Examples with StrategyConfig com.nexblocks.authguard.service.config.StrategyConfig used on opensource projects

Search in sources :

Example 1 with StrategyConfig

use of com.nexblocks.authguard.service.config.StrategyConfig in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateWithAlgNone.

@Test
void validateWithAlgNone() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
    final String payload = tokens.getToken().toString().split("\\.")[1];
    final String maliciousToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + payload + ".signature";
    assertThat(jwtTokenVerifier.verify(maliciousToken)).isEmpty();
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) Test(org.junit.jupiter.api.Test)

Example 2 with StrategyConfig

use of com.nexblocks.authguard.service.config.StrategyConfig in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateWithJtiBlacklisted.

@Test
void validateWithJtiBlacklisted() {
    final StrategyConfig strategyConfig = strategyConfig(true);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final String jti = UUID.randomUUID().toString();
    Mockito.when(jtiProvider.next()).thenReturn(jti);
    Mockito.when(jtiProvider.validate(jti)).thenReturn(false);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
    assertThat(validatedToken.isLeft());
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Example 3 with StrategyConfig

use of com.nexblocks.authguard.service.config.StrategyConfig in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateExpired.

@Test
void validateExpired() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final Algorithm algorithm = JwtConfigParser.parseAlgorithm(jwtConfig.getAlgorithm(), jwtConfig.getPublicKey(), jwtConfig.getPrivateKey());
    final JwtGenerator jwtGenerator = new JwtGenerator(jwtConfig);
    final String token = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5)).withExpiresAt(Date.from(Instant.now().minusSeconds(60))).sign(algorithm);
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(token);
    assertThat(validatedToken.isLeft()).isTrue();
    assertThat(validatedToken.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) Algorithm(com.auth0.jwt.algorithms.Algorithm) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Example 4 with StrategyConfig

use of com.nexblocks.authguard.service.config.StrategyConfig in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validate.

@Test
void validate() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
    assertThat(validatedToken.isRight()).isTrue();
    verifyToken(validatedToken.get(), account.getId(), null, null, null);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Example 5 with StrategyConfig

use of com.nexblocks.authguard.service.config.StrategyConfig in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validateWithJti.

@Test
void validateWithJti() {
    final StrategyConfig strategyConfig = strategyConfig(true);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final String jti = UUID.randomUUID().toString();
    Mockito.when(jtiProvider.next()).thenReturn(jti);
    Mockito.when(jtiProvider.validate(jti)).thenReturn(true);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
    assertThat(validatedToken.isRight()).isTrue();
    verifyToken(validatedToken.get(), account.getId(), jti, null, null);
}
Also used : AccountBO(com.nexblocks.authguard.service.model.AccountBO) JwtConfig(com.nexblocks.authguard.service.config.JwtConfig) StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig) AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) Test(org.junit.jupiter.api.Test)

Aggregations

JwtConfig (com.nexblocks.authguard.service.config.JwtConfig)5 StrategyConfig (com.nexblocks.authguard.service.config.StrategyConfig)5 AccountBO (com.nexblocks.authguard.service.model.AccountBO)5 Test (org.junit.jupiter.api.Test)5 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)4 ServiceAuthorizationException (com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)4 AuthResponseBO (com.nexblocks.authguard.service.model.AuthResponseBO)4 Algorithm (com.auth0.jwt.algorithms.Algorithm)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial