Java Code Examples for io.smallrye.jwt.auth.principal.JWTAuthContextInfo#setExpGracePeriodSecs()

The following examples show how to use io.smallrye.jwt.auth.principal.JWTAuthContextInfo#setExpGracePeriodSecs() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test
public void testValidation() throws Exception {
    String token = TokenUtils.generateTokenString("/Token1.json");
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 2
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test(expectedExceptions = { ParseException.class }, description = "Illustrate validation of issuer")
public void testFailIssuer() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.ISSUER);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 3
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test(expectedExceptions = { ParseException.class }, description = "Illustrate validation of signer")
public void testNimbusFailSignature() throws Exception {
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.SIGNER);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 4
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test(expectedExceptions = { ParseException.class }, description = "Illustrate validation of exp")
public void testNimbusFailExpired() throws Exception {
    HashMap<String, Long> timeClaims = new HashMap<>();
    HashSet<TokenUtils.InvalidClaims> invalidFields = new HashSet<>();
    invalidFields.add(TokenUtils.InvalidClaims.EXP);
    String token = TokenUtils.generateTokenString("/Token1.json", invalidFields, timeClaims);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 5
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test(expectedExceptions = { ParseException.class }, description = "Illustrate validation of exp that has just expired")
public void testNimbusFailJustExpired() throws Exception {
    HashMap<String, Long> timeClaims = new HashMap<>();
    // Set exp to 61 seconds in past
    long exp = TokenUtils.currentTimeInSecs() - 61;
    timeClaims.put(Claims.exp.name(), exp);
    String token = TokenUtils.generateTokenString("/Token1.json", null, timeClaims);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 6
Source File: TestJsonWebToken.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Test(description = "Illustrate validation of exp that is in grace period")
public void testNimbusExpGrace() throws Exception {
    HashMap<String, Long> timeClaims = new HashMap<>();
    // Set exp to 45 seconds in past
    long exp = TokenUtils.currentTimeInSecs() - 45;
    timeClaims.put(Claims.exp.name(), exp);
    String token = TokenUtils.generateTokenString("/Token1.json", null, timeClaims);
    RSAPublicKey publicKey = (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem");
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo(publicKey, "https://server.example.com");
    contextInfo.setExpGracePeriodSecs(60);
    JsonWebToken jwt = validateToken(token, contextInfo);
}
 
Example 7
Source File: JWTAuthContextInfoProvider.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
@Produces
Optional<JWTAuthContextInfo> getOptionalContextInfo() {
    // Log the config values
    ConfigLogging.log.configValues(mpJwtPublicKey.orElse("missing"), mpJwtIssuer, mpJwtLocation.orElse("missing"));
    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo();

    if (mpJwtIssuer != null && !mpJwtIssuer.equals(NONE)) {
        contextInfo.setIssuedBy(mpJwtIssuer.trim());
    } else {
        // If there is no expected issuer configured, don't validate it; new in MP-JWT 1.1
        contextInfo.setRequireIssuer(false);
    }

    // Default is to require iss claim
    contextInfo.setRequireIssuer(mpJwtRequireIss.orElse(true));

    if (mpJwtPublicKey.isPresent() && !NONE.equals(mpJwtPublicKey.get())) {
        contextInfo.setPublicKeyContent(mpJwtPublicKey.get());
    } else if (mpJwtLocation.isPresent() && !NONE.equals(mpJwtLocation.get())) {
        String mpJwtLocationTrimmed = mpJwtLocation.get().trim();
        if (mpJwtLocationTrimmed.startsWith("http")) {
            contextInfo.setPublicKeyLocation(mpJwtLocationTrimmed);
        } else {
            try {
                contextInfo.setPublicKeyContent(ResourceUtils.readResource(mpJwtLocationTrimmed));
                if (contextInfo.getPublicKeyContent() == null) {
                    throw ConfigMessages.msg.invalidPublicKeyLocation();
                }
            } catch (IOException ex) {
                throw ConfigMessages.msg.readingPublicKeyLocationFailed(ex);
            }
        }
    }
    if (tokenHeader != null) {
        contextInfo.setTokenHeader(tokenHeader);
    }

    contextInfo.setAlwaysCheckAuthorization(alwaysCheckAuthorization);

