Removed feign client and using okHttp instead

This commit is contained in:
Sukalpo Mitra 2023-11-19 14:17:54 +08:00
parent b2b7dc2cb7
commit 65e2f3d007
5 changed files with 44 additions and 50 deletions

View File

@ -70,19 +70,9 @@
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-okhttp</artifactId>
<version>13.0</version>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-gson</artifactId>
<version>13.0</version>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-slf4j</artifactId>
<version>13.0</version>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.10.1</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>

View File

@ -1,10 +0,0 @@
package com.sismics.feign;
import com.sismics.feign.model.KeycloakCertKeys;
import feign.RequestLine;
public interface KeycloakClient {
@RequestLine("GET /protocol/openid-connect/certs")
KeycloakCertKeys getCert();
}

View File

@ -1,4 +1,4 @@
package com.sismics.feign.model;
package com.sismics.model;
import java.util.List;

View File

@ -1,4 +1,4 @@
package com.sismics.feign.model;
package com.sismics.model;
import java.util.List;

View File

@ -3,20 +3,21 @@ package com.sismics.util.filter;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.impl.JWTParser;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import java.io.IOException;
import java.io.Reader;
import java.util.Base64;
import com.google.gson.Gson;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.UserDao;
import com.sismics.docs.core.model.jpa.User;
import com.sismics.feign.KeycloakClient;
import feign.Feign;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger;
import com.sismics.model.KeycloakCertKeys;
import jakarta.servlet.http.HttpServletRequest;
import okhttp3.Request;
import okhttp3.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -39,6 +40,7 @@ import static java.util.Optional.ofNullable;
*/
public class JwtBasedSecurityFilter extends SecurityFilter {
private static final Logger log = LoggerFactory.getLogger(JwtBasedSecurityFilter.class);
private static final okhttp3.OkHttpClient client = new okhttp3.OkHttpClient();
/**
* Name of the header used to store the authentication token.
*/
@ -100,26 +102,38 @@ public class JwtBasedSecurityFilter extends SecurityFilter {
}
private RSAPublicKey getPublicKey(DecodedJWT jwt) {
KeycloakClient client = Feign.builder()
.client(new OkHttpClient())
.encoder(new GsonEncoder())
.decoder(new GsonDecoder())
.logLevel(feign.Logger.Level.BASIC)
.logger(new Slf4jLogger(KeycloakClient.class))
.target(KeycloakClient.class, jwt.getIssuer());
String publicKey = client.getCert().getKeys().stream().filter(k -> Objects.equals(k.getKid(), jwt.getKeyId()))
String jwtIssuer = jwt.getIssuer() + "/protocol/openid-connect/certs";
String publicKey = "";
RSAPublicKey rsaPublicKey = null;
Request request = new Request.Builder()
.url(jwtIssuer)
.get()
.build();
try (Response response = client.newCall(request).execute()) {
log.info("Successfully called the jwt issuer at: " + jwtIssuer + " - " + response.code());
assert response.body() != null;
if (response.isSuccessful()) {
try (Reader reader = response.body().charStream()) {
Gson gson = new Gson();
KeycloakCertKeys keys = gson.fromJson(reader, KeycloakCertKeys.class);
publicKey = keys.getKeys().stream().filter(k -> Objects.equals(k.getKid(), jwt.getKeyId()))
.findFirst()
.map(k -> k.getX5c().get(0))
.orElse("");
try {
log.info("Decoded public key - " + publicKey);
var decode = Base64.getDecoder().decode(publicKey);
var certificate = CertificateFactory.getInstance("X.509")
.generateCertificate(new ByteArrayInputStream(decode));
return (RSAPublicKey)certificate.getPublicKey();
} catch (CertificateException ex) {
return null;
rsaPublicKey = (RSAPublicKey)certificate.getPublicKey();
}
}
} catch (IOException e) {
log.error("Error calling the jwt issuer at: " + jwtIssuer, e);
} catch (CertificateException e) {
log.error("Error in getting the certificate: ", e);
}
return rsaPublicKey;
}
private JWTVerifier buildJWTVerifier(DecodedJWT jwt) throws CertificateException {
var algo = Algorithm.RSA256(getPublicKey(jwt), null);