Java Code Examples for org.apache.cxf.rs.security.jose.jwt.JwtClaims#setIssuer()
The following examples show how to use
org.apache.cxf.rs.security.jose.jwt.JwtClaims#setIssuer() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testBadSignatureCertificateTest() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtincludecert/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jks");
properties.put("rs.security.keystore.password", "password");
properties.put("rs.security.key.password", "password");
properties.put("rs.security.keystore.alias", "bethal");
properties.put("rs.security.keystore.file", "keys/Bethal.jks");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put("rs.security.signature.include.cert", "true");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Example 2
| Source File: JwtRequestCodeGrant.java From cxf with Apache License 2.0 | 5 votes |
|
public String getRequest() {
MultivaluedMap<String, String> map = super.toMap();
JwtClaims claims = new JwtClaims();
if (issuer != null) {
claims.setIssuer(issuer);
}
for (String key : map.keySet()) {
claims.setClaim(key, map.getFirst(key));
}
return joseProducer.processJwt(new JwtToken(claims), clientSecret);
}
Example 3
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testHMACSignature() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/hmacsignedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "HMAC512Key");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Example 4
| Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testExpiredToken() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.toEpochSecond());
claims.setAudiences(toList(address));
// Set the expiry date to be yesterday
claims.setExpiryTime(now.minusDays(1L).toEpochSecond());
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Example 5
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testSignatureEllipticCurve() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtec/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "ECKey");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put("rs.security.signature.algorithm", "ES256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Example 6
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testBadSigningKey() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jks");
properties.put("rs.security.keystore.password", "password");
properties.put("rs.security.key.password", "password");
properties.put("rs.security.keystore.alias", "alice");
properties.put("rs.security.keystore.file", "keys/alice.jks");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Example 7
| Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testNotBeforeSuccess() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwtnearfuture/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setAudiences(toList(address));
// Set the issued date to be in the near future
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.toEpochSecond());
claims.setNotBefore(now.plusSeconds(30L).toEpochSecond());
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
}
Example 8
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testSmallSignatureKeySize() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jks");
properties.put("rs.security.keystore.alias", "smallkey");
properties.put("rs.security.keystore.password", "security");
properties.put("rs.security.key.password", "security");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Example 9
| Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testAuthorizationRolesAllowedAnnotationHEAD() throws Exception {
URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
// The endpoint requires a role of "boss"
claims.setProperty("role", "boss");
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "2011-04-29");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.head();
assertEquals(response.getStatus(), 200);
}
Example 10
| Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testSetClaimsDirectly() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.toEpochSecond());
claims.setAudiences(toList(address));
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_CLAIMS, claims);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
}
Example 11
| Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testNearFutureTokenSuccess() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwtnearfuture/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setAudiences(toList(address));
// Set the issued date to be in the near future
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.plusSeconds(30L).toEpochSecond());
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
}
Example 12
| Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testClaimsAuthorizationWeakClaims() throws Exception {
URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/booksclaims";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
// The endpoint requires a role of "boss"
claims.setProperty("role", "boss");
claims.setProperty("http://claims/authentication", "password");
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "2011-04-29");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 403);
}
Example 13
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testUnsignedTokenFailure() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Example 14
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 4 votes |
|
protected JwtClaims createJwtAccessToken(ServerAccessToken at) {
JwtClaims claims = new JwtClaims();
claims.setTokenId(at.getTokenKey());
// 'client_id' or 'cid', default client_id
String clientIdClaimName =
JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID,
getJwtAccessTokenClaimMap());
claims.setClaim(clientIdClaimName, at.getClient().getClientId());
claims.setIssuedAt(at.getIssuedAt());
if (at.getExpiresIn() > 0) {
claims.setExpiryTime(at.getIssuedAt() + at.getExpiresIn());
}
UserSubject userSubject = at.getSubject();
if (userSubject != null) {
if (userSubject.getId() != null) {
