Example 46 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTPropertiesTest method testNotBeforeSuccess.
@org.junit.Test
public void testNotBeforeSuccess() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwtnearfuture/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setAudiences(toList(address));
// Set the issued date to be in the near future
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.toEpochSecond());
claims.setNotBefore(now.plusSeconds(30L).toEpochSecond());
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
HashMap(java.util.HashMap)
JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)
ArrayList(java.util.ArrayList)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
Response(javax.ws.rs.core.Response)
ZonedDateTime(java.time.ZonedDateTime)
Book(org.apache.cxf.systest.jaxrs.security.Book)
JwtAuthenticationClientFilter(org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)
Example 47 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTPropertiesTest method testMultipleAudiences.
@org.junit.Test
public void testMultipleAudiences() throws Exception {
URL busFile = JWTPropertiesTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
claims.setIssuedAt(now.toEpochSecond());
String badAddress = "https://localhost:" + PORT + "/badunsignedjwt/bookstore/books";
List<String> audiences = new ArrayList<>();
audiences.add(address);
audiences.add(badAddress);
claims.setAudiences(audiences);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.signature.algorithm", "none");
properties.put(JwtConstants.JWT_CLAIMS, claims);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
HashMap(java.util.HashMap)
JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)
ArrayList(java.util.ArrayList)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
Response(javax.ws.rs.core.Response)
ZonedDateTime(java.time.ZonedDateTime)
Book(org.apache.cxf.systest.jaxrs.security.Book)
JwtAuthenticationClientFilter(org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)
Example 48 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JwtAuthenticationClientFilter method getJwtToken.
protected JwtToken getJwtToken(ClientRequestContext requestContext) {
// Try the filter properties first, then the message properties
JwtToken token = (JwtToken) requestContext.getProperty(JwtConstants.JWT_TOKEN);
if (token == null) {
Message m = PhaseInterceptorChain.getCurrentMessage();
token = (JwtToken) m.getContextualProperty(JwtConstants.JWT_TOKEN);
}
if (token != null) {
return token;
}
// Otherwise check to see if we have some claims + construct the header ourselves
JwtClaims claims = (JwtClaims) requestContext.getProperty(JwtConstants.JWT_CLAIMS);
if (claims == null) {
Message m = PhaseInterceptorChain.getCurrentMessage();
claims = (JwtClaims) m.getContextualProperty(JwtConstants.JWT_CLAIMS);
}
if (claims != null) {
token = new JwtToken(claims);
}
return token;
}Example 49 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTTokenProvider method createToken.
/**
* Create a token given a TokenProviderParameters
*/
public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
// KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
}
String realm = tokenParameters.getRealm();
RealmProperties jwtRealm = null;
if (realm != null && realmMap.containsKey(realm)) {
jwtRealm = realmMap.get(realm);
}
// Get the claims
JWTClaimsProviderParameters jwtClaimsProviderParameters = new JWTClaimsProviderParameters();
jwtClaimsProviderParameters.setProviderParameters(tokenParameters);
if (jwtRealm != null) {
jwtClaimsProviderParameters.setIssuer(jwtRealm.getIssuer());
}
JwtClaims claims = jwtClaimsProvider.getJwtClaims(jwtClaimsProviderParameters);
try {
String tokenData = signToken(claims, jwtRealm, tokenParameters.getStsProperties());
if (tokenParameters.isEncryptToken()) {
tokenData = encryptToken(tokenData, new JweHeaders(), tokenParameters.getStsProperties(), tokenParameters.getEncryptionProperties(), tokenParameters.getKeyRequirements());
}
TokenProviderResponse response = new TokenProviderResponse();
response.setToken(tokenData);
response.setTokenId(claims.getTokenId());
if (claims.getIssuedAt() > 0) {
response.setCreated(Instant.ofEpochMilli(claims.getIssuedAt() * 1000L));
}
Instant expires = null;
if (claims.getExpiryTime() > 0) {
expires = Instant.ofEpochMilli(claims.getExpiryTime() * 1000L);
response.setExpires(expires);
}
// set the token in cache (only if the token is signed)
if (signToken && tokenParameters.getTokenStore() != null) {
SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(null, claims.getTokenId(), expires, tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing());
securityToken.setData(tokenData.getBytes());
String signature = tokenData.substring(tokenData.lastIndexOf(".") + 1);
CacheUtils.storeTokenInCache(securityToken, tokenParameters.getTokenStore(), signature.getBytes());
}
LOG.fine("JWT Token successfully created");
return response;
} catch (Exception e) {
e.printStackTrace();
LOG.log(Level.WARNING, "", e);
throw new STSException("Can't serialize JWT token", e, STSException.REQUEST_FAILED);
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
Instant(java.time.Instant)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
Example 50 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JwsCompactReaderWriterTest method initSpecJwtTokenWriter.
private JwsCompactProducer initSpecJwtTokenWriter(JwsHeaders jwsHeaders) throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(jwsHeaders, claims);
return new JwsJwtCompactProducer(token, getWriter());
}Aggregations
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)56
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)42
WebClient (org.apache.cxf.jaxrs.client.WebClient)40
URL (java.net.URL)38
Response (javax.ws.rs.core.Response)34
Book (org.apache.cxf.systest.jaxrs.security.Book)34
HashMap (java.util.HashMap)33
JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)32
ArrayList (java.util.ArrayList)32
JwtAuthenticationClientFilter (org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)32
ZonedDateTime (java.time.ZonedDateTime)10
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7
JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)7
AuthorizationCodeParameters (org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters)4
Instant (java.time.Instant)3
ResponseProcessingException (javax.ws.rs.client.ResponseProcessingException)3
Map (java.util.Map)2
Properties (java.util.Properties)2
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2
JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)2