    contextInfo.setTokenKeyId(tokenKeyId.orElse(null));
    contextInfo.setRequireNamedPrincipal(requireNamedPrincipal.orElse(null));
    SmallryeJwtUtils.setContextTokenCookie(contextInfo, tokenCookie);
    SmallryeJwtUtils.setTokenSchemes(contextInfo, tokenSchemes);
    contextInfo.setDefaultSubjectClaim(defaultSubClaim.orElse(null));
    SmallryeJwtUtils.setContextSubPath(contextInfo, subPath);
    contextInfo.setDefaultGroupsClaim(defaultGroupsClaim.orElse(null));
    SmallryeJwtUtils.setContextGroupsPath(contextInfo, groupsPath);
    contextInfo.setExpGracePeriodSecs(expGracePeriodSecs.orElse(null));
    contextInfo.setMaxTimeToLiveSecs(maxTimeToLiveSecs.orElse(null));
    contextInfo.setJwksRefreshInterval(jwksRefreshInterval.orElse(null));
    contextInfo.setForcedJwksRefreshInterval(forcedJwksRefreshInterval);
    if (signatureAlgorithm.orElse(null) == SignatureAlgorithm.HS256) {
        throw ConfigMessages.msg.hs256NotSupported();
    }
    contextInfo.setSignatureAlgorithm(signatureAlgorithm.orElse(SignatureAlgorithm.RS256));
    contextInfo.setKeyFormat(keyFormat);
    contextInfo.setExpectedAudience(expectedAudience.orElse(null));
    contextInfo.setGroupsSeparator(groupsSeparator);
    contextInfo.setRequiredClaims(requiredClaims.orElse(null));
    contextInfo.setRelaxVerificationKeyValidation(relaxVerificationKeyValidation);

    return Optional.of(contextInfo);
}
 
Example 8
Source File: JWTAuthContextInfoProvider.java    From thorntail with Apache License 2.0 4 votes vote down vote up
/**
 * Produce the JWTAuthContextInfo from a combination of the MP-JWT properties and the extended
 * fraction defined properties.
 * @return an Optional wrapper for the configured JWTAuthContextInfo
 */
@Produces
Optional<JWTAuthContextInfo> getOptionalContextInfo() {
    // Log the config values
    log.debugf("init, publicKeyPemEnc=%s, issuedBy=%s, expGracePeriodSecs=%d, jwksRefreshInterval=%d",
               publicKeyPemEnc.orElse("missing"), issuedBy, expGracePeriodSecs.get(), jwksRefreshInterval.get());

    /*
    FIXME Due to a bug in MP-Config (https://github.com/wildfly-extras/wildfly-microprofile-config/issues/43) we need to set all
    values to "NONE" as Optional Strings are populated with a ConfigProperty.defaultValue if they are absent. Fix this when MP-Config
    is repaired.
     */
    if (NONE.equals(publicKeyPemEnc.get()) && NONE.equals(jwksUri.get()) &&
            NONE.equals(super.getMpJwtPublicKey().get()) && NONE.equals(super.getMpJwtLocation().get())) {
        return Optional.empty();
    }
    log.warn("The use of all mpjwt.* properties is deprecated, use thorntail.microprofile.jwt.* properties instead");

    JWTAuthContextInfo contextInfo = new JWTAuthContextInfo();
    // Look to MP-JWT values first
    if (super.getMpJwtPublicKey().isPresent() && !NONE.equals(super.getMpJwtPublicKey().get())) {
        super.decodeMpJwtPublicKey(contextInfo);
    } else if (publicKeyPemEnc.isPresent() && !NONE.equals(publicKeyPemEnc.get())) {
        try {
            RSAPublicKey pk = (RSAPublicKey) KeyUtils.decodePublicKey(publicKeyPemEnc.get());
            contextInfo.setSignerKey(pk);
        } catch (Exception e) {
            throw new DeploymentException(e);
        }
    }

    String mpJwtIssuer = super.getMpJwtIssuer();
    if (mpJwtIssuer != null && !mpJwtIssuer.equals(NONE)) {
        contextInfo.setIssuedBy(mpJwtIssuer);
    } else if (issuedBy != null && !issuedBy.equals(NONE)) {
        contextInfo.setIssuedBy(issuedBy);
    }

    Optional<Boolean> mpJwtRequireIss = super.getMpJwtRequireIss();
    if (mpJwtRequireIss != null && mpJwtRequireIss.isPresent()) {
        contextInfo.setRequireIssuer(mpJwtRequireIss.get());
    } else {
        // Default is to require iss claim
        contextInfo.setRequireIssuer(true);
    }

    if (expGracePeriodSecs.isPresent()) {
        contextInfo.setExpGracePeriodSecs(expGracePeriodSecs.get());
    }
    // The MP-JWT location can be a PEM, JWK or JWKS
    Optional<String> mpJwtLocation = super.getMpJwtLocation();
    if (mpJwtLocation.isPresent() && !NONE.equals(mpJwtLocation.get())) {
        contextInfo.setPublicKeyLocation(super.getMpJwtLocation().get());
    } else if (jwksUri.isPresent() && !NONE.equals(jwksUri.get())) {
        contextInfo.setPublicKeyLocation(jwksUri.get());
    }
    if (jwksRefreshInterval.isPresent()) {
        contextInfo.setJwksRefreshInterval(jwksRefreshInterval.get());
    }

    if (super.getTokenHeader() != null) {
        contextInfo.setTokenHeader(super.getTokenHeader());
    }
    SmallryeJwtUtils.setContextTokenCookie(contextInfo, super.getTokenCookie());
    if (super.getDefaultGroupsClaim() != null && super.getDefaultGroupsClaim().isPresent()) {
        contextInfo.setDefaultGroupsClaim(super.getDefaultGroupsClaim().get());
    }

    return Optional.of(contextInfo);
}