Merge remote-tracking branch 'origin/main' into jetty-ee10

SAP · Jan 5, 2024 · b74f320 · b74f320
2 parents f86be81 + 6aaf717
commit b74f320
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 37 deletions.
diff --git a/java-security-test/pom.xml b/java-security-test/pom.xml
@@ -38,26 +38,17 @@
 		<dependency>
 			<groupId>org.eclipse.jetty</groupId>
 			<artifactId>jetty-server</artifactId>
+			<version>${org.eclipse.jetty.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.jetty.ee10</groupId>
 			<artifactId>jetty-ee10-servlet</artifactId>
+			<version>${org.eclipse.jetty.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.jetty.ee10</groupId>
 			<artifactId>jetty-ee10-webapp</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.eclipse.jetty.ee10</groupId>
-			<artifactId>jetty-ee10-annotations</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.eclipse.jetty</groupId>
-			<artifactId>jetty-io</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.eclipse.jetty</groupId>
-			<artifactId>jetty-util</artifactId>
+			<version>${org.eclipse.jetty.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.wiremock</groupId>
@@ -85,11 +76,6 @@
             <artifactId>assertj-core</artifactId>
             <scope>test</scope>
         </dependency>
-		<dependency> <!-- check if it's still needed when slf4j-api 1.8 is available -->
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-simple</artifactId>
-			<scope>test</scope>
-		</dependency>
     </dependencies>
 
 	<build>

diff --git a/java-security-test/src/main/java/com/sap/cloud/security/test/JwtGenerator.java b/java-security-test/src/main/java/com/sap/cloud/security/test/JwtGenerator.java
@@ -18,6 +18,7 @@
 
 import javax.annotation.Nonnull;
 import java.io.IOException;
+import java.lang.reflect.Field;
 import java.nio.charset.StandardCharsets;
 import java.security.*;
 import java.time.Instant;
@@ -42,8 +43,8 @@ public class JwtGenerator {
 	private static final String DEFAULT_JWKS_URL = "http://localhost/token_keys";
 	private static final char DOT = '.';
 
-	private final JSONObject jsonHeader = new JSONObject();
-	private final JSONObject jsonPayload = new JSONObject();
+	private final JSONObject jsonHeader = newPredictableOrderingJSONObject();
+	private final JSONObject jsonPayload = newPredictableOrderingJSONObject();
 
 	private final SignatureCalculator signatureCalculator;
 	private final Service service;
@@ -60,6 +61,23 @@ private JwtGenerator(Service service, SignatureCalculator signatureCalculator) {
 		predefineTokenClaims();
 	}
 
+	/**
+	 * Creates a new JSONObject object with LinkedHashMap with predictable iteration order.
+	 * @return JSONObject
+	 */
+	private static JSONObject newPredictableOrderingJSONObject() {
+		JSONObject jsonObject = new JSONObject();
+		try {
+			Field declaredMapField = jsonObject.getClass().getDeclaredField("map");
+			declaredMapField.setAccessible(true);
+			declaredMapField.set(jsonObject, new LinkedHashMap<>());
+			declaredMapField.setAccessible(false);
+		} catch (IllegalAccessException | NoSuchFieldException e) {
+			LOGGER.info("Couldn't create a JSONObject with a LinkedHashMap field. {}", e.getMessage());
+		}
+		return jsonObject;
+	}
+
 	/**
 	 * This factory method creates an {@link JwtGenerator} instance that can be used
 	 * to create tokens for testing purposes. The tokens are prefilled with data so

diff --git a/pom.xml b/pom.xml
@@ -62,7 +62,7 @@
 		<spring.security.version>6.2.1</spring.security.version>
 		<spring.security.oauth2.version>2.5.2.RELEASE</spring.security.oauth2.version>
 		<spring.security.jwt.version>1.1.1.RELEASE</spring.security.jwt.version>
-		<org.eclipse.jetty.bom.version>12.0.5</org.eclipse.jetty.bom.version>
+		<org.eclipse.jetty.version>12.0.5</org.eclipse.jetty.version>
 		<reactor.version>3.6.1</reactor.version>
 		<log4j2.version>2.22.1</log4j2.version>
 		<slf4j.api.version>2.0.10</slf4j.api.version> <!--see also here http://www.slf4j.org/faq.html#changesInVersion18 -->
@@ -119,20 +119,6 @@
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
-			<dependency>
-				<groupId>org.eclipse.jetty</groupId>
-				<artifactId>jetty-bom</artifactId>
-				<version>${org.eclipse.jetty.bom.version}</version>
-				<type>pom</type>
-				<scope>import</scope>
-			</dependency>
-			<dependency>
-				<groupId>org.eclipse.jetty.ee10</groupId>
-				<artifactId>jetty-ee10-bom</artifactId>
-				<version>${org.eclipse.jetty.bom.version}</version>
-				<type>pom</type>
-				<scope>import</scope>
-			</dependency>
 			<!-- spring -->
 			<!-- BOMs -->
 			<dependency>

diff --git a/...-security-compatibility/src/test/java/com/sap/cloud/security/comp/XsuaaTokenCompTest.java b/...-security-compatibility/src/test/java/com/sap/cloud/security/comp/XsuaaTokenCompTest.java
@@ -1,6 +1,6 @@
 /**
- * SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors
- *
+ * SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors*
+ * <p>
  * SPDX-License-Identifier: Apache-2.0
  */
 package com.sap.cloud.security.comp;
@@ -227,7 +227,7 @@ void getSubdomainFails() {
 	@Test
 	void getAppToken() {
 		token = XsuaaTokenComp.createInstance(jwtGenerator.createToken());
-		assertThat(token.getAppToken(), startsWith("eyJqa3UiOiJodHRwOi8vbG9jYWx"));
+		assertThat(token.getAppToken(), startsWith("eyJraWQiOiJkZWZhdWx0LWtpZCIs"));
 	}
 
 	@Test