Commit Graph

64 Commits

Author SHA1 Message Date
TK-one 6fe3759d64
Fixed Javadoc and comment typos
Fixes: #294
2021-07-20 10:51:56 -04:00
Brian Demers 6b2843bded Fix name of tests in DefaultJwtParserBuilder
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-07-09 17:08:56 -04:00
Brian Demers 04762e4d4e Add and cleanup tests based on review feedback
* Add tests to verify the DefaultJwtParserBuilder will correctly wrap Deserializer implementations
* Cleanup string handling in JwtDeserializerTest
2021-07-09 17:08:56 -04:00
Brian Demers 52b2ab13d1 Apply suggestions from code review
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-07-09 17:08:56 -04:00
Brian Demers 8a11a4ed18 Adds handling for common JSON parsing exceptions and wraps them in a `JwtException`
Move the parser error handling logic out of DefaultJwtParser into the new JwtDeserializer and wraps them with developer freiendly exceptions
Add check for common JSON parsing exceptions like stack overflow when parsing deeply nested (or malformed) JSON
2021-07-09 17:08:56 -04:00
Tomasz Zarna a4130dd1ec Remove unused import of java.util.Arrays in RsaSignatureValidator 2021-03-10 10:14:13 -05:00
Brian Demers 901048aeac Removes eager initialization of the CompressionCodecResolver in the JwtParserBuilder
This removes a potential service loader issue with OSGi runtimes.

Fixes: #578
2020-07-13 12:56:05 -04:00
Les Hazlewood 14b2f19b29 [maven-release-plugin] prepare for next development iteration 2020-06-11 15:50:09 -04:00
Les Hazlewood 274749373f [maven-release-plugin] prepare release 0.11.2 2020-06-11 15:50:00 -04:00
Les Hazlewood 26527bd43c Updated the pom snapshot versions to prepare for the upcoming 0.11.2 release 2020-06-11 14:16:29 -04:00
Les Hazlewood 72973f9b9b
Argument validation for allowedClockSkewSeconds (#601)
* 583: ensured setting allowedClockSkewSeconds to be greater than (Long.MAX_VALUE / 1000) will throw an IllegalArgumentException.
2020-06-11 13:46:03 -04:00
Philipp Zormeier 2b00ed1819
Add DefaultJwtParser functionality to parse JWSs with empty body. (#540)
* Add DefaultJwtParser functionality to parse JWSs with empty body.

* Review Fix: Change allowEmptyBody(boolean) to requirePayload(boolean). Set payloadRequired true for each require*() method in JwtParser and JwtParserBuilder.

* Add missing ImmutableJwtParserTest.

* Review changes: Moving to solution without payload requirement flag.

* Review changes: Allow empty Jwt payload

* Remove unused imports

Co-authored-by: Philipp Zormeier <philipp.zormeier@thoughtworks.com>
2020-06-08 14:07:10 -04:00
Carsten Ziegeler 403e1895e3
Attach implementation bundles as fragments to the API bundle to make them visible to the API bundle. This fixes jwtk#578 (jwtk#578) (#580) 2020-04-27 17:40:02 -04:00
Les Hazlewood 5616ba769a [maven-release-plugin] prepare for next development iteration 2020-03-12 16:59:12 -04:00
Les Hazlewood c09deaa5f3 [maven-release-plugin] prepare release 0.11.1 2020-03-12 16:59:05 -04:00
Les Hazlewood c563365b97 Prepping for the 0.11.0 --> 0.11.1 release 2020-03-12 16:56:17 -04:00
Brian Demers 9e65ab7be0 Services now checks the contextClassLoader, Services.class.classLoader, and the system classloader
Fixes: #568
2020-03-12 15:43:37 -04:00
Les Hazlewood 23743f5a59 [maven-release-plugin] prepare for next development iteration 2020-02-05 12:29:05 -08:00
Les Hazlewood 3cd48fade7 [maven-release-plugin] prepare release 0.11.0 2020-02-05 12:28:58 -08:00
Les Hazlewood c38f4af239
Ensured DeflateCompressionCodec could fallback to <= 0.10.6 implementation if encountering an IOException. This allows compressed JWTs created before 0.10.7 to still work. Fixes #536 (#556) (#557) 2020-02-04 14:29:16 -08:00
Les Hazlewood 950e6fbcc7
cherry-pick 4821395c06b0786e19b1a3153be65f39a2a524d9: Ensured SignatureAlgorithm `PS256`, `PS384`, and `PS512` worked properly on JDK 11 and later without requiring BouncyCastle. (#555) 2020-02-04 00:10:39 -08:00
Brian Demers 2fd3f06b7b
Update SignatureValidator to use MessageDigest (#548) 2020-01-27 14:20:21 -05:00
Micah Silverman dacdb2ce25
relocated Service.java to impl module (along with tests). (#529) 2019-10-27 17:13:49 -04:00
Brian Demers 7037d64d24 Reduce scope of Service Loader work to CompressionCodecs and JsonSerializers
Fixes: #458
2019-10-23 09:14:08 -07:00
Jaap Coomans ef32a1386d Use ServiceLoader instead of reflection to resolve implementation classes.
By using ServiceLoader the hardcoded dependency of implementation classes becomes obsolete, so that the API will be truly independent from the implementation. Also this approach paves the way for migration to JPMS modules, as these also leverage the ServiceLoader API.

Use ServiceLoader instead of reflection to resolve CompressionCodec implementation classes.

Isolate key- and key-pair generators and use ServiceLoader instead of reflection to invert dependencies.

Move FactoryLoader logic to Services class and improve package layout.

Resolve Deserializer using the ServiceLoader instead of reflection and hardcoded reference.

Resolve Serializer using the ServiceLoader instead of reflection and hardcoded reference.
2019-10-23 09:13:58 -07:00
Brian Demers ebdb4426f6
Update version to 0.11.0-SNAPSHOT (#506)
via: `mvn versions:set -DnewVersion=0.11.0-SNAPSHOT -DgenerateBackupPoms=false`
2019-10-03 12:09:48 -04:00
Brian Demers 7eb9c514b0
Fixes test error caused by groovy type coercion (#509)
* Fixes test error caused by groovy type coercion

A long was being treated as a float

* Fixes test error caused by groovy type coercion

A long was being treated as a float
2019-10-03 12:09:23 -04:00
Brian Demers 94d151129d
Add JwtParserBuilder as the preferred way to create a JwtParser instance (#486)
- Added new JwtParserBuilder
- Copied mutator methods from JwtParser into new JwtParserBuilder
- Marked said methods as deprecated in JwtParser
- Copied JwtParserTest and JwtsTest to Deprecated*, as to retain coverage on methods that will be removed in 1.0
- Added ImmutableJwtParser
  This is a stop gap until 1.0, all of the mutable methods will now throw a IllegalStateException.
  NOTE: this only comes into place when using the new Jwts.parserBuilder(), Jwts.parser() is unchanged.

Fixes: #473
2019-10-01 12:03:20 -04:00
Brian Demers 7090bf39c3
Add support for custom type deserialization with Jackson (#495)
- Adds new constructor JacksonDeserializer(Map<String, Class> claimTypeMap), which will enable later calls Claims.get("key", CustomType.class) to work as expectd
 - Adds new Maps utility class to make map creation fluent

Fixes: #369
2019-09-30 17:24:57 -04:00
Brian Demers 6e74be0b8d
Fix split package issue in extensions/jackson and extensions/orgjson (#488)
* Fix split package issue in extensions/jackson and extensions/orgjson

This moves the implementation specific classes:
- `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*`
- `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*`

* Add Backwards Compatibility Warning to CHANGELOG
* Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp)

Fixes: #399
2019-09-27 17:11:19 -04:00
Brian Demers 5339faf87f
Add license-maven-plugin to mange headers
and apply missing headers

usage:
# validate license headers exist
mvn license:check

# apply headers (to files without headers)
mvn license:format
2019-09-17 16:19:07 -04:00
Les Hazlewood ff8a6bfe58
Merge pull request #414 from patton73/master
Added Gson serialization/deserialization Extension
2019-07-17 22:13:58 -04:00
patton73 73f7f9915b Fixes for reviews. Hope i did not forget something. 2019-07-17 22:51:18 +02:00
patton73 2bb8e4d02e Fixes for reviews. Hope i did not forget something. 2019-07-17 22:46:18 +02:00
Andrea Paternesi e3a172b93d Fix to pom file. 2019-07-16 16:41:58 +02:00
Andrea Paternesi 222032a208 Final fix. Typo fixes. And test coverage. 2019-07-16 16:36:12 +02:00
Andrea Paternesi 134f25b536 Fix locator paths and added tests. 2019-07-16 16:19:13 +02:00
patton73 fd52e0ffc2 Merge remote-tracking branch 'upstream/master' 2019-07-15 20:51:57 +02:00
Paul Polishchuk dd638c2b3a JwtBuilder.setClaims() now accepts `Map<String, ?> claims`
This would allow to pass `Map<String,String>`
2019-07-15 10:46:02 +03:00
Les Hazlewood caa7b0e942 [maven-release-plugin] prepare for next development iteration 2019-07-11 20:12:25 -04:00
Les Hazlewood b292b891ca [maven-release-plugin] prepare release 0.10.7 2019-07-11 20:12:20 -04:00
patton73 9bf487f0b7 Updated RuntimeClasspath Serializer/Deserializer 2019-06-21 19:55:05 +02:00
Les Hazlewood af72fabbf3 Refactored DeflateCompressionCodec to eliminate memory leak. Refactored GzipCompressionCodec and AbstractCompressionCodec to utilize consistent logic across compression algorithms. Resolves #392. 2019-03-10 12:01:37 -04:00
Francois JACQUES 1b5b89304a Fixes #397 : avoid dependency side effect to affect choice of json serializer/deserializer. 2019-03-10 11:59:31 -04:00
Les Hazlewood 70e6845b82 Ensure version is 0.10.7-SNAPSHOT to prep for the next release. 2019-03-10 11:59:31 -04:00
Micah Silverman af73a02786 [maven-release-plugin] prepare for next development iteration 2019-02-25 13:33:47 -05:00
Micah Silverman d29d6da989 [maven-release-plugin] prepare release jjwt-root-0.10.6 2019-02-25 13:33:39 -05:00
Les Hazlewood bcfc0655e4 [maven-release-plugin] prepare for next development iteration 2018-08-13 20:28:38 -04:00
Les Hazlewood 2ceae3bc37 [maven-release-plugin] prepare release 0.10.3 2018-08-13 20:28:32 -04:00
Les Hazlewood 85d8920d79 Ensured symmetric logic between the Keys and SignatureAlgorithm helper methods for hmac key lengths.
Updated Android dependencies and ProGuard exclusion definitions
Updating docs to reflect 0.10.3 release
Resolves #381, #382
2018-08-13 20:26:14 -04:00