use of com.nimbusds.jose.JOSEObjectType in project quickstart by wildfly.
the class JwtManager method createJwt.
public String createJwt(final String subject, final String[] roles) throws Exception {
JWSSigner signer = new RSASSASigner(privateKey);
JsonArrayBuilder rolesBuilder = Json.createArrayBuilder();
for (String role : roles) {
rolesBuilder.add(role);
}
JsonObjectBuilder claimsBuilder = Json.createObjectBuilder().add("sub", subject).add("iss", ISSUER).add("aud", AUDIENCE).add(CLAIM_ROLES, rolesBuilder.build()).add("exp", ((System.currentTimeMillis() / 1000) + TOKEN_VALIDITY));
JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("jwt")).build(), new Payload(claimsBuilder.build().toString()));
jwsObject.sign(signer);
return jwsObject.serialize();
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes.
// gh-8730
@Test
public void withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("JWS")).build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
// @formatter:on
assertThat(decoder.decode(signedJwt.serialize()).hasClaim(JwtClaimNames.EXP)).isNotNull();
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes.
// gh-8730
@Test
public void withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
// @formatter:off
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).type(new JOSEObjectType("JWS")).build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
// @formatter:on
SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
// @formatter:on
assertThat(decoder.decode(signedJwt.serialize()).hasClaim(JwtClaimNames.EXP)).isNotNull();
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusReactiveJwtDecoderTests method withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType.
// gh-8730
@Test
public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
WebClient webClient = mockJwkSetResponse(this.jwkSet);
// @formatter:off
NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block()).havingRootCause().withMessage("Required JOSE header typ (type) parameter is missing");
// @formatter:on
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusReactiveJwtDecoderTests method withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType.
// gh-8730
@Test
public void withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
// @formatter:off
NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block()).havingRootCause().withMessage("Required JOSE header typ (type) parameter is missing");
// @formatter:on
}
Aggregations