Examples with JwtClaims org.apache.cxf.rs.security.jose.jwt.JwtClaims used on opensource projects

Example 26 with JwtClaims

use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.

the class JWTPropertiesTest method testFutureToken.

@org.junit.Test
public void testFutureToken() throws Exception {
    URL busFile = JWTPropertiesTest.class.getResource("client.xml");
    List<Object> providers = new ArrayList<>();
    providers.add(new JacksonJsonProvider());
    providers.add(new JwtAuthenticationClientFilter());
    String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
    WebClient client = WebClient.create(address, providers, busFile.toString());
    client.type("application/json").accept("application/json");
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setAudiences(toList(address));
    // Set the issued date to be in the future
    ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
    claims.setIssuedAt(now.plusDays(1L).toEpochSecond());
    JwtToken token = new JwtToken(claims);
    Map<String, Object> properties = new HashMap<>();
    properties.put("rs.security.signature.algorithm", "none");
    properties.put(JwtConstants.JWT_TOKEN, token);
    WebClient.getConfig(client).getRequestContext().putAll(properties);
    Response response = client.post(new Book("book", 123L));
    assertNotEquals(response.getStatus(), 200);
}

Example 27 with JwtClaims

use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.

the class OAuth2JwtFiltersTest method doTestServiceWithJwtTokenAndScope.

private void doTestServiceWithJwtTokenAndScope(String oauthService, String rsAddress) throws Exception {
    URL busFile = OAuth2JwtFiltersTest.class.getResource("client.xml");
    // Get Authorization Code
    WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, "create_book");
    assertNotNull(code);
    // Now get the access token
    oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code);
    assertNotNull(accessToken.getTokenKey());
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken.getTokenKey());
    JwsSignatureVerifier verifier = JwsUtils.loadSignatureVerifier("org/apache/cxf/systest/jaxrs/security/alice.rs.properties", null);
    assertTrue(jwtConsumer.verifySignatureWith(verifier));
    JwtClaims claims = jwtConsumer.getJwtClaims();
    assertEquals("consumer-id", claims.getStringProperty(OAuthConstants.CLIENT_ID));
    assertEquals("alice", claims.getStringProperty("username"));
    // Now invoke on the service with the access token
    WebClient client = WebClient.create(rsAddress, OAuth2TestUtils.setupProviders(), busFile.toString());
    client.header("Authorization", "Bearer " + accessToken.getTokenKey());
    Response response = client.type("application/xml").post(new Book("book", 123L));
    assertEquals(200, response.getStatus());
    Book returnedBook = response.readEntity(Book.class);
    assertEquals(returnedBook.getName(), "book");
    assertEquals(returnedBook.getId(), 123L);
}

Example 28 with JwtClaims

use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.

the class AuthorizationGrantNegativeTest method testJWTUnauthenticatedSignature.

@org.junit.Test
public void testJWTUnauthenticatedSignature() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the JWT Token
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject("consumer-id");
    claims.setIssuer("DoubleItSTSIssuer");
    Instant now = Instant.now();
    claims.setIssuedAt(now.getEpochSecond());
    claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
    String audience = "https://localhost:" + PORT + "/services/token";
    claims.setAudiences(Collections.singletonList(audience));
    // Sign the JWT Token
    Properties signingProperties = new Properties();
    signingProperties.put("rs.security.keystore.type", "jks");
    signingProperties.put("rs.security.keystore.password", "security");
    signingProperties.put("rs.security.keystore.alias", "smallkey");
    signingProperties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
    signingProperties.put("rs.security.key.password", "security");
    signingProperties.put("rs.security.signature.algorithm", "RS256");
    JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
    String token = jws.signWith(sigProvider);
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
    form.param("assertion", token);
    form.param("client_id", "consumer-id");
    Response response = client.post(form);
    try {
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an unauthenticated token");
    } catch (Exception ex) {
    // expected
    }
}

Example 29 with JwtClaims

use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowUnsignedJWTWithState.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setState("123456789");
    parameters.setRequest(request);
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
}

Example 30 with JwtClaims

use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowUnsignedJWT.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setRequest(request);
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
}