Merge pull request #277 from adorsys/update_jackson

bump jackson to 2.16.1, jjwt to 0.12.3

datasafe-encryption/datasafe-encryption-impl/pom.xml

@@ -98,29 +98,24 @@
  <type>test-jar</type>
  <scope>test</scope>
  </dependency>
- <!-- Avoiding declaring that in parent POM due to issues with Spring-->
  <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-databind</artifactId>
- <version>${jackson-databind.version}</version>
  <scope>test</scope>
  </dependency>
  <dependency>
  <groupId>com.fasterxml.jackson.dataformat</groupId>
  <artifactId>jackson-dataformat-yaml</artifactId>
- <version>${jackson.version}</version>
  <scope>test</scope>
  </dependency>
  <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-annotations</artifactId>
- <version>${jackson.version}</version>
  <scope>test</scope>
  </dependency>
  <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-core</artifactId>
- <version>${jackson.version}</version>
  <scope>test</scope>
  </dependency>
  </dependencies>

datasafe-rest-impl/pom.xml

@@ -15,11 +15,11 @@
  <properties>
  <spring-boot.version>3.1.2</spring-boot.version>
  <springfox-swagger.version>2.9.2</springfox-swagger.version>
- <jjwt.version>0.10.5</jjwt.version>
+ <jjwt.version>0.12.4</jjwt.version>
  <spring-restdocs.version>3.0.0</spring-restdocs.version>
  <asciidoctor-maven-plugin.version>2.2.4</asciidoctor-maven-plugin.version>
  <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
- <jakarta.validation-api.varsion>3.0.2</jakarta.validation-api.varsion>
+ <jakarta.validation-api.version>3.0.2</jakarta.validation-api.version>
  </properties>
 
  <dependencies>
@@ -59,11 +59,6 @@
  <artifactId>spring-boot-starter-web</artifactId>
  <version>${spring-boot.version}</version>
  </dependency>
- <dependency>
- <groupId>org.yaml</groupId>
- <artifactId>snakeyaml</artifactId>
- <version>2.1</version>
- </dependency>
  <dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-actuator</artifactId>
@@ -81,20 +76,11 @@
  <version>${spring-boot.version}</version>
  <optional>true</optional>
  </dependency>
+
  <dependency>
  <groupId>jakarta.validation</groupId>
  <artifactId>jakarta.validation-api</artifactId>
- <version>${jakarta.validation-api.varsion}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <version>${jackson-databind.version}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>${jackson.version}</version>
+ <version>${jakarta.validation-api.version}</version>
  </dependency>
  <dependency>
  <groupId>io.jsonwebtoken</groupId>

datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/JwtAuthorizationFilter.java

@@ -7,6 +7,7 @@
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -19,9 +20,9 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
+import javax.crypto.SecretKey;
 import java.io.IOException;
 import java.util.List;
-import java.util.stream.Collectors;
 
 @Slf4j
 public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
@@ -74,19 +75,20 @@ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest
 
  private UsernamePasswordAuthenticationToken tryAuthenticate(String token) {
  byte[] signingKey = securityProperties.getJwtSecret().getBytes();
+ SecretKey secret = Keys.hmacShaKeyFor(signingKey);
 
  Jws<Claims> parsedToken = Jwts.parser()
- .setSigningKey(signingKey)
- .parseClaimsJws(token.replace(SecurityConstants.TOKEN_PREFIX, ""));
+ .verifyWith(secret).build()
+ .parseSignedClaims(token.replace(SecurityConstants.TOKEN_PREFIX, ""));
 
  String username = parsedToken
- .getBody()
+ .getPayload()
  .getSubject();
 
- List<SimpleGrantedAuthority> authorities = ((List<?>) parsedToken.getBody()
+ List<SimpleGrantedAuthority> authorities = ((List<?>) parsedToken.getPayload()
  .get(SecurityConstants.ROLES_NAME)).stream()
  .map(authority -> new SimpleGrantedAuthority((String) authority))
- .collect(Collectors.toList());
+ .toList();
 
  if (!Strings.isNullOrEmpty(username)) {
  return new UsernamePasswordAuthenticationToken(username, null, authorities);

pom.xml

@@ -112,8 +112,7 @@
  <spring.framework.version>6.0.11</spring.framework.version>
  <spring.framework.boot.version>3.1.2</spring.framework.boot.version>
  <siv-mode.version>1.4.4</siv-mode.version>
- <jackson.version>2.12.7</jackson.version>
- <jackson-databind.version>2.12.7.1</jackson-databind.version>
+ <jackson.version>2.16.1</jackson.version>
  <keymanagement.version>0.0.9</keymanagement.version>
  <jakarta.annotation-api.varsion>2.1.1</jakarta.annotation-api.varsion>
  <jaxb-api.version>2.3.1</jaxb-api.version>
@@ -334,6 +333,27 @@
  <artifactId>jaxb-api</artifactId>
  <version>${jaxb-api.version}</version>
  </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-yaml</artifactId>
+ <version>${jackson.version}</version>
+ <scope>test</scope>
+ </dependency>
  </dependencies>
  </dependencyManagement>