Example 51 with JWT
use of com.auth0.jwt.JWT in project spring-security by spring-projects.
the class JwtGrantedAuthoritiesConverterTests method convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities.
@Test
public void convertWithBlankAsCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
// @formatter:off
Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
// @formatter:on
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
assertThat(authorities).containsExactly(new SimpleGrantedAuthority("message:read"), new SimpleGrantedAuthority("message:write"));
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Test(org.junit.jupiter.api.Test)
Example 52 with JWT
use of com.auth0.jwt.JWT in project spring-security by spring-projects.
the class JwtGrantedAuthoritiesConverterTests method convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities.
@Test
public void convertWhenTokenHasEmptyScopeAndNonEmptyScpThenScopeAttributeIsTranslatedToNoAuthorities() {
// @formatter:off
Jwt jwt = TestJwts.jwt().claim("scp", Arrays.asList("message:read", "message:write")).claim("scope", "").build();
// @formatter:on
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
assertThat(authorities).isEmpty();
}
Also used :
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Test(org.junit.jupiter.api.Test)
Example 53 with JWT
use of com.auth0.jwt.JWT in project spring-security by spring-projects.
the class JwtGrantedAuthoritiesConverterTests method convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities.
@Test
public void convertWithCustomAuthorityPrefixWhenTokenHasScopeAttributeThenTranslatedToAuthorities() {
// @formatter:off
Jwt jwt = TestJwts.jwt().claim("scope", "message:read message:write").build();
// @formatter:on
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
Collection<GrantedAuthority> authorities = jwtGrantedAuthoritiesConverter.convert(jwt);
assertThat(authorities).containsExactly(new SimpleGrantedAuthority("ROLE_message:read"), new SimpleGrantedAuthority("ROLE_message:write"));
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Test(org.junit.jupiter.api.Test)
Example 54 with JWT
use of com.auth0.jwt.JWT in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsJwtTests method jwtWhenProvidingPreparedJwtThenUsesItForAuthentication.
@Test
public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() {
Jwt originalToken = TestJwts.jwt().header("header1", "value1").subject("some_user").build();
jwt().jwt(originalToken).postProcessRequest(this.request);
verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request), any(HttpServletResponse.class));
SecurityContext context = this.contextCaptor.getValue();
JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
assertThat(retrievedToken.getToken().getSubject()).isEqualTo("some_user");
assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token");
assertThat(retrievedToken.getToken().getHeaders().get("header1")).isEqualTo("value1");
}
Also used :
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SecurityContext(org.springframework.security.core.context.SecurityContext)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 55 with JWT
use of com.auth0.jwt.JWT in project spring-security by spring-projects.
the class SecurityMockServerConfigurersJwtTests method mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication.
@Test
public void mockJwtWhenProvidingBuilderConsumerThenProducesJwtAuthentication() {
String name = new String("user");
this.client.mutateWith(SecurityMockServerConfigurers.mockJwt().jwt((jwt) -> jwt.subject(name))).get().exchange().expectStatus().isOk();
SecurityContext context = this.securityContextController.removeSecurityContext();
assertThat(context.getAuthentication()).isInstanceOf(JwtAuthenticationToken.class);
JwtAuthenticationToken token = (JwtAuthenticationToken) context.getAuthentication();
assertThat(token.getToken().getSubject()).isSameAs(name);
}
Also used :
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Arrays(java.util.Arrays)
HttpHeaders(org.springframework.http.HttpHeaders)
CurrentSecurityContextArgumentResolver(org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver)
MediaType(org.springframework.http.MediaType)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
TestJwts(org.springframework.security.oauth2.jwt.TestJwts)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Test(org.junit.jupiter.api.Test)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
List(java.util.List)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
ReactiveAdapterRegistry(org.springframework.core.ReactiveAdapterRegistry)
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Test(org.junit.jupiter.api.Test)
Aggregations
Jwt (org.springframework.security.oauth2.jwt.Jwt)99
Test (org.junit.jupiter.api.Test)80
GrantedAuthority (org.springframework.security.core.GrantedAuthority)51
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)39
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)23
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)19
Arrays (java.util.Arrays)18
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)18
TestJwts (org.springframework.security.oauth2.jwt.TestJwts)18
List (java.util.List)17
Algorithm (com.auth0.jwt.algorithms.Algorithm)16
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)16
Authentication (org.springframework.security.core.Authentication)16
Test (org.junit.Test)14
HashMap (java.util.HashMap)13
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)13
Instant (java.time.Instant)11
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)11
BeforeEach (org.junit.jupiter.api.BeforeEach)11
JWTVerifier (com.auth0.jwt.JWTVerifier)10
