Search in sources :

Example 46 with JWT

use of com.auth0.jwt.JWT in project spring-security by spring-projects.

the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities.

@Test
public void convertWhenTokenHasUnsupportedTypeForScopeThenTranslatesToNoAuthorities() {
    // @formatter:off
    Jwt jwt = TestJwts.jwt().claim("scope", new String[] { "message:read", "message:write" }).build();
    // @formatter:on
    JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
    assertThat(authorities).isEmpty();
}
Also used : Jwt(org.springframework.security.oauth2.jwt.Jwt) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test)

Example 47 with JWT

use of com.auth0.jwt.JWT in project spring-security by spring-projects.

the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities.

@Test
public void convertWhenTokenHasEmptyCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
    // @formatter:off
    Jwt jwt = TestJwts.jwt().claim("roles", Collections.emptyList()).claim("scope", "missive:read missive:write").build();
    // @formatter:on
    JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
    Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
    assertThat(authorities).isEmpty();
}
Also used : Jwt(org.springframework.security.oauth2.jwt.Jwt) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test)

Example 48 with JWT

use of com.auth0.jwt.JWT in project spring-security by spring-projects.

the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities.

@Test
public void convertWhenTokenHasEmptyScopeAndEmptyScpAttributeThenTranslatesToNoAuthorities() {
    // @formatter:off
    Jwt jwt = TestJwts.jwt().claim("scp", Collections.emptyList()).claim("scope", Collections.emptyList()).build();
    // @formatter:on
    JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
    assertThat(authorities).isEmpty();
}
Also used : Jwt(org.springframework.security.oauth2.jwt.Jwt) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test)

Example 49 with JWT

use of com.auth0.jwt.JWT in project spring-security by spring-projects.

the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities.

@Test
public void convertWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
    // @formatter:off
    Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
    // @formatter:on
    JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
    assertThat(authorities).containsExactly(new SimpleGrantedAuthority("SCOPE_message:read"), new SimpleGrantedAuthority("SCOPE_message:write"));
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) Jwt(org.springframework.security.oauth2.jwt.Jwt) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test)

Example 50 with JWT

use of com.auth0.jwt.JWT in project spring-security by spring-projects.

the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities.

@Test
public void convertWhenTokenHasNoCustomClaimNameThenCustomClaimNameAttributeIsTranslatedToNoAuthorities() {
    // @formatter:off
    Jwt jwt = TestJwts.jwt().claim("scope", "missive:read missive:write").build();
    // @formatter:on
    JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
    Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
    assertThat(authorities).isEmpty();
}
Also used : Jwt(org.springframework.security.oauth2.jwt.Jwt) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test)

Aggregations

Jwt (org.springframework.security.oauth2.jwt.Jwt)99 Test (org.junit.jupiter.api.Test)80 GrantedAuthority (org.springframework.security.core.GrantedAuthority)51 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)39 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)23 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)19 Arrays (java.util.Arrays)18 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)18 TestJwts (org.springframework.security.oauth2.jwt.TestJwts)18 List (java.util.List)17 Algorithm (com.auth0.jwt.algorithms.Algorithm)16 AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)16 Authentication (org.springframework.security.core.Authentication)16 Test (org.junit.Test)14 HashMap (java.util.HashMap)13 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)13 Instant (java.time.Instant)11 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)11 BeforeEach (org.junit.jupiter.api.BeforeEach)11 JWTVerifier (com.auth0.jwt.JWTVerifier)10