Examples with JwtToken org.apache.cxf.rs.security.jose.jwt.JwtToken used on opensource projects

Search in sources :

Example 51 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.

the class JWTPropertiesTest method testFutureToken.

@org.junit.Test
public void testFutureToken() throws Exception {
    URL busFile = JWTPropertiesTest.class.getResource("client.xml");
    List<Object> providers = new ArrayList<>();
    providers.add(new JacksonJsonProvider());
    providers.add(new JwtAuthenticationClientFilter());
    String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books";
    WebClient client = WebClient.create(address, providers, busFile.toString());
    client.type("application/json").accept("application/json");
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setAudiences(toList(address));
    // Set the issued date to be in the future
    ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
    claims.setIssuedAt(now.plusDays(1L).toEpochSecond());
    JwtToken token = new JwtToken(claims);
    Map<String, Object> properties = new HashMap<>();
    properties.put("rs.security.signature.algorithm", "none");
    properties.put(JwtConstants.JWT_TOKEN, token);
    WebClient.getConfig(client).getRequestContext().putAll(properties);
    Response response = client.post(new Book("book", 123L));
    assertNotEquals(response.getStatus(), 200);
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) HashMap(java.util.HashMap) JacksonJsonProvider(com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider) ArrayList(java.util.ArrayList) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Response(javax.ws.rs.core.Response) ZonedDateTime(java.time.ZonedDateTime) Book(org.apache.cxf.systest.jaxrs.security.Book) JwtAuthenticationClientFilter(org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)

Example 52 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.

the class OIDCFlowTest method testImplicitFlow.

@org.junit.Test
public void testImplicitFlow() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Access Token
    client.type("application/json").accept("application/json");
    client.query("client_id", "consumer-id");
    client.query("redirect_uri", "http://www.blah.apache.org");
    client.query("scope", "openid");
    client.query("response_type", "id_token token");
    client.query("nonce", "123456789");
    client.path("authorize-implicit/");
    Response response = client.get();
    OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
    // Now call "decision" to get the access token
    client.path("decision");
    client.type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("session_authenticity_token", authzData.getAuthenticityToken());
    form.param("client_id", authzData.getClientId());
    form.param("redirect_uri", authzData.getRedirectUri());
    form.param("scope", authzData.getProposedScope());
    if (authzData.getResponseType() != null) {
        form.param("response_type", authzData.getResponseType());
    }
    if (authzData.getNonce() != null) {
        form.param("nonce", authzData.getNonce());
    }
    form.param("oauthDecision", "allow");
    response = client.post(form);
    String location = response.getHeaderString("Location");
    // Check Access Token
    String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
    assertNotNull(accessToken);
    // Check IdToken
    String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
    assertNotNull(idToken);
    validateIdToken(idToken, null);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
    OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
}
Also used : Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Form(javax.ws.rs.core.Form) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData) URL(java.net.URL)

Example 53 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.

the class OIDCFlowTest method testImplicitFlowNoAccessToken.

@org.junit.Test
public void testImplicitFlowNoAccessToken() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Access Token
    client.type("application/json").accept("application/json");
    client.query("client_id", "consumer-id");
    client.query("redirect_uri", "http://www.blah.apache.org");
    client.query("scope", "openid");
    client.query("response_type", "id_token");
    client.query("nonce", "123456789");
    client.path("authorize-implicit/");
    Response response = client.get();
    OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
    // Now call "decision" to get the access token
    client.path("decision");
    client.type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("session_authenticity_token", authzData.getAuthenticityToken());
    form.param("client_id", authzData.getClientId());
    form.param("redirect_uri", authzData.getRedirectUri());
    form.param("scope", authzData.getProposedScope());
    if (authzData.getResponseType() != null) {
        form.param("response_type", authzData.getResponseType());
    }
    if (authzData.getNonce() != null) {
        form.param("nonce", authzData.getNonce());
    }
    form.param("oauthDecision", "allow");
    response = client.post(form);
    String location = response.getHeaderString("Location");
    // Check Access Token - it should not be present
    String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
    assertNull(accessToken);
    // Check IdToken
    String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
    assertNotNull(idToken);
    validateIdToken(idToken, null);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
}
Also used : Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Form(javax.ws.rs.core.Form) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData) URL(java.net.URL)

Example 54 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.

the class OIDCFlowTest method testHybridCodeIdTokenToken.

@org.junit.Test
public void testHybridCodeIdTokenToken() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get location
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setNonce("123456789");
    parameters.setResponseType("code id_token token");
    parameters.setPath("authorize-hybrid/");
    String location = OAuth2TestUtils.getLocation(client, parameters);
    assertNotNull(location);
    // Check code
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Check id_token
    String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
    assertNotNull(idToken);
    validateIdToken(idToken, "123456789");
    // check the code hash is returned from the implicit authorization endpoint
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
    // Check Access Token
    String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
    assertNotNull(accessToken);
    jwtConsumer = new JwsJwtCompactConsumer(idToken);
    jwt = jwtConsumer.getJwtToken();
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
    OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
    Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 55 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowUnsignedJWTWithState.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setState("123456789");
    parameters.setRequest(request);
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Aggregations

JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)132 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)62 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)61 WebClient (org.apache.cxf.jaxrs.client.WebClient)57 URL (java.net.URL)56 Response (javax.ws.rs.core.Response)54 ArrayList (java.util.ArrayList)44 HashMap (java.util.HashMap)38 JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)35 JwtAuthenticationClientFilter (org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)35 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)33 Book (org.apache.cxf.systest.jaxrs.security.Book)28 Date (java.util.Date)20 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)20 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)19 KeyStore (java.security.KeyStore)14 JAXBElement (javax.xml.bind.JAXBElement)13 Crypto (org.apache.wss4j.common.crypto.Crypto)13 X509Certificate (java.security.cert.X509Certificate)12 Element (org.w3c.dom.Element)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial