use of org.springframework.security.oauth2.jwt.Jwt in project spring-security-oauth by spring-projects.
the class JwkTokenStoreITest method readAccessTokenWhenJwtHasInvalidIssuerClaimThenVerificationFails.
// gh-1114 Issuer claim verification
@Test(expected = InvalidTokenException.class)
public void readAccessTokenWhenJwtHasInvalidIssuerClaimThenVerificationFails() throws Exception {
String issuer = "http://localhost:8180/auth/realms/Demo-2";
this.setUpResponses(issuer);
ProviderDiscoveryClient discoveryClient = new ProviderDiscoveryClient(this.server.url("").toString());
ProviderConfiguration providerConfiguration = discoveryClient.discover();
List<JwtClaimsSetVerifier> jwtClaimsSetVerifiers = new ArrayList<JwtClaimsSetVerifier>();
jwtClaimsSetVerifiers.add(new IssuerClaimVerifier(providerConfiguration.getIssuer()));
JwkTokenStore jwkTokenStore = new JwkTokenStore(providerConfiguration.getJwkSetUri().toString(), new DelegatingJwtClaimsSetVerifier(jwtClaimsSetVerifiers));
// NOTE: The 'iss' claim in this JWT is http://localhost:8180/auth/realms/Demo
String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfQ2kzLVZmVl9OMFlBRzIyTlFPZ09VcEZCRERjRGVfckp4cHU1Sks3MDJvIn0.eyJqdGkiOiIzOWQxMmU1NC00MjliLTRkZjUtOTM2OS01YWVlOTFkNzAwZjgiLCJleHAiOjE0ODg5MDk1NzMsIm5iZiI6MCwiaWF0IjoxNDg4OTA5MjczLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvRGVtbyIsImF1ZCI6ImJvb3QtYXBwIiwic3ViIjoiNGM5NjE5NDQtN2VkZC00ZDZiLTg2MGUtYmJiZGNhODk0MDU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYm9vdC1hcHAiLCJhdXRoX3RpbWUiOjE0ODg5MDkyNzMsInNlc3Npb25fc3RhdGUiOiJiMjdjMDZlNi02ODgwLTQxZTEtOTM2MS1jZmEzYzY2ZjYyNjAiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiIyYjA5NTFiOC1iMjdkLTRlYWMtYjUxOC1kZTQ5OTA5OTY2ZDgiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYm9vdC1hcGkiOnsicm9sZXMiOlsiYm9vdC1hcGktcm9sZSJdfSwiYm9vdC1hcHAiOnsicm9sZXMiOlsiYm9vdC1yb2xlIl19fSwibmFtZSI6IkFsaWNlICIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsaWNlIiwiZ2l2ZW5fbmFtZSI6IkFsaWNlIiwiZmFtaWx5X25hbWUiOiIiLCJlbWFpbCI6ImFsaWNlQGV4YW1wbGUubmV0In0.NfF5rPMabu8gaigUHZnX3gIzNGAxKpmPP206U5keNtexNqsmQEFO4KT2i1JYLwvNVFnRWCa8FmYokAtzeHgLvHk2B8CZXqL6GSMGQ26wPS5RIFTak9HjfHMhodqSIdy4wZTKmEcum_uYTaCdrVRSfWU8l94xAY6OzwElZX5ulkucvgWQnpFs0HB7X54kB07OqpN8L3i1jeQoEV0iJchtxZiEOSipqMNO7cujMqB_6lf9i78URPuyExfeLzAWyDbMWSJBp3zUoS7HakwE_4oC3eVEYTxDtMRL2yl2_8R0C0g2Dc0Qb9aezFxo3-SDNuy9aicDmibEEOpIoetlrIYbNA";
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(jwt);
assertEquals(issuer, accessToken.getAdditionalInformation().get("iss"));
}
use of org.springframework.security.oauth2.jwt.Jwt in project sw360portal by sw360.
the class Sw360AuthorizationServerConfiguration method jwtAccessTokenConverter.
@Bean
protected JwtAccessTokenConverter jwtAccessTokenConverter() {
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-keystore.jks"), "sw360SecretKey".toCharArray());
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
return jwtAccessTokenConverter;
}
use of org.springframework.security.oauth2.jwt.Jwt in project sw360portal by sw360.
the class Sw360AuthorizationServerConfiguration method jwtAccessTokenConverter.
@Bean
protected JwtAccessTokenConverter jwtAccessTokenConverter() {
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-keystore.jks"), "sw360SecretKey".toCharArray());
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt"));
return jwtAccessTokenConverter;
}
use of org.springframework.security.oauth2.jwt.Jwt in project cloudbreak by hortonworks.
the class CachedRemoteTokenService method getSSOAuthentication.
private OAuth2Authentication getSSOAuthentication(String accessToken) {
try {
SignatureVerifier verifier = isAssymetricKey(jwtSignKey) ? new RsaVerifier(jwtSignKey) : new MacSigner(jwtSignKey);
Jwt jwt = JwtHelper.decodeAndVerify(accessToken, verifier);
Map<String, Object> claims = objectMapper.readValue(jwt.getClaims(), new MapTypeReference());
Object userClaim = claims.get("user");
Map<String, Object> tokenMap = new HashMap<>();
Map<String, Object> userMap = objectMapper.readValue(userClaim.toString(), new MapTypeReference());
String exp = claims.get("exp").toString();
tokenMap.put("exp", Long.valueOf(exp));
Object email = userMap.get("email");
tokenMap.put("user_id", email);
tokenMap.put("user_name", email);
tokenMap.put("scope", Arrays.asList("cloudbreak.networks.read", "periscope.cluster", "cloudbreak.usages.user", "cloudbreak.recipes", "openid", "cloudbreak.templates.read", "cloudbreak.usages.account", "cloudbreak.events", "cloudbreak.stacks.read", "cloudbreak.blueprints", "cloudbreak.networks", "cloudbreak.templates", "cloudbreak.credentials.read", "cloudbreak.securitygroups.read", "cloudbreak.securitygroups", "cloudbreak.stacks", "cloudbreak.credentials", "cloudbreak.recipes.read", "cloudbreak.blueprints.read"));
OAuth2AccessToken oAuth2AccessToken = jwtAccessTokenConverter.extractAccessToken(accessToken, tokenMap);
if (oAuth2AccessToken.isExpired()) {
throw new InvalidTokenException("The token has expired");
}
OAuth2Authentication oAuth2Authentication = jwtAccessTokenConverter.extractAuthentication(tokenMap);
if (oAuth2Authentication != null) {
LOGGER.info("JWT token verified for: {}", oAuth2Authentication.getPrincipal());
}
return oAuth2Authentication;
} catch (IOException e) {
LOGGER.error("Failed to parse the JWT token", e);
throw new InvalidTokenException("The specified JWT token is invalid", e);
}
}
use of org.springframework.security.oauth2.jwt.Jwt in project new-cloud by xie-summer.
the class OAuth2JWTAuthorizationConfig method jwtAccessTokenConverter.
/**
* 使用JWT对称加密
* @return
*/
// @Bean
// public JwtAccessTokenConverter jwtAccessTokenConverter() {
// JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
// jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY);
// return jwtAccessTokenConverter;
// }
/**
* 使用JWT不对称加密 ,认证中加密,资源服务器验签解密
* @return
*/
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("mytest.jks"), "mypass".toCharArray());
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("mytest"));
converter.setAccessTokenConverter(new CustomerAccessTokenConverter());
return converter;
}
Aggregations