GithubHelp home page GithubHelp logo

hmac-auth's Introduction

hmac-auth

HMAC authentication for RESTful web applications

Release 3.0.0

  • Dependency updates (Spring 5 -> 6 etc.)

Release 2.3.8

  • Dependency updates (Spring 4 -> 5 etc.)

Release 2.3.7

  • Log authentication failures as WARN, not ERROR

Release 2.3.6

  • Add urldecode before signature calculation to fix issues with non-ascii characters in urls

Release 2.3.5

  • Use explicit utf-8 encoding for signature calculation

Release 2.3.4

  • Add jaxb dependency for Java 11+ compatibility

Release 2.3.3

  • Add PATCH functionality

Release 2.3.2

  • Added secure HTTPs destination option to hmac auth proxy application

Release: 2.3.1

  • Fixed bug DateTimeParseException when validating hmac requests with version 2.3.0 #23
  • Throw explicit exception if no secretKey is provided #25

Release 2.3.0

Remove dependency of joda-time library and use java.time package instead.

By that Java8 is required to use this library.

Release 2.2.0

Add property based user repository (PropertyUserRepository). You can inject a json file with the following structure:

[
  {
    "user": "user1",
    "password": "password1",
    "roles": [
      "role1"
    ]
  },
  {
    "user": "user2",
    "password": "password2",
    "roles": [
      "role1",
      "role2"
    ]
  },
  {
    "user": "user3",
    "password": "password3",
    "roles": []
  }
]

Release 2.1.0

Separation of hmac-auth-server and spring configuration.

  • New module hmac-auth-server-spring which holds the configuration of the hmac-auth-server module.
  • hmac-auth-server: Extraction of spring dependencies

If you have used the hmac-auth-server module, please switch to the hmac-auth-server-spring dependency instead.

Release 1.2.1

Maven:

Repository:

<repositories>
   <repository>
        <id>central</id>
        <url>http://repo1.maven.org/maven2/</url>
   </repository>
</repositories>

Dependency:

<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-server</artifactId>
   <version>1.2.1</version>
</dependency>
<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-client</artifactId>
   <version>1.2.1</version>
</dependency>
<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-proxy</artifactId>
   <version>1.2.1</version>
</dependency>

Gradle:

Repository:

repositories {
    mavenCentral()
}

Dependency:

dependencies {
    compile ("de.otto:hmac-auth-server:1.2.1")
    compile ("de.otto:hmac-auth-client:1.2.1")
    compile ("de.otto:hmac-auth-proxy:1.2.1")
}

Release 1.2.1-SNAPSHOT

Maven:

Repository:

<repositories>
   <repository>
        <id>SonatypeSnapshots</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
   </repository>
</repositories>

Dependency:

<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-server</artifactId>
   <version>1.2.1-SNAPSHOT</version>
</dependency>
<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-client</artifactId>
   <version>1.2.1-SNAPSHOT</version>
</dependency>
<dependency>
   <groupId>de.otto</groupId>
   <artifactId>hmac-auth-proxy</artifactId>
   <version>1.2.1-SNAPSHOT</version>
</dependency>

Gradle:

Repository:

repositories {
    maven { url 'https://oss.sonatype.org/content/repositories/snapshots/' }
}

Dependency:

dependencies {
    compile ("de.otto:hmac-auth-server:1.2.1-SNAPSHOT")
    compile ("de.otto:hmac-auth-client:1.2.1-SNAPSHOT")
    compile ("de.otto:hmac-auth-proxy:1.2.1-SNAPSHOT")
}

hmac-auth's People

Contributors

alphaone avatar benestem avatar christianfinckler1212 avatar christianstamm2000 avatar dependabot[bot] avatar ewoelfel avatar frankbregulla1111 avatar gsteinacker avatar ipavkovic avatar joernschumacher0001 avatar klausfleerkoetter0679 avatar marionoecker0301 avatar mathiasarens avatar mediamarco avatar mfait avatar micharegel avatar mikeykoelbl avatar ola-github avatar omarkacimi3254 avatar peterfouquet0001 avatar pfouquet avatar rogerthemoose avatar stammi avatar stefanschmidt1701 avatar thimotollmien1002 avatar tomvollerthun1337 avatar tunatom avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

alphaone jonathanmeyer2600 mattbelcher alanma mregel shaxianwei ipavkovic franklu918 christianfinckler1212 defenderhhhh arizkyana gw250 frankbregulla1111 nilsschmidthamburg lovercoder dllen meixinbin semtle zimo1988 mikeykoelbl heerens alfredosc8 omarkacimi3254 kaeff klausfleerkoetter0679 thaingo erikhaddenhorst0000

hmac-auth's Issues

Please compile with "-parameters" so that Spring Boot 3 does not complain

On startup, we receive the following warn message because this library is not compiled with the "-parameters" flag:

2023-06-20T15:07:57,295 WARN  logger=LocalVariableTableParameterNameDiscoverer message='Using deprecated '-debug' fallback for parameter name resolution. Compile the affected code with '-parameters' instead or avoid its introspection: de.otto.hmac.authorization.RolesAuthorizationAspect' url= thread=main

DateTimeParseException when validating hmac requests with version 2.3.0

Hello,

I get a DateTimeParseException when making a hmac request with version 2.3.0 of the hmac-auth-server. With version 2.2.0 the request is handled and authorized successfully.
Version 2.2.0 uses JodaTime and version 2.3.0 uses java.time, so I suspect the error to be related with this switch of APIs.

java.time.format.DateTimeParseException: Text '2016-11-07T16:44:49.884+01:00' could not be parsed at index 23
	at java.time.format.DateTimeFormatter.parseResolved0(DateTimeFormatter.java:1949)
	at java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1851)
	at java.time.Instant.parse(Instant.java:395)
	at de.otto.hmac.authentication.RequestSigningUtil.hasValidRequestTimeStamp(RequestSigningUtil.java:50)
	at de.otto.hmac.authentication.RequestSigningUtil.checkRequest(RequestSigningUtil.java:28)
	at de.otto.hmac.authentication.AuthenticationService.validate(AuthenticationService.java:29)
	at de.otto.hmac.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:37)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at de.otto.edison.metrics.http.MetricsFilter.doFilter(MetricsFilter.java:40)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.togglz.servlet.TogglzFilter.doFilter(TogglzFilter.java:100)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:105)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:107)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.