claims.setSubject(userSubject.getId());
}
// 'username' by default to be consistent with the token introspection response
final String usernameProp = "username";
String usernameClaimName =
JwtTokenUtils.getClaimName(usernameProp, usernameProp, getJwtAccessTokenClaimMap());
claims.setClaim(usernameClaimName, userSubject.getLogin());
}
if (at.getIssuer() != null) {
claims.setIssuer(at.getIssuer());
}
if (!at.getScopes().isEmpty()) {
claims.setClaim(OAuthConstants.SCOPE,
OAuthUtils.convertPermissionsToScopeList(at.getScopes()));
}
// OAuth2 resource indicators (resource server audience)
if (!at.getAudiences().isEmpty()) {
List<String> resourceAudiences = at.getAudiences();
if (resourceAudiences.size() == 1) {
claims.setAudience(resourceAudiences.get(0));
} else {
claims.setAudiences(resourceAudiences);
}
}
if (!at.getExtraProperties().isEmpty()) {
Map<String, String> actualExtraProps = new HashMap<>();
for (Map.Entry<String, String> entry : at.getExtraProperties().entrySet()) {
if (JoseConstants.HEADER_X509_THUMBPRINT_SHA256.equals(entry.getKey())) {
claims.setClaim(JwtConstants.CLAIM_CONFIRMATION,
Collections.singletonMap(JoseConstants.HEADER_X509_THUMBPRINT_SHA256,
entry.getValue()));
} else {
actualExtraProps.put(entry.getKey(), entry.getValue());
}
}
claims.setClaim("extra_properties", actualExtraProps);
}
// Can be used to check at RS/etc which grant was used to get this token issued
if (at.getGrantType() != null) {
claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType());
}
// Can be used to check the original code grant value which was removed from the storage
// (and is no longer valid) when this token was issued; relevant only if the authorization
// code flow was used
if (at.getGrantCode() != null) {
claims.setClaim(OAuthConstants.AUTHORIZATION_CODE_GRANT, at.getGrantCode());
}
// Can be used to link the clients (especially public ones) to this token
// to have a knowledge which client instance is using this token - might be handy at the RS/etc
if (at.getClientCodeVerifier() != null) {
claims.setClaim(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, at.getClientCodeVerifier());
}
if (at.getNonce() != null) {
claims.setClaim(OAuthConstants.NONCE, at.getNonce());
}
return claims;
}
Example 15
| Source File: JWTITCase.java From syncope with Apache License 2.0 | 4 votes |
|
@Test
public void unknownId() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
// Create a new token using an unknown Id
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(UUID.randomUUID().toString());
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, JWS_ALGORITHM);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on an unknown id");
} catch (AccessControlException ex) {
// expected
}
}
Example 16
| Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testAuthorizationRolesAllowedAnnotation() throws Exception {
URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
// The endpoint requires a role of "boss"
claims.setProperty("role", "boss");
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "2011-04-29");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Example 17
| Source File: JWTITCase.java From syncope with Apache License 2.0 | 4 votes |
|
@Test
public void notBefore() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
String tokenId = consumer.getJwtClaims().getTokenId();
// Create a new token using the Id of the first token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(tokenId);
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime + 60L);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, JWS_ALGORITHM);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on a token that is not valid yet");
} catch (AccessControlException ex) {
// expected
}
}
Example 18
| Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testClaimsAuthorization() throws Exception {
URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/booksclaims";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
// The endpoint requires a role of "boss"
claims.setProperty("role", "boss");
// We also require a "smartcard" claim
claims.setProperty("http://claims/authentication", "smartcard");
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "2011-04-29");
properties.put("rs.security.keystore.file",
"org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Example 19
| Source File: OIDCNegativeTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testJWTRequestNonmatchingClientId() throws Exception {
URL busFile = OIDCNegativeTest.class.getResource("client.xml");
String address = "https://localhost:" + port + "/unsignedjwtservices/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("consumer-id");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(
Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/"));
claims.setProperty("client_id", "consumer-id2");
JwsHeaders headers = new JwsHeaders();
headers.setAlgorithm("none");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
String request = jws.getSignedEncodedJws();
AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
parameters.setConsumerId("consumer-id");
parameters.setScope("openid");
parameters.setResponseType("code");
parameters.setPath("authorize/");
parameters.setRequest(request);
// Get Authorization Code
try {
OAuth2TestUtils.getLocation(client, parameters);
fail("Failure expected on a non-matching client id");
} catch (ResponseProcessingException ex) {
// expected
}
}
Example 20
| Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSignatureEncryptionProperties() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
JwtAuthenticationClientFilter clientFilter = new JwtAuthenticationClientFilter();
clientFilter.setJwsRequired(true);
clientFilter.setJweRequired(true);
providers.add(clientFilter);
String address = "https://localhost:" + PORT + "/signedencryptedjwt/bookstore/books";
WebClient client =
WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
properties.put("rs.security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
