Issues](https://github.com/jwtk/jjwt/labels/help%20wanted) page and pick any of the
ones there, and we'll be happy to discuss and answer questions in the issue comments.
If any of those don't appeal to you, no worries! Any help you would like to offer would be
appreciated based on the above caveats concerning [contributing pull reqeuests](#contributing-pull-requests). Feel free
to discuss or ask questions first if you're not sure. :)
<a name="overview"></a>
## What is a JSON Web Token?
@ -179,18 +260,18 @@ If you're building a (non-Android) JDK project, you will want to define the foll
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.10.5</version>
<version>0.10.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.10.5</version>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.5</version>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<!-- Uncomment this next dependency if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
@ -209,11 +290,11 @@ If you're building a (non-Android) JDK project, you will want to define the foll
```groovy
dependencies {
compile 'io.jsonwebtoken:jjwt-api:0.10.5'
runtime 'io.jsonwebtoken:jjwt-impl:0.10.5',
compile 'io.jsonwebtoken:jjwt-api:0.10.7'
runtime 'io.jsonwebtoken:jjwt-impl:0.10.7',
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
//'org.bouncycastle:bcprov-jdk15on:1.60',
'io.jsonwebtoken:jjwt-jackson:0.10.5'
'io.jsonwebtoken:jjwt-jackson:0.10.7'
}
```
@ -229,9 +310,9 @@ Add the dependencies to your project:
```groovy
dependencies {
api 'io.jsonwebtoken:jjwt-api:0.10.5'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.5'
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:0.10.5') {
api 'io.jsonwebtoken:jjwt-api:0.10.7'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.7'
runtimeOnly('io.jsonwebtoken:jjwt-orgjson:0.10.7') {
exclude group: 'org.json', module: 'json' //provided by Android natively
}
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
@ -580,18 +661,18 @@ A JWT Header provides metadata about the contents, format and cryptographic oper
If you need to set one or more JWT header parameters, such as the `kid`
[(Key ID) header parameter](https://tools.ietf.org/html/rfc7515#section-4.1.4), you can simply call
`JwtBuilder` `setHeaderParameter` one or more times as needed:
`JwtBuilder` `setHeaderParam` one or more times as needed:
```java
String jws = Jwts.builder()
.setHeaderParameter("kid", "myKeyId")
.setHeaderParam("kid", "myKeyId")
// ... etc ...
```
Each time `setHeaderParameter` is called, it simply appends the key-value pair to an internal `Header` instance,
Each time `setHeaderParam` is called, it simply appends the key-value pair to an internal `Header` instance,
potentially overwriting any existing identically-named key/value pair.
**NOTE**: You do not need to set the `alg` or `zip` header parameters as JJWT will set them automatically
@ -767,7 +848,7 @@ For example, if you call `signWith` with a `SecretKey` that is 256 bits (32 byte
When using `signWith` JJWT will also automatically set the required `alg` header with the associated algorithm
identifier.
Similarly, if you called `signWith` with an RSA `PrivateKey` that was 4096 bits long, JJWT will use the `R512`
Similarly, if you called `signWith` with an RSA `PrivateKey` that was 4096 bits long, JJWT will use the `RS512`
algorithm and automatically set the `alg` header to `RS512`.
The same selection logic applies for Elliptic Curve `PrivateKey`s.
@ -819,8 +900,8 @@ You read (parse) a JWS as follows:
4. The entire call is wrapped in a try/catch block in case parsing or signature validation fails. We'll cover
exceptions and causes for failure later.
<sup>1. If you don't which key to use at the time of parsing, you can look up the key using a `SigningKeyResolver`
which we'll cover later.</sup>
<sup>1. If you don't know which key to use at the time of parsing, you can look up the key using a `SigningKeyResolver`
which [we'll cover later](#jws-read-key-resolver).</sup>
For example:
@ -1192,7 +1273,7 @@ scope which is the typical JJWT default). That is:
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.5</version>
<version>0.10.7</version>
<scope>compile</scope> <!-- Not runtime -->
</dependency>
```
@ -1201,7 +1282,7 @@ scope which is the typical JJWT default). That is:
```groovy
dependencies {
compile 'io.jsonwebtoken:jjwt-jackson:0.10.5'
compile 'io.jsonwebtoken:jjwt-jackson:0.10.7'
}
```

2
api/pom.xml
View File

@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

2
extensions/jackson/pom.xml
View File

@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

2
extensions/orgjson/pom.xml
View File

@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

2
extensions/pom.xml
View File

@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

2
impl/pom.xml
View File

@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>

42
impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionCodec.java
View File

@ -18,8 +18,12 @@ package io.jsonwebtoken.impl.compression;
import io.jsonwebtoken.CompressionCodec;
import io.jsonwebtoken.CompressionException;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Objects;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* Abstract class that asserts arguments and wraps IOException with CompressionException.
@ -28,6 +32,44 @@ import java.io.IOException;
*/
public abstract class AbstractCompressionCodec implements CompressionCodec {
//package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
//TODO: make protected on a minor release
interface StreamWrapper {
OutputStream wrap(OutputStream out) throws IOException;
}
//package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
//TODO: make protected on a minor release
byte[] readAndClose(InputStream input) throws IOException {
byte[] buffer = new byte[512];
ByteArrayOutputStream out = new ByteArrayOutputStream(buffer.length);
int read;
try {
read = input.read(buffer); //assignment separate from loop invariant check for code coverage checks
while (read != -1) {
out.write(buffer, 0, read);
read = input.read(buffer);
}
} finally {
Objects.nullSafeClose(input);
}
return out.toByteArray();
}
//package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
//TODO: make protected on a minor release
byte[] writeAndClose(byte[] payload, StreamWrapper wrapper) throws IOException {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(512);
OutputStream compressionStream = wrapper.wrap(outputStream);
try {
compressionStream.write(payload);
compressionStream.flush();
} finally {
Objects.nullSafeClose(compressionStream);
}
return outputStream.toByteArray();
}
/**
* Implement this method to do the actual work of compressing the payload
*

48
impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionCodec.java
View File

@ -15,13 +15,11 @@
*/
package io.jsonwebtoken.impl.compression;
import io.jsonwebtoken.lang.Objects;
import java.io.ByteArrayOutputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.zip.Deflater;
import java.io.OutputStream;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.InflaterOutputStream;
import java.util.zip.InflaterInputStream;
/**
* Codec implementing the <a href="https://en.wikipedia.org/wiki/DEFLATE">deflate compression algorithm</a>.
@ -32,43 +30,25 @@ public class DeflateCompressionCodec extends AbstractCompressionCodec {
private static final String DEFLATE = "DEF";
private static final StreamWrapper WRAPPER = new StreamWrapper() {
@Override
public OutputStream wrap(OutputStream out) {
return new DeflaterOutputStream(out);
}
};
@Override
public String getAlgorithmName() {
return DEFLATE;
}
@Override
public byte[] doCompress(byte[] payload) throws IOException {
Deflater deflater = new Deflater(Deflater.BEST_COMPRESSION);
ByteArrayOutputStream outputStream = null;
DeflaterOutputStream deflaterOutputStream = null;
try {
outputStream = new ByteArrayOutputStream();
deflaterOutputStream = new DeflaterOutputStream(outputStream, deflater, true);
deflaterOutputStream.write(payload, 0, payload.length);
deflaterOutputStream.flush();
return outputStream.toByteArray();
} finally {
Objects.nullSafeClose(outputStream, deflaterOutputStream);
}
protected byte[] doCompress(byte[] payload) throws IOException {
return writeAndClose(payload, WRAPPER);
}
@Override
public byte[] doDecompress(byte[] compressed) throws IOException {
InflaterOutputStream inflaterOutputStream = null;
ByteArrayOutputStream decompressedOutputStream = null;
try {
decompressedOutputStream = new ByteArrayOutputStream();
inflaterOutputStream = new InflaterOutputStream(decompressedOutputStream);
inflaterOutputStream.write(compressed);
inflaterOutputStream.flush();
return decompressedOutputStream.toByteArray();
} finally {
Objects.nullSafeClose(decompressedOutputStream, inflaterOutputStream);
}
protected byte[] doDecompress(byte[] compressed) throws IOException {
return readAndClose(new InflaterInputStream(new ByteArrayInputStream(compressed)));
}
}

45
impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
View File

@ -16,11 +16,10 @@
package io.jsonwebtoken.impl.compression;
import io.jsonwebtoken.CompressionCodec;
import io.jsonwebtoken.lang.Objects;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
@ -33,43 +32,25 @@ public class GzipCompressionCodec extends AbstractCompressionCodec implements Co
private static final String GZIP = "GZIP";
private static final StreamWrapper WRAPPER = new StreamWrapper() {
@Override
public OutputStream wrap(OutputStream out) throws IOException {
return new GZIPOutputStream(out);
}
};
@Override
public String getAlgorithmName() {
return GZIP;
}
@Override
protected byte[] doDecompress(byte[] compressed) throws IOException {
byte[] buffer = new byte[512];
ByteArrayOutputStream outputStream = null;
GZIPInputStream gzipInputStream = null;
ByteArrayInputStream inputStream = null;
try {
inputStream = new ByteArrayInputStream(compressed);
gzipInputStream = new GZIPInputStream(inputStream);
outputStream = new ByteArrayOutputStream();
int read = gzipInputStream.read(buffer);
while (read != -1) {
outputStream.write(buffer, 0, read);
read = gzipInputStream.read(buffer);
}
return outputStream.toByteArray();
} finally {
Objects.nullSafeClose(inputStream, gzipInputStream, outputStream);
}
protected byte[] doCompress(byte[] payload) throws IOException {
return writeAndClose(payload, WRAPPER);
}
protected byte[] doCompress(byte[] payload) throws IOException {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
GZIPOutputStream compressorOutputStream = new GZIPOutputStream(outputStream, true);
try {
compressorOutputStream.write(payload, 0, payload.length);
compressorOutputStream.finish();
return outputStream.toByteArray();
} finally {
Objects.nullSafeClose(compressorOutputStream, outputStream);
}
@Override
protected byte[] doDecompress(byte[] compressed) throws IOException {
return readAndClose(new GZIPInputStream(new ByteArrayInputStream(compressed)));
}
}

4
impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java
View File

@ -30,9 +30,9 @@ public class RuntimeClasspathDeserializerLocator<T> implements InstanceLocator<D
@SuppressWarnings("WeakerAccess") //to allow testing override
protected Deserializer<T> locate() {
if (isAvailable("com.fasterxml.jackson.databind.ObjectMapper")) {
if (isAvailable("io.jsonwebtoken.io.JacksonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonDeserializer");
} else if (isAvailable("org.json.JSONObject")) {
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonDeserializer");
} else if (isAvailable("com.google.gson.GsonBuilder")) {
return Classes.newInstance("io.jsonwebtoken.io.GsonDeSerializer");

4
impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java
View File

@ -30,9 +30,9 @@ public class RuntimeClasspathSerializerLocator implements InstanceLocator<Serial
@SuppressWarnings("WeakerAccess") //to allow testing override
protected Serializer<Object> locate() {
if (isAvailable("com.fasterxml.jackson.databind.ObjectMapper")) {
if (isAvailable("io.jsonwebtoken.io.JacksonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonSerializer");
} else if (isAvailable("org.json.JSONObject")) {
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonSerializer");
} else if (isAvailable("com.google.gson.GsonBuilder")) {
return Classes.newInstance("io.jsonwebtoken.io.GsonSerializer");

2
impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy
View File

@ -86,7 +86,7 @@ class RuntimeClasspathDeserializerLocatorTest {
def locator = new RuntimeClasspathDeserializerLocator() {
@Override
protected boolean isAvailable(String fqcn) {
if (ObjectMapper.class.getName().equals(fqcn)) {
if (JacksonDeserializer.class.getName().equals(fqcn)) {
return false; //skip it to allow the OrgJson impl to be created
}
return super.isAvailable(fqcn)

3
impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy
View File

@ -1,6 +1,5 @@
package io.jsonwebtoken.impl.io
import com.fasterxml.jackson.databind.ObjectMapper
import io.jsonwebtoken.io.Serializer
import io.jsonwebtoken.io.JacksonSerializer
import io.jsonwebtoken.io.OrgJsonSerializer
@ -86,7 +85,7 @@ class RuntimeClasspathSerializerLocatorTest {
def locator = new RuntimeClasspathSerializerLocator() {
@Override
protected boolean isAvailable(String fqcn) {
if (ObjectMapper.class.getName().equals(fqcn)) {
if (JacksonSerializer.class.getName().equals(fqcn)) {
return false //skip it to allow the OrgJson impl to be created
}
return super.isAvailable(fqcn)

4
pom.xml
View File

@ -25,7 +25,7 @@
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.11.0-SNAPSHOT</version>
<version>0.10.8-SNAPSHOT</version>
<name>JJWT</name>
<description>JSON Web Token support for the JVM and Android</description>
<packaging>pom</packaging>
@ -88,7 +88,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
<jackson.version>2.9.6</jackson.version>
<jackson.version>2.9.9.1</jackson.version>
<orgjson.version>20180130</orgjson.version>
<!-- Optional Runtime Dependencies: -->