Example 6 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JwtAuthenticationClientFilter method filter.
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
JwtToken jwt = getJwtToken(requestContext);
if (jwt == null && super.isJweRequired()) {
AuthorizationPolicy ap = JAXRSUtils.getCurrentMessage().getExchange().getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class);
if (ap != null && ap.getUserName() != null) {
JwtClaims claims = new JwtClaims();
claims.setSubject(ap.getUserName());
claims.setClaim("password", ap.getPassword());
claims.setIssuedAt(System.currentTimeMillis() / 1000L);
jwt = new JwtToken(new JweHeaders(), claims);
}
}
if (jwt == null) {
throw new JoseException("JWT token is not available");
}
String data = super.processJwt(jwt);
requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, authScheme + " " + data);
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
JoseException(org.apache.cxf.rs.security.jose.common.JoseException)
JweHeaders(org.apache.cxf.rs.security.jose.jwe.JweHeaders)
Example 7 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class DefaultJWTClaimsProvider method getJwtClaims.
/**
* Get a JwtClaims object.
*/
public JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) {
JwtClaims claims = new JwtClaims();
claims.setSubject(getSubjectName(jwtClaimsProviderParameters));
claims.setTokenId(UUID.randomUUID().toString());
// Set the Issuer
String issuer = jwtClaimsProviderParameters.getIssuer();
if (issuer == null) {
STSPropertiesMBean stsProperties = jwtClaimsProviderParameters.getProviderParameters().getStsProperties();
claims.setIssuer(stsProperties.getIssuer());
} else {
claims.setIssuer(issuer);
}
handleWSTrustClaims(jwtClaimsProviderParameters, claims);
handleConditions(jwtClaimsProviderParameters, claims);
handleAudienceRestriction(jwtClaimsProviderParameters, claims);
handleActAs(jwtClaimsProviderParameters, claims);
return claims;
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
Example 8 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class BigQueryServer method getAccessToken.
private static ClientAccessToken getAccessToken(PrivateKey privateKey, String issuer) {
JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256);
JwtClaims claims = new JwtClaims();
claims.setIssuer(issuer);
claims.setAudience("https://www.googleapis.com/oauth2/v3/token");
long issuedAt = OAuthUtils.getIssuedAt();
claims.setIssuedAt(issuedAt);
claims.setExpiryTime(issuedAt + 60 * 60);
claims.setProperty("scope", "https://www.googleapis.com/auth/bigquery.readonly");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
String base64UrlAssertion = p.signWith(privateKey);
JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion);
WebClient accessTokenService = WebClient.create("https://www.googleapis.com/oauth2/v3/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter()));
WebClient.getConfig(accessTokenService).getInInterceptors().add(new LoggingInInterceptor());
accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
return accessTokenService.post(grant, ClientAccessToken.class);
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
JwtBearerGrant(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant)
AccessTokenGrantWriter(org.apache.cxf.rs.security.oauth2.client.AccessTokenGrantWriter)
OAuthJSONProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider)
LoggingInInterceptor(org.apache.cxf.interceptor.LoggingInInterceptor)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Example 9 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTAlgorithmTest method testEncryptionDynamic.
@org.junit.Test
public void testEncryptionDynamic() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
JwtAuthenticationClientFilter clientFilter = new JwtAuthenticationClientFilter();
clientFilter.setJwsRequired(false);
clientFilter.setJweRequired(true);
providers.add(clientFilter);
String address = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "2011-04-29");
properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
properties.put("rs.security.encryption.content.algorithm", "A128GCM");
properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
HashMap(java.util.HashMap)
JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)
ArrayList(java.util.ArrayList)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
Response(javax.ws.rs.core.Response)
Book(org.apache.cxf.systest.jaxrs.security.Book)
JwtAuthenticationClientFilter(org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)
Example 10 with JwtClaims
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTAlgorithmTest method testEncryptionProperties.
//
// Encryption tests
//
@org.junit.Test
public void testEncryptionProperties() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
JwtAuthenticationClientFilter clientFilter = new JwtAuthenticationClientFilter();
clientFilter.setJwsRequired(false);
clientFilter.setJweRequired(true);
providers.add(clientFilter);
String address = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.encryption.properties", "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertEquals(response.getStatus(), 200);
Book returnedBook = response.readEntity(Book.class);
assertEquals(returnedBook.getName(), "book");
assertEquals(returnedBook.getId(), 123L);
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
HashMap(java.util.HashMap)
JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)
ArrayList(java.util.ArrayList)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
Response(javax.ws.rs.core.Response)
Book(org.apache.cxf.systest.jaxrs.security.Book)
JwtAuthenticationClientFilter(org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)
Aggregations
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)56
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)42
WebClient (org.apache.cxf.jaxrs.client.WebClient)40
URL (java.net.URL)38
Response (javax.ws.rs.core.Response)34
Book (org.apache.cxf.systest.jaxrs.security.Book)34
HashMap (java.util.HashMap)33
JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)32
ArrayList (java.util.ArrayList)32
JwtAuthenticationClientFilter (org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)32
ZonedDateTime (java.time.ZonedDateTime)10
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7
JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)7
AuthorizationCodeParameters (org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters)4
Instant (java.time.Instant)3
ResponseProcessingException (javax.ws.rs.client.ResponseProcessingException)3
Map (java.util.Map)2
Properties (java.util.Properties)2
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2
JweHeaders (org.apache.cxf.rs.security.jose.jwe.JweHeaders)2
