Upgrade to Dropwizard 4 (#91)

.github/workflows/build.yml

@@ -13,7 +13,7 @@ jobs:
             -   uses: actions/setup-java@v3
                 with:
                     distribution: 'zulu'
-                    java-version: '8'
+                    java-version: '11'
             -   name: maven build
                 env:
                     GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }}

README.md

@@ -4,7 +4,7 @@
 [![Javadoc](https://www.javadoc.io/badge/org.dhatim/dropwizard-jwt-cookie-authentication.svg)](http://www.javadoc.io/doc/org.dhatim/dropwizard-jwt-cookie-authentication)
 [![Mentioned in Awesome Dropwizard](https://awesome.re/mentioned-badge.svg)](https://github.com/stve/awesome-dropwizard)
 
-**Please note version 4 requires Dropwizard 2.**
+**Please note version 5 requires Java 11 and Dropwizard 4.**
 
 # dropwizard-jwt-cookie-authentication
 
@@ -26,7 +26,7 @@ Add the dropwizard-jwt-cookie-authentication library as a dependency to your `po
 <dependency>
     <groupId>org.dhatim</groupId>
     <artifactId>dropwizard-jwt-cookie-authentication</artifactId>
-    <version>4.5.0</version>
+    <version>5.0.0</version>
 </dependency>
   ```
 

pom.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.dhatim</groupId>
@@ -25,15 +26,15 @@
     </developers>
     <scm>
         <connection>scm:git:git@github.com:dhatim/dropwizard-jwt-cookie-authentication.git</connection>
-        <developerConnection>scm:git:git@github.com:dhatim/dropwizard-jwt-cookie-authentication.git</developerConnection>
+        <developerConnection>scm:git:git@github.com:dhatim/dropwizard-jwt-cookie-authentication.git
+        </developerConnection>
         <url>git@github.com:dhatim/dropwizard-jwt-cookie-authentication.git</url>
     </scm>
     <properties>
         <java.source>1.8</java.source>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <dropwizard.version>2.1.6</dropwizard.version>
         <jjwt.version>0.11.5</jjwt.version>
         <enforcer.fail>false</enforcer.fail>
     </properties>
@@ -56,16 +57,30 @@
             </snapshots>
         </repository>
     </repositories>
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.dropwizard</groupId>
+                <artifactId>dropwizard-bom</artifactId>
+                <version>4.0.0</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
     <dependencies>
+        <dependency>
+            <groupId>jakarta.annotation</groupId>
+            <artifactId>jakarta.annotation-api</artifactId>
+            <version>2.1.1</version>
+        </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-core</artifactId>
-            <version>${dropwizard.version}</version>
         </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-auth</artifactId>
-            <version>${dropwizard.version}</version>
         </dependency>
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
@@ -84,17 +99,21 @@
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter-engine</artifactId>
+            <artifactId>junit-jupiter-api</artifactId>
             <version>5.9.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-testing</artifactId>
-            <version>${dropwizard.version}</version>
             <scope>test</scope>
         </dependency>
-      </dependencies>
+        <dependency>
+            <groupId>io.dropwizard</groupId>
+            <artifactId>dropwizard-client</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
     <build>
         <plugins>
             <plugin>

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/DontRefreshSession.java

@@ -1,12 +1,12 @@
 /**
  * Copyright 2023 Dhatim
- *
+ * <p>
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
- *
+ * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -15,11 +15,12 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
-import java.lang.annotation.Retention;
+import jakarta.ws.rs.NameBinding;
+
 import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
-import javax.ws.rs.NameBinding;
 
 /**
  * An annotation that can be used to avoid reseting the session TTL when an API is called

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/DontRefreshSessionFilter.java

@@ -1,12 +1,12 @@
 /**
  * Copyright 2023 Dhatim
- *
+ * <p>
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
- *
+ * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -15,12 +15,13 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ContainerRequestFilter;
+
 import java.io.IOException;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
 
 @DontRefreshSession
-public class DontRefreshSessionFilter implements ContainerRequestFilter{
+public class DontRefreshSessionFilter implements ContainerRequestFilter {
 
     public static String DONT_REFRESH_SESSION_PROPERTY = "dontRefreshSession";
 

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthBundle.java

@@ -18,25 +18,20 @@
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.google.common.hash.Hashing;
 import com.google.common.primitives.Ints;
-import io.dropwizard.Configuration;
-import io.dropwizard.ConfiguredBundle;
-import io.dropwizard.auth.AuthDynamicFeature;
-import io.dropwizard.auth.AuthFilter;
-import io.dropwizard.auth.AuthValueFactoryProvider;
-import io.dropwizard.auth.Authorizer;
-import io.dropwizard.auth.DefaultUnauthorizedHandler;
-import io.dropwizard.auth.UnauthorizedHandler;
+import io.dropwizard.auth.*;
+import io.dropwizard.core.Configuration;
+import io.dropwizard.core.ConfiguredBundle;
+import io.dropwizard.core.setup.Bootstrap;
+import io.dropwizard.core.setup.Environment;
 import io.dropwizard.jersey.setup.JerseyEnvironment;
-import io.dropwizard.setup.Bootstrap;
-import io.dropwizard.setup.Environment;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.impl.DefaultClaims;
+import jakarta.ws.rs.container.ContainerResponseFilter;
 import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.spec.SecretKeySpec;
-import javax.ws.rs.container.ContainerResponseFilter;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
@@ -161,7 +156,7 @@ public AuthFilter<String, P> getAuthRequestFilter(Key key, String cookieName) {
                 .setCookieName(cookieName)
                 .setAuthenticator(new JwtCookiePrincipalAuthenticator(key, deserializer))
                 .setPrefix(JWT_COOKIE_PREFIX)
-                .setAuthorizer((Authorizer<P>) (P::isInRole))
+                .setAuthorizer((Authorizer<P>) (principal, role, requestContext) -> principal.isInRole(role))
                 .setUnauthorizedHandler(unauthorizedHandler)
                 .buildAuthFilter();
     }

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthConfiguration.java

@@ -15,8 +15,8 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
-import javax.annotation.Nullable;
-import javax.validation.constraints.NotEmpty;
+import jakarta.annotation.Nullable;
+import jakarta.validation.constraints.NotEmpty;
 
 import static org.dhatim.dropwizard.jwt.cookie.authentication.JwtCookieAuthBundle.JWT_COOKIE_DEFAULT_NAME;
 

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthRequestFilter.java

@@ -1,12 +1,12 @@
 /**
  * Copyright 2023 Dhatim
- *
+ * <p>
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
- *
+ * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -17,14 +17,15 @@
 
 import io.dropwizard.auth.AuthFilter;
 import io.dropwizard.auth.AuthenticationException;
+import jakarta.annotation.Priority;
+import jakarta.ws.rs.InternalServerErrorException;
+import jakarta.ws.rs.Priorities;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.core.Cookie;
+
 import java.io.IOException;
 import java.util.Objects;
 import java.util.Optional;
-import javax.annotation.Priority;
-import javax.ws.rs.InternalServerErrorException;
-import javax.ws.rs.Priorities;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.core.Cookie;
 
 @Priority(Priorities.AUTHENTICATION)
 class JwtCookieAuthRequestFilter<P extends JwtCookiePrincipal> extends AuthFilter<String, P> {
@@ -66,7 +67,7 @@ public Builder setCookieName(String cookieName) {
         }
 
         @Override
-        protected  JwtCookieAuthRequestFilter<P> newInstance() {
+        protected JwtCookieAuthRequestFilter<P> newInstance() {
             return new JwtCookieAuthRequestFilter(Objects.requireNonNull(cookieName, "cookieName is not set"));
         }
     }

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthResponseFilter.java

@@ -18,10 +18,10 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ContainerResponseContext;
+import jakarta.ws.rs.container.ContainerResponseFilter;
 
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerResponseContext;
-import javax.ws.rs.container.ContainerResponseFilter;
 import java.io.IOException;
 import java.security.Key;
 import java.security.Principal;

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookiePrincipal.java

@@ -15,8 +15,10 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
+import jakarta.ws.rs.container.ContainerRequestContext;
+import org.checkerframework.checker.nullness.qual.Nullable;
+
 import java.security.Principal;
-import javax.ws.rs.container.ContainerRequestContext;
 
 /**
  * A principal persisted in JWT cookies

src/main/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieSecurityContext.java

@@ -1,12 +1,12 @@
 /**
  * Copyright 2023 Dhatim
- *
+ * <p>
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
  * the License at
- *
+ * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -15,14 +15,15 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
+import jakarta.ws.rs.core.SecurityContext;
+
 import java.security.Principal;
 import java.util.Optional;
-import javax.ws.rs.core.SecurityContext;
 
 /**
  * Security context set after a JWT cookie authentication
  */
-class JwtCookieSecurityContext implements SecurityContext{
+class JwtCookieSecurityContext implements SecurityContext {
 
     private final JwtCookiePrincipal subject;
     private final boolean secure;

src/test/java/org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthenticationTest.java

@@ -15,19 +15,25 @@
  */
 package org.dhatim.dropwizard.jwt.cookie.authentication;
 
-import io.dropwizard.Configuration;
+import io.dropwizard.client.HttpClientBuilder;
+import io.dropwizard.client.JerseyClientBuilder;
+import io.dropwizard.core.Configuration;
+import io.dropwizard.jackson.Jackson;
 import io.dropwizard.testing.junit5.DropwizardAppExtension;
 import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
 import io.jsonwebtoken.lang.Strings;
+import jakarta.ws.rs.client.Client;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.client.WebTarget;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.NewCookie;
+import jakarta.ws.rs.core.Response;
+import org.apache.hc.client5.http.cookie.BasicCookieStore;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.NewCookie;
-import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -41,10 +47,26 @@
 public class JwtCookieAuthenticationTest {
 
     private static final DropwizardAppExtension<Configuration> EXT = new DropwizardAppExtension<Configuration>(TestApplication.class);
+
+    private static Client CLIENT;
+
+    @BeforeAll
+    protected static void createClient() {
+        JerseyClientBuilder builder = new JerseyClientBuilder(EXT.getEnvironment());
+        builder.using(Jackson.newObjectMapper());
+        builder.setApacheHttpClientBuilder(new HttpClientBuilder(EXT.getEnvironment()) {
+            @Override
+            protected org.apache.hc.client5.http.impl.classic.HttpClientBuilder customizeBuilder(org.apache.hc.client5.http.impl.classic.HttpClientBuilder builder) {
+                return super.customizeBuilder(builder).setDefaultCookieStore(new BasicCookieStore());
+            }
+        });
+        CLIENT = builder.build("client");
+    }
+
     private static final String COOKIE_NAME = "sessionToken";
 
     private WebTarget getTarget() {
-        return EXT.client().target("http://localhost:" + EXT.getLocalPort() + "/application").path("principal");
+        return CLIENT.target("http://localhost:" + EXT.getLocalPort() + "/application/principal");
     }
 
     @Test