Java Code Examples for org.apache.cxf.rs.security.jose.jwt.JwtClaims#setAudiences()
The following examples show how to use
org.apache.cxf.rs.security.jose.jwt.JwtClaims#setAudiences() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 6 votes |
@org.junit.Test public void testBadSignatureCertificateTest() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtincludecert/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jks"); properties.put("rs.security.keystore.password", "password"); properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.alias", "bethal"); properties.put("rs.security.keystore.file", "keys/Bethal.jks"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put("rs.security.signature.include.cert", "true"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
Example 2
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testSignatureDynamic() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 3
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testAuthorizationWrongRolesAllowedAnnotationGET() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "manager"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.get(); assertNotEquals(response.getStatus(), 200); }
Example 4
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testHMACSignature() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/hmacsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "HMAC512Key"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 5
Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testSetClaimsDirectly() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); claims.setAudiences(toList(address)); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
Example 6
Source File: JWTPropertiesTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testMultipleAudiences() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); String badAddress = "https://localhost:" + PORT + "/badunsignedjwt/bookstore/books"; List<String> audiences = new ArrayList<>(); audiences.add(address); audiences.add(badAddress); claims.setAudiences(audiences); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
Example 7
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testBadSigningKey() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jks"); properties.put("rs.security.keystore.password", "password"); properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.alias", "alice"); properties.put("rs.security.keystore.file", "keys/alice.jks"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
Example 8
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testBadHMACSignature() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/hmacsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "HMACKey"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
Example 9
Source File: OIDCFlowTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testAuthorizationCodeFlowUnsignedJWT() throws Exception { URL busFile = OIDCFlowTest.class.getResource("client.xml"); String address = "https://localhost:" + port + "/unsignedjwtservices/"; WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString()); // Save the Cookie for the second request... WebClient.getConfig(client).getRequestContext().put( org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); JwtClaims claims = new JwtClaims(); claims.setIssuer("consumer-id"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences( Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/")); JwsHeaders headers = new JwsHeaders(); headers.setAlgorithm("none"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); String request = jws.getSignedEncodedJws(); // Get Authorization Code AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); parameters.setConsumerId("consumer-id"); parameters.setScope("openid"); parameters.setResponseType("code"); parameters.setPath("authorize/"); parameters.setRequest(request); String location = OAuth2TestUtils.getLocation(client, parameters); String code = OAuth2TestUtils.getSubstring(location, "code"); assertNotNull(code); }
Example 10
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testSignatureProperties() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 11
Source File: DefaultJWTClaimsProvider.java From cxf with Apache License 2.0 | 5 votes |
/** * Set the audience restriction claim. The Audiences are from an AppliesTo address, and the wst:Participants * (if either exist). */ protected void handleAudienceRestriction( JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims ) { TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters(); List<String> audiences = new ArrayList<>(); String appliesToAddress = providerParameters.getAppliesToAddress(); if (appliesToAddress != null) { audiences.add(appliesToAddress); } Participants participants = providerParameters.getTokenRequirements().getParticipants(); if (participants != null) { String address = TokenProviderUtils.extractAddressFromParticipantsEPR(participants.getPrimaryParticipant()); if (address != null) { audiences.add(address); } if (participants.getParticipants() != null) { for (Object participant : participants.getParticipants()) { if (participant != null) { address = TokenProviderUtils.extractAddressFromParticipantsEPR(participant); if (address != null) { audiences.add(address); } } } } } if (!audiences.isEmpty()) { claims.setAudiences(audiences); } }
Example 12
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testAuthorizationWrongRolesAllowedAnnotationHEAD() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "manager"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.head(); assertNotEquals(response.getStatus(), 200); }
Example 13
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testAuthentication() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 14
Source File: OIDCFlowTest.java From cxf with Apache License 2.0 | 5 votes |
