Search in sources :

Example 1 with ProviderConfiguration

use of org.springframework.security.oauth2.client.discovery.ProviderConfiguration in project spring-security-oauth by spring-projects.

the class JwkTokenStoreITest method readAccessTokenWhenJwtHasInvalidIssuerClaimThenVerificationFails.

// gh-1114 Issuer claim verification
@Test(expected = InvalidTokenException.class)
public void readAccessTokenWhenJwtHasInvalidIssuerClaimThenVerificationFails() throws Exception {
    String issuer = "http://localhost:8180/auth/realms/Demo-2";
    this.setUpResponses(issuer);
    ProviderDiscoveryClient discoveryClient = new ProviderDiscoveryClient(this.server.url("").toString());
    ProviderConfiguration providerConfiguration = discoveryClient.discover();
    List<JwtClaimsSetVerifier> jwtClaimsSetVerifiers = new ArrayList<JwtClaimsSetVerifier>();
    jwtClaimsSetVerifiers.add(new IssuerClaimVerifier(providerConfiguration.getIssuer()));
    JwkTokenStore jwkTokenStore = new JwkTokenStore(providerConfiguration.getJwkSetUri().toString(), new DelegatingJwtClaimsSetVerifier(jwtClaimsSetVerifiers));
    // NOTE: The 'iss' claim in this JWT is http://localhost:8180/auth/realms/Demo
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfQ2kzLVZmVl9OMFlBRzIyTlFPZ09VcEZCRERjRGVfckp4cHU1Sks3MDJvIn0.eyJqdGkiOiIzOWQxMmU1NC00MjliLTRkZjUtOTM2OS01YWVlOTFkNzAwZjgiLCJleHAiOjE0ODg5MDk1NzMsIm5iZiI6MCwiaWF0IjoxNDg4OTA5MjczLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvRGVtbyIsImF1ZCI6ImJvb3QtYXBwIiwic3ViIjoiNGM5NjE5NDQtN2VkZC00ZDZiLTg2MGUtYmJiZGNhODk0MDU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYm9vdC1hcHAiLCJhdXRoX3RpbWUiOjE0ODg5MDkyNzMsInNlc3Npb25fc3RhdGUiOiJiMjdjMDZlNi02ODgwLTQxZTEtOTM2MS1jZmEzYzY2ZjYyNjAiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiIyYjA5NTFiOC1iMjdkLTRlYWMtYjUxOC1kZTQ5OTA5OTY2ZDgiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYm9vdC1hcGkiOnsicm9sZXMiOlsiYm9vdC1hcGktcm9sZSJdfSwiYm9vdC1hcHAiOnsicm9sZXMiOlsiYm9vdC1yb2xlIl19fSwibmFtZSI6IkFsaWNlICIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsaWNlIiwiZ2l2ZW5fbmFtZSI6IkFsaWNlIiwiZmFtaWx5X25hbWUiOiIiLCJlbWFpbCI6ImFsaWNlQGV4YW1wbGUubmV0In0.NfF5rPMabu8gaigUHZnX3gIzNGAxKpmPP206U5keNtexNqsmQEFO4KT2i1JYLwvNVFnRWCa8FmYokAtzeHgLvHk2B8CZXqL6GSMGQ26wPS5RIFTak9HjfHMhodqSIdy4wZTKmEcum_uYTaCdrVRSfWU8l94xAY6OzwElZX5ulkucvgWQnpFs0HB7X54kB07OqpN8L3i1jeQoEV0iJchtxZiEOSipqMNO7cujMqB_6lf9i78URPuyExfeLzAWyDbMWSJBp3zUoS7HakwE_4oC3eVEYTxDtMRL2yl2_8R0C0g2Dc0Qb9aezFxo3-SDNuy9aicDmibEEOpIoetlrIYbNA";
    OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(jwt);
    assertEquals(issuer, accessToken.getAdditionalInformation().get("iss"));
}
Also used : IssuerClaimVerifier(org.springframework.security.oauth2.provider.token.store.IssuerClaimVerifier) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DelegatingJwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.DelegatingJwtClaimsSetVerifier) ProviderDiscoveryClient(org.springframework.security.oauth2.client.discovery.ProviderDiscoveryClient) JwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier) DelegatingJwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.DelegatingJwtClaimsSetVerifier) ArrayList(java.util.ArrayList) ProviderConfiguration(org.springframework.security.oauth2.client.discovery.ProviderConfiguration) Test(org.junit.Test)

Example 2 with ProviderConfiguration

use of org.springframework.security.oauth2.client.discovery.ProviderConfiguration in project spring-security-oauth by spring-projects.

the class JwkTokenStoreITest method readAccessTokenWhenJwtHasValidIssuerClaimThenVerificationSucceeds.

// gh-1114 Issuer claim verification
@Test
public void readAccessTokenWhenJwtHasValidIssuerClaimThenVerificationSucceeds() throws Exception {
    String issuer = "http://localhost:8180/auth/realms/Demo";
    this.setUpResponses(issuer);
    ProviderDiscoveryClient discoveryClient = new ProviderDiscoveryClient(this.server.url("").toString());
    ProviderConfiguration providerConfiguration = discoveryClient.discover();
    List<JwtClaimsSetVerifier> jwtClaimsSetVerifiers = new ArrayList<JwtClaimsSetVerifier>();
    jwtClaimsSetVerifiers.add(new IssuerClaimVerifier(providerConfiguration.getIssuer()));
    JwkTokenStore jwkTokenStore = new JwkTokenStore(providerConfiguration.getJwkSetUri().toString(), new DelegatingJwtClaimsSetVerifier(jwtClaimsSetVerifiers));
    // NOTE: The 'iss' claim in this JWT is http://localhost:8180/auth/realms/Demo
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfQ2kzLVZmVl9OMFlBRzIyTlFPZ09VcEZCRERjRGVfckp4cHU1Sks3MDJvIn0.eyJqdGkiOiIzOWQxMmU1NC00MjliLTRkZjUtOTM2OS01YWVlOTFkNzAwZjgiLCJleHAiOjE0ODg5MDk1NzMsIm5iZiI6MCwiaWF0IjoxNDg4OTA5MjczLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvRGVtbyIsImF1ZCI6ImJvb3QtYXBwIiwic3ViIjoiNGM5NjE5NDQtN2VkZC00ZDZiLTg2MGUtYmJiZGNhODk0MDU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYm9vdC1hcHAiLCJhdXRoX3RpbWUiOjE0ODg5MDkyNzMsInNlc3Npb25fc3RhdGUiOiJiMjdjMDZlNi02ODgwLTQxZTEtOTM2MS1jZmEzYzY2ZjYyNjAiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiIyYjA5NTFiOC1iMjdkLTRlYWMtYjUxOC1kZTQ5OTA5OTY2ZDgiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYm9vdC1hcGkiOnsicm9sZXMiOlsiYm9vdC1hcGktcm9sZSJdfSwiYm9vdC1hcHAiOnsicm9sZXMiOlsiYm9vdC1yb2xlIl19fSwibmFtZSI6IkFsaWNlICIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsaWNlIiwiZ2l2ZW5fbmFtZSI6IkFsaWNlIiwiZmFtaWx5X25hbWUiOiIiLCJlbWFpbCI6ImFsaWNlQGV4YW1wbGUubmV0In0.NfF5rPMabu8gaigUHZnX3gIzNGAxKpmPP206U5keNtexNqsmQEFO4KT2i1JYLwvNVFnRWCa8FmYokAtzeHgLvHk2B8CZXqL6GSMGQ26wPS5RIFTak9HjfHMhodqSIdy4wZTKmEcum_uYTaCdrVRSfWU8l94xAY6OzwElZX5ulkucvgWQnpFs0HB7X54kB07OqpN8L3i1jeQoEV0iJchtxZiEOSipqMNO7cujMqB_6lf9i78URPuyExfeLzAWyDbMWSJBp3zUoS7HakwE_4oC3eVEYTxDtMRL2yl2_8R0C0g2Dc0Qb9aezFxo3-SDNuy9aicDmibEEOpIoetlrIYbNA";
    OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(jwt);
    assertEquals(issuer, accessToken.getAdditionalInformation().get("iss"));
}
Also used : IssuerClaimVerifier(org.springframework.security.oauth2.provider.token.store.IssuerClaimVerifier) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DelegatingJwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.DelegatingJwtClaimsSetVerifier) ProviderDiscoveryClient(org.springframework.security.oauth2.client.discovery.ProviderDiscoveryClient) JwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier) DelegatingJwtClaimsSetVerifier(org.springframework.security.oauth2.provider.token.store.DelegatingJwtClaimsSetVerifier) ArrayList(java.util.ArrayList) ProviderConfiguration(org.springframework.security.oauth2.client.discovery.ProviderConfiguration) Test(org.junit.Test)

Aggregations

ArrayList (java.util.ArrayList)2 Test (org.junit.Test)2 ProviderConfiguration (org.springframework.security.oauth2.client.discovery.ProviderConfiguration)2 ProviderDiscoveryClient (org.springframework.security.oauth2.client.discovery.ProviderDiscoveryClient)2 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2 DelegatingJwtClaimsSetVerifier (org.springframework.security.oauth2.provider.token.store.DelegatingJwtClaimsSetVerifier)2 IssuerClaimVerifier (org.springframework.security.oauth2.provider.token.store.IssuerClaimVerifier)2 JwtClaimsSetVerifier (org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier)2