Merge pull request #356 from deedee/jwttoken_update

use JWT_V3_SECRET

Author: skyhit

conf/ApplicationServer.properties

@@ -44,5 +44,4 @@ SSO_COOKIE_KEY = @ApplicationServer.SSO_COOKIE_KEY@
 SSO_HASH_SECRET = @ApplicationServer.SSO_HASH_SECRET@
 SSO_DOMAIN = @ApplicationServer.SSO_DOMAIN@
 
-JWT_COOKIE_KEY = @ApplicationServer.JWT_COOKIE_KEY@
 JWT_V3_COOKIE_KEY = @ApplicationServer.JWT_V3_COOKIE_KEY@

conf/Direct.properties

@@ -18,6 +18,7 @@ LDAP_AUTH0_CONNECTION_NAME = @LDAP_AUTH0_CONNECTION_NAME@
 REDIRECT_URL_AUTH0 = /reg2/callback.action
 REG_SERVER_NAME= @REG_SERVER_NAME@
 JWT_VALID_ISSUERS=@JWT_VALID_ISSUERS@
+JWT_V3_SECRET = @JWT_V3_SECRET@
 
 #Parameter whether we use login processor or not
 USE_LOGIN_PROCESSOR = @useLoginProcessor@

src/java/main/com/topcoder/direct/services/view/interceptors/AuthenticationInterceptor.java

@@ -294,7 +294,7 @@ public String intercept(ActionInvocation invocation) throws Exception {
 
         JWTToken jwtToken = null;
         try {
-            jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.CLIENT_SECRET_AUTH0,
+            jwtToken = new JWTToken(jwtCookie.getValue(),DirectProperties.JWT_V3_SECRET,
                     DirectProperties.JWT_VALID_ISSUERS, authorizationURL, new JWTToken.Base64SecretEncoder());
             jwtToken.verify();
         } catch (TokenExpiredException e) {

src/java/main/com/topcoder/direct/services/view/processor/security/LoginProcessor.java

@@ -119,7 +119,7 @@ public void processRequest(LoginAction action) {
 
 
             // generate the jwt cookie
-            DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.CLIENT_SECRET_AUTH0);
+            DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.JWT_V3_SECRET);
 
             Map<String, Object> claims = new HashMap<String, Object>();
             claims.put("iss", "https://" + DirectProperties.DOMAIN_AUTH0);

src/java/main/com/topcoder/direct/services/view/processor/security/MockLoginProcessor.java

@@ -200,7 +200,7 @@ public void processRequest(LoginAction action) {
                         action.getFormData().isRemember());
 
                 // generate the jwt cookie
-                DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.CLIENT_SECRET_AUTH0);
+                DirectJWTSigner jwtSigner = new DirectJWTSigner(DirectProperties.JWT_V3_SECRET);
 
                 Map<String, Object> claims = new HashMap<String, Object>();
                 claims.put("iss", "https://" + DirectProperties.DOMAIN_AUTH0);

src/java/main/com/topcoder/direct/services/view/util/DirectProperties.java

@@ -99,7 +99,7 @@ public final class DirectProperties {
      *
      * @since 1.1
      */
-    public static String CLIENT_SECRET_AUTH0;
+    public static String JWT_V3_SECRET;
 
     /**
      * <p>

token.properties.docker

@@ -324,6 +324,7 @@
 @DOMAIN_AUTH0@ = sma.auth0.com
 @CLIENT_ID_AUTH0@ = CMaBuwSnY0Vu68PLrWatvvu3iIiGPh7t
 @CLIENT_SECRET_AUTH0@ = ZEEIRf_aLhvbYymAMTFefoEJ_8y7ELrUaboMTmE5fQoJXEo7sxxyg8IW6gtbyKuT
+@JWT_V3_SECRET@ = ZEEIRf_aLhvbYymAMTFefoEJ_8y7ELrUaboMTmE5fQoJXEo7sxxyg8IW6gtbyKuT
 @REG_SERVER_NAME@= tc.cloud.topcoder.com
 @LDAP_AUTH0_CONNECTION_NAME@=vm-ldap-connection
 @JWT_VALID_ISSUERS@ = https://sma.auth0.com, https://newtc.auth0.com, https://topcoder-newauth.auth0.com/

token.properties.example

@@ -388,6 +388,7 @@
 @DOMAIN_AUTH0@=
 @CLIENT_ID_AUTH0@=
 @CLIENT_SECRET_AUTH0@=
+@JWT_V3_SECRET@ = secret
 @JWT_EXPIRATION_SECONDS@=36000000
 @REG_SERVER_NAME@=tc.cloud.topcoder.com
 @LDAP_AUTH0_CONNECTION_NAME@=vm-ldap-connection