@org.junit.Test public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception { URL busFile = OIDCFlowTest.class.getResource("client.xml"); String address = "https://localhost:" + port + "/unsignedjwtservices/"; WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString()); // Save the Cookie for the second request... WebClient.getConfig(client).getRequestContext().put( org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); JwtClaims claims = new JwtClaims(); claims.setIssuer("consumer-id"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences( Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/")); JwsHeaders headers = new JwsHeaders(); headers.setAlgorithm("none"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); String request = jws.getSignedEncodedJws(); // Get Authorization Code AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); parameters.setConsumerId("consumer-id"); parameters.setScope("openid"); parameters.setResponseType("code"); parameters.setPath("authorize/"); parameters.setState("123456789"); parameters.setRequest(request); String location = OAuth2TestUtils.getLocation(client, parameters); String code = OAuth2TestUtils.getSubstring(location, "code"); assertNotNull(code); }
Example 15
Source File: JWTAlgorithmTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testBadEncryptingKey() throws Exception { if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) { return; } URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); JwtAuthenticationClientFilter clientFilter = new JwtAuthenticationClientFilter(); clientFilter.setJwsRequired(false); clientFilter.setJweRequired(true); providers.add(clientFilter); String address = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "AliceCert"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
Example 16
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testAuthorizationRolesAllowedAnnotation() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "boss"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 17
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testClaimsAuthorization() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/booksclaims"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "boss"); // We also require a "smartcard" claim claims.setProperty("http://claims/authentication", "smartcard"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
Example 18
Source File: AuthorizationGrantNegativeTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testJWTUnauthenticatedSignature() throws Exception { URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml"); String address = "https://localhost:" + port + "/services/"; WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString()); // Create the JWT Token // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("consumer-id"); claims.setIssuer("DoubleItSTSIssuer"); Instant now = Instant.now(); claims.setIssuedAt(now.getEpochSecond()); claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond()); String audience = "https://localhost:" + port + "/services/token"; claims.setAudiences(Collections.singletonList(audience)); // Sign the JWT Token Properties signingProperties = new Properties(); signingProperties.put("rs.security.keystore.type", "jks"); signingProperties.put("rs.security.keystore.password", "security"); signingProperties.put("rs.security.keystore.alias", "smallkey"); signingProperties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"); signingProperties.put("rs.security.key.password", "security"); signingProperties.put("rs.security.signature.algorithm", "RS256"); JwsHeaders jwsHeaders = new JwsHeaders(signingProperties); JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims); JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders); String token = jws.signWith(sigProvider); // Get Access Token client.type("application/x-www-form-urlencoded").accept("application/json"); client.path("token"); Form form = new Form(); form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"); form.param("assertion", token); form.param("client_id", "consumer-id"); Response response = client.post(form); try { response.readEntity(ClientAccessToken.class); fail("Failure expected on an unauthenticated token"); } catch (Exception ex) { // expected } }
Example 19
Source File: OIDCNegativeTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testJWTRequestNonmatchingResponseType() throws Exception { URL busFile = OIDCNegativeTest.class.getResource("client.xml"); String address = "https://localhost:" + port + "/unsignedjwtservices/"; WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString()); // Save the Cookie for the second request... WebClient.getConfig(client).getRequestContext().put( org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); JwtClaims claims = new JwtClaims(); claims.setIssuer("consumer-id"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences( Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/")); claims.setProperty("response_type", "token"); JwsHeaders headers = new JwsHeaders(); headers.setAlgorithm("none"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); String request = jws.getSignedEncodedJws(); AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); parameters.setConsumerId("consumer-id"); parameters.setScope("openid"); parameters.setResponseType("code"); parameters.setPath("authorize/"); parameters.setRequest(request); // Get Authorization Code try { OAuth2TestUtils.getLocation(client, parameters); fail("Failure expected on a non-matching response_type"); } catch (ResponseProcessingException ex) { // expected } }
Example 20
Source File: JWTAuthnAuthzTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testAuthorizationRolesAllowedAnnotationGET() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "boss"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.get(); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }