Example 1 with JWTOptions
use of io.vertx.ext.auth.JWTOptions in project vertx-web by vert-x3.
the class WebExamples method example52.
public void example52(Vertx vertx) {
JWTAuthOptions authConfig = new JWTAuthOptions().setKeyStore(new KeyStoreOptions().setType("jceks").setPath("keystore.jceks").setPassword("secret"));
JWTAuth authProvider = JWTAuth.create(vertx, authConfig);
authProvider.generateToken(new JsonObject().put("sub", "paulo").put("someKey", "some value"), new JWTOptions());
}
Also used :
JWTAuthOptions(io.vertx.ext.auth.jwt.JWTAuthOptions)
JsonObject(io.vertx.core.json.JsonObject)
JWTOptions(io.vertx.ext.auth.JWTOptions)
KeyStoreOptions(io.vertx.ext.auth.KeyStoreOptions)
JWTAuth(io.vertx.ext.auth.jwt.JWTAuth)
Example 2 with JWTOptions
use of io.vertx.ext.auth.JWTOptions in project vertx-web by vert-x3.
the class OAuth2AuthHandlerTest method testBearerOnlyWithJWT.
@Test
public void testBearerOnlyWithJWT() throws Exception {
OAuth2Auth oauth = OAuth2Auth.create(vertx, new OAuth2Options().setClientId("s6BhdRkqt3").addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setBuffer("-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuIC9Qvwoe/3tUpHkcUp\n" + "vWmzQqnZtz3HBKbxzc/jBTxUHefJDs88Xjw5nNXhl4tXkHzFRAZHtDnwX074/2oc\n" + "PRSWaBjHYXB771af91UPrc9fb4lh3W1a8hmQU6sgKlQVwDnUuePDkCmwKCsuyX0M\n" + "wxuwOwEUo4r15NBh/H7FvuHVPnqWK1/kliYtQukF3svQkpZT6/puQ0bEOefROLB+\n" + "EAPM0OAaDyknjxCZJenk9FIyC6skOKVaxW7CcE54lIUjS1GKFQc44/+T+u0VKSmh\n" + "rRdBNcAhXmdpwjLoDTy/I8z+uqkKitdEVczCdleNqeb6b1kjPWS3VbLXxY/LIYlz\n" + "uQIDAQAB\n" + "-----END PUBLIC KEY-----")));
assertNotNull(oauth);
JWT jwt = new JWT().addJWK(new JWK(new PubSecKeyOptions().setAlgorithm("RS256").setBuffer("-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa4gL1C/Ch7/e1\n" + "SkeRxSm9abNCqdm3PccEpvHNz+MFPFQd58kOzzxePDmc1eGXi1eQfMVEBke0OfBf\n" + "Tvj/ahw9FJZoGMdhcHvvVp/3VQ+tz19viWHdbVryGZBTqyAqVBXAOdS548OQKbAo\n" + "Ky7JfQzDG7A7ARSjivXk0GH8fsW+4dU+epYrX+SWJi1C6QXey9CSllPr+m5DRsQ5\n" + "59E4sH4QA8zQ4BoPKSePEJkl6eT0UjILqyQ4pVrFbsJwTniUhSNLUYoVBzjj/5P6\n" + "7RUpKaGtF0E1wCFeZ2nCMugNPL8jzP66qQqK10RVzMJ2V42p5vpvWSM9ZLdVstfF\n" + "j8shiXO5AgMBAAECggEAIriwOQcoNuV4/qdcTA2LQe9ERJmXOUEcMKrMYntMRYw0\n" + "v0+K/0ruGaIeuE4qeLLAOp/+CTXvNTQX8wXdREUhd3/6B/QmHm39GrasveHP1gM7\n" + "PeHqkp1FWijo9hjS6SpYhfNxAQtSeCsgVqD3qCvkhIjchR3E5rTsUxN0JAq3ggb9\n" + "WCJ2LUxOOTHAWL4cv7FIKfwU/bwjBdHbSLuh7em4IE8tzcFgh49281APprGb4a3d\n" + "CPlIZC+CQmTFKPGzT0WDNc3EbPPKcx8ECRf1Zo94Tqnzv7FLgCmr0o4O9e6E3yss\n" + "Uwp7EKPUQyAwBkc+pHwqUmOPqHB+z28JUOwqoD0vQQKBgQDNiXSydWh9BUWAleQU\n" + "fgSF0bjlt38HVcyMKGC1xQhi8VeAfLJxGCGbdxsPFNCtMPDLRRyd4xHBmsCmPPli\n" + "CFHD1UbfNuKma6azl6A86geuTolgrHoxp57tZwoBpG9JHoTA53pfBPxb8q39YXKh\n" + "DSXsJVldxsHwzFAklj3ZqzWq3QKBgQDA6M/VW3SXEt1NWwMI+WGa/QKHDjLDhZzF\n" + "F3iQTtzDDmA4louAzX1cykNo6Y7SpORi0ralml65iwT2HZtE8w9vbw4LNmBiHmlX\n" + "AvpZSHT6/7nQeiFtxZu9cyw4GGpNSaeqp4Cq6TGYmfbq4nIdryzUU2AgsqSZyrra\n" + "xh7K+2I4jQKBgGjC8xQy+7sdgLt1qvc29B8xMkkEKl8WwFeADSsY7plf4fW/mURD\n" + "xH11S/l35pUgKNuysk9Xealws1kIIyRwkRx8DM+hLg0dOa64Thg+QQP7S9JWl0HP\n" + "6hWfO15y7bYbNBcO5TShWe+T1lMb5E1qYjXnI5HEyP1vZjn/yi60MXqRAoGAe6F4\n" + "+QLIwL1dSOMoGctBS4QU55so23e41fNJ2CpCf1uqPPn2Y9DOI/aYpxbv6n20xMTI\n" + "O2+of37h6h1lUhX38XGZ7YOm15sn5ZTJ/whZuDbFzh9HZ0N6oTq7vyOelPO8WblJ\n" + "077pgyRBQ51mhzGqKFVayPnUVZ/Ais7oEyxycU0CgYEAzEUhmN22ykywh0My83z/\n" + "7yl2tyrlv2hcZbaP7+9eHdUafGG8jMTVD7jxhzAbiSo2UeyHUnAItDnLetLh89K6\n" + "0oF3/rZLqugtb+f48dgRE/SDF4Itgp5fDqWHLhEW7ZhWCFlFgZ3sq0XryIxzFof0\n" + "O/Fd1NnotirzTnob5ReblIM=\n" + "-----END PRIVATE KEY-----\n")));
assertNotNull(jwt);
// lets mock a oauth2 server using code auth code flow
OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(vertx, oauth);
// protect everything under /protected
router.route("/protected/*").handler(oauth2Handler);
// mount some handler under the protected zone
router.route("/protected/somepage").handler(rc -> {
assertNotNull(rc.user());
rc.response().end("Welcome to the protected resource!");
});
testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized");
// Now try again with fake credentials
testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer 4adc339e0"), 401, "Unauthorized", "Unauthorized");
// Now try again with real credentials
String accessToken = jwt.sign(new JsonObject("{\n" + " \"iss\": \"https://server.example.com\",\n" + " \"aud\": \"s6BhdRkqt3\",\n" + " \"jti\": \"a-123\",\n" + " \"exp\": 999999999999,\n" + " \"iat\": 1311280970,\n" + " \"sub\": \"24400320\",\n" + " \"upn\": \"jdoe@server.example.com\",\n" + " \"groups\": [\"red-group\", \"green-group\", \"admin-group\", \"admin\"]\n" + "}"), new JWTOptions().setAlgorithm("RS256"));
testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer " + accessToken), 200, "OK", "Welcome to the protected resource!");
// Now try again with expired credentials
String accessTokenExp = jwt.sign(new JsonObject("{\n" + " \"iss\": \"https://server.example.com\",\n" + " \"aud\": \"s6BhdRkqt3\",\n" + " \"jti\": \"a-123\",\n" + " \"exp\": 1311280970,\n" + " \"iat\": 1311280970,\n" + " \"sub\": \"24400320\",\n" + " \"upn\": \"jdoe@server.example.com\",\n" + " \"groups\": [\"red-group\", \"green-group\", \"admin-group\", \"admin\"]\n" + "}"), new JWTOptions().setAlgorithm("RS256"));
testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer " + accessTokenExp), 401, "Unauthorized", "Unauthorized");
}
Also used :
PubSecKeyOptions(io.vertx.ext.auth.PubSecKeyOptions)
JWT(io.vertx.ext.auth.impl.jose.JWT)
JsonObject(io.vertx.core.json.JsonObject)
JWTOptions(io.vertx.ext.auth.JWTOptions)
OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth)
OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options)
JWK(io.vertx.ext.auth.impl.jose.JWK)
Test(org.junit.Test)
Example 3 with JWTOptions
use of io.vertx.ext.auth.JWTOptions in project vertx-web by vert-x3.
the class MultiAuthorizationHandlerTest method testJWTAuthenticationWithAuthorization1.
@Test
public void testJWTAuthenticationWithAuthorization1() throws Exception {
// we are testing the following:
// authentication via jwt
// no authorization provider is registered
// an authorization is required on the path
// => the test should fail
router.route("/protected/*").handler(JWTAuthHandler.create(authProvider));
router.route("/protected/*").handler(AuthorizationHandler.create(RoleBasedAuthorization.create("role1")));
router.route("/protected/page1").handler(rc -> {
assertNotNull(rc.user());
assertEquals("paulo", rc.user().attributes().getJsonObject("accessToken").getString("sub"));
rc.response().end("Welcome");
});
// login with correct credentials
testRequest(HttpMethod.GET, "/protected/page1", req -> req.putHeader("Authorization", "Bearer " + authProvider.generateToken(new JsonObject().put("sub", "paulo"), new JWTOptions())), 403, "Forbidden", "Forbidden");
}
Also used :
JsonObject(io.vertx.core.json.JsonObject)
JWTOptions(io.vertx.ext.auth.JWTOptions)
Test(org.junit.Test)
Example 4 with JWTOptions
use of io.vertx.ext.auth.JWTOptions in project vertx-web by vert-x3.
the class MultiAuthorizationHandlerTest method testJWTAuthenticationWithAuthorization3.
@Test
public void testJWTAuthenticationWithAuthorization3() throws Exception {
// we are testing the following:
// authentication via jwt
// 3 authorization providers are registered
// an authorization is required on the path
// => the test should succeed
router.route("/protected/*").handler(JWTAuthHandler.create(authProvider));
router.route("/protected/*").handler(AuthorizationHandler.create(RoleBasedAuthorization.create("role3")).addAuthorizationProvider(createProvider("authzProvider1", RoleBasedAuthorization.create("role1"))).addAuthorizationProvider(createProvider("authzProvider2", RoleBasedAuthorization.create("role2"))).addAuthorizationProvider(createProvider("authzProvider3", RoleBasedAuthorization.create("role3"))));
router.route("/protected/page1").handler(rc -> {
assertNotNull(rc.user());
assertEquals("paulo", rc.user().attributes().getJsonObject("accessToken").getString("sub"));
rc.response().end("Welcome");
});
// login with correct credentials
testRequest(HttpMethod.GET, "/protected/page1", req -> req.putHeader("Authorization", "Bearer " + authProvider.generateToken(new JsonObject().put("sub", "paulo"), new JWTOptions())), 200, "OK", "Welcome");
}
Also used :
JsonObject(io.vertx.core.json.JsonObject)
JWTOptions(io.vertx.ext.auth.JWTOptions)
Test(org.junit.Test)
Example 5 with JWTOptions
use of io.vertx.ext.auth.JWTOptions in project vertx-web by vert-x3.
the class MultiAuthorizationHandlerTest method testJWTAuthenticationWithAuthorizationForbiddenHang.
@Test
public void testJWTAuthenticationWithAuthorizationForbiddenHang() throws Exception {
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
router.route("/open").handler(RoutingContext::end);
router.route("/protected1/*").handler(JWTAuthHandler.create(authProvider));
router.route("/protected1/*").handler(AuthorizationHandler.create(RoleBasedAuthorization.create("role2")).addAuthorizationProvider(createProvider("authzProvider1", RoleBasedAuthorization.create("role2"))));
router.route("/protected/*").handler(JWTAuthHandler.create(authProvider));
router.route("/protected/*").handler(AuthorizationHandler.create(RoleBasedAuthorization.create("role1")).addAuthorizationProvider(createProvider("authzProvider1", RoleBasedAuthorization.create("role2"))));
router.route("/protected1/page1").handler(rc -> {
assertNotNull(rc.user());
assertEquals("paulo", rc.user().attributes().getJsonObject("accessToken").getString("sub"));
rc.response().end("Welcome");
});
router.route("/protected/page1").handler(rc -> {
assertNotNull(rc.user());
assertEquals("paulo", rc.user().attributes().getJsonObject("accessToken").getString("sub"));
rc.response().end("Welcome");
});
AtomicReference<String> session = new AtomicReference<>();
// login with correct credentials
testRequest(HttpMethod.GET, "/protected1/page1", req -> req.putHeader("Authorization", "Bearer " + authProvider.generateToken(new JsonObject().put("sub", "paulo"), new JWTOptions())), res -> {
String cookie = res.getHeader("Set-Cookie");
assertNotNull(cookie);
session.set(cookie);
}, 200, "OK", "Welcome");
// 2nd try it hangs?
testRequest(HttpMethod.GET, "/protected/page1", req -> req.putHeader("Authorization", "Bearer " + authProvider.generateToken(new JsonObject().put("sub", "paulo"), new JWTOptions())).putHeader("Cookie", session.get().subSequence(0, session.get().indexOf(';'))), 403, "Forbidden", "Forbidden");
}
Also used :
RoutingContext(io.vertx.ext.web.RoutingContext)
JsonObject(io.vertx.core.json.JsonObject)
JWTOptions(io.vertx.ext.auth.JWTOptions)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Test(org.junit.Test)
Aggregations
JsonObject (io.vertx.core.json.JsonObject)11
JWTOptions (io.vertx.ext.auth.JWTOptions)11
Test (org.junit.Test)10
JWTAuth (io.vertx.ext.auth.jwt.JWTAuth)4
JWTAuthOptions (io.vertx.ext.auth.jwt.JWTAuthOptions)4
KeyStoreOptions (io.vertx.ext.auth.KeyStoreOptions)3
RoutingContext (io.vertx.ext.web.RoutingContext)3
Handler (io.vertx.core.Handler)2
HttpMethod (io.vertx.core.http.HttpMethod)2
JsonArray (io.vertx.core.json.JsonArray)2
WebTestBase (io.vertx.ext.web.WebTestBase)2
Arrays (java.util.Arrays)2
Before (org.junit.Before)2
PubSecKeyOptions (io.vertx.ext.auth.PubSecKeyOptions)1
JWK (io.vertx.ext.auth.impl.jose.JWK)1
JWT (io.vertx.ext.auth.impl.jose.JWT)1
OAuth2Auth (io.vertx.ext.auth.oauth2.OAuth2Auth)1
OAuth2Options (io.vertx.ext.auth.oauth2.OAuth2Options)1
AtomicReference (java.util.concurrent.atomic.AtomicReference)1
