From d0238b313960f3321fd3a468daa34bfb6d68edb1 Mon Sep 17 00:00:00 2001 From: Juan Marcos Bellini Date: Tue, 21 Nov 2017 21:21:14 -0300 Subject: [PATCH 1/2] Fix JWT bug with numbers that can be represented as integers - There was a casting bug --- .../server/web/security/authentication/JwtAgent.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/security/authentication/JwtAgent.java b/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/security/authentication/JwtAgent.java index 8cb2e04..d0220a0 100644 --- a/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/security/authentication/JwtAgent.java +++ b/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/security/authentication/JwtAgent.java @@ -133,7 +133,11 @@ public JwtTokenData compile(String rawToken) throws IllegalArgumentException { final String username = claims.getSubject(); if (roles.contains(Role.ROLE_DEVICE)) { - final long deviceId = (long) claims.get(DEVICE_ID_CLAIMS_NAME); + final Object deviceIdObject = claims.get(DEVICE_ID_CLAIMS_NAME); + if (!(deviceIdObject instanceof Number)) { + throw new MalformedJwtException("The \"device id\" claim must be a number"); + } + final long deviceId = ((Number) deviceIdObject).longValue(); return new DeviceJwtTokenData(userId, username, roles, deviceId); } checkJwtBlacklist(userId, jti); // Device tokens are not blacklisted From 633e6351e52459b8e46a624cc3d3b671f86f5a3d Mon Sep 17 00:00:00 2001 From: Juan Marcos Bellini Date: Tue, 21 Nov 2017 21:22:34 -0300 Subject: [PATCH 2/2] Change project version to 0.0.6.RELEASE --- pom.xml | 2 +- server-core/pom.xml | 2 +- server-persistence-interfaces/pom.xml | 2 +- server-persistence/pom.xml | 2 +- server-services-interfaces/pom.xml | 2 +- server-services/pom.xml | 2 +- server-webapp/pom.xml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index f570c2a..4e7ea7d 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE pom ${project.groupId}:${project.artifactId} diff --git a/server-core/pom.xml b/server-core/pom.xml index c3bb093..1649b17 100644 --- a/server-core/pom.xml +++ b/server-core/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-core diff --git a/server-persistence-interfaces/pom.xml b/server-persistence-interfaces/pom.xml index 6642470..c555ae8 100644 --- a/server-persistence-interfaces/pom.xml +++ b/server-persistence-interfaces/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-persistence-interfaces diff --git a/server-persistence/pom.xml b/server-persistence/pom.xml index 742de3e..e461d42 100644 --- a/server-persistence/pom.xml +++ b/server-persistence/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-persistence diff --git a/server-services-interfaces/pom.xml b/server-services-interfaces/pom.xml index 0dcf8b7..7b3e9c8 100644 --- a/server-services-interfaces/pom.xml +++ b/server-services-interfaces/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-services-interfaces diff --git a/server-services/pom.xml b/server-services/pom.xml index 45433bd..ea28197 100644 --- a/server-services/pom.xml +++ b/server-services/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-services diff --git a/server-webapp/pom.xml b/server-webapp/pom.xml index 4797b04..5ab2556 100644 --- a/server-webapp/pom.xml +++ b/server-webapp/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.5.RELEASE + 0.0.6.RELEASE server-webapp