Examples with JwtToken org.apache.cxf.rs.security.jose.jwt.JwtToken used on opensource projects

Search in sources :

Example 66 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project syncope by apache.

the class JWTITCase method notBefore.

@Test
public void notBefore() throws ParseException {
    // Get an initial token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    String tokenId = consumer.getJwtClaims().getTokenId();
    // Create a new token using the Id of the first token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(tokenId);
    jwtClaims.setSubject(ADMIN_UNAME);
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(JWT_ISSUER);
    jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
    jwtClaims.setNotBefore(currentTime + 60L);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    try {
        jwtUserSelfService.read();
        fail("Failure expected on a token that is not valid yet");
    } catch (AccessControlException ex) {
    // expected
    }
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) Calendar(java.util.Calendar) AccessControlException(java.security.AccessControlException) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Date(java.util.Date) Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Example 67 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project syncope by apache.

the class JWTITCase method thirdPartyToken.

@Test
public void thirdPartyToken() throws ParseException {
    // Create a new token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(UUID.randomUUID().toString());
    jwtClaims.setSubject("puccini@apache.org");
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
    jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
    jwtClaims.setNotBefore(currentTime);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    Pair<Map<String, Set<String>>, UserTO> self = jwtClient.self();
    assertFalse(self.getLeft().isEmpty());
    assertEquals("puccini", self.getRight().getUsername());
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Calendar(java.util.Calendar) Date(java.util.Date) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) UserTO(org.apache.syncope.common.lib.to.UserTO) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Map(java.util.Map) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Example 68 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project syncope by apache.

the class AccessTokenDataBinderImpl method update.

@Override
public Pair<String, Date> update(final AccessToken accessToken, final byte[] authorities) {
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody());
    credentialChecker.checkIsDefaultJWSKeyInUse();
    long duration = confDAO.find("jwt.lifetime.minutes", 120L);
    long currentTime = new Date().getTime() / 1000L;
    long expiry = currentTime + 60L * duration;
    consumer.getJwtClaims().setExpiryTime(expiry);
    Date expiryDate = new Date(expiry * 1000L);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm());
    JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
    String body = producer.signWith(jwsSignatureProvider);
    accessToken.setBody(body);
    // AccessToken stores expiry time in milliseconds, as opposed to seconds for the JWT tokens.
    accessToken.setExpiryTime(expiryDate);
    if (!adminUser.equals(accessToken.getOwner())) {
        accessToken.setAuthorities(authorities);
    }
    accessTokenDAO.save(accessToken);
    return Pair.of(body, expiryDate);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) Date(java.util.Date)

Example 69 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project syncope by apache.

the class AccessTokenDataBinderImpl method generateJWT.

@Override
public Triple<String, String, Date> generateJWT(final String subject, final long duration, final Map<String, Object> claims) {
    credentialChecker.checkIsDefaultJWSKeyInUse();
    long currentTime = new Date().getTime() / 1000L;
    long expiryTime = currentTime + 60L * duration;
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
    jwtClaims.setSubject(subject);
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(jwtIssuer);
    jwtClaims.setExpiryTime(expiryTime);
    jwtClaims.setNotBefore(currentTime);
    for (Map.Entry<String, Object> entry : claims.entrySet()) {
        jwtClaims.setClaim(entry.getKey(), entry.getValue());
    }
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm());
    JwtToken token = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
    String signed = producer.signWith(jwsSignatureProvider);
    return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 1000L));
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Map(java.util.Map) Date(java.util.Date)

Example 70 with JwtToken

use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project testcases by coheigea.

the class JWTJAXRSAuthenticationTest method testJWTKerberosAccessToken.

@org.junit.Test
public void testJWTKerberosAccessToken() throws Exception {
    URL busFile = JWTJAXRSAuthenticationTest.class.getResource("cxf-client.xml");
    // 1. Get a JWT Token from the STS via the REST interface for "alice"
    String jwtToken = getJWTTokenFromSTS(busFile);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    Assert.assertTrue(((List<?>) jwt.getClaim(ROLE)).contains("boss"));
    // 2. Now call on the service using a custom HttpAuthSupplier
    String address = "https://localhost:" + PORT + "/doubleit/services";
    WebClient client = WebClient.create(address, busFile.toString()).type("application/xml");
    Map<String, Object> requestContext = WebClient.getConfig(client).getRequestContext();
    requestContext.put("auth.spnego.useKerberosOid", "true");
    KerbyHttpAuthSupplier authSupplier = new KerbyHttpAuthSupplier();
    authSupplier.setServicePrincipalName("bob/service.ws.apache.org@service.ws.apache.org");
    authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
    authSupplier.setJwtToken(jwtToken);
    WebClient.getConfig(client).getHttpConduit().setAuthSupplier(authSupplier);
    Number numberToDouble = new Number();
    numberToDouble.setDescription("This is the number to double");
    numberToDouble.setNumber(25);
    Response response = client.post(numberToDouble);
    Assert.assertEquals(response.getStatus(), 200);
    Assert.assertEquals(response.readEntity(Number.class).getNumber(), 50);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Response(javax.ws.rs.core.Response) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Aggregations

JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)132 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)62 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)61 WebClient (org.apache.cxf.jaxrs.client.WebClient)57 URL (java.net.URL)56 Response (javax.ws.rs.core.Response)54 ArrayList (java.util.ArrayList)44 HashMap (java.util.HashMap)38 JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)35 JwtAuthenticationClientFilter (org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)35 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)33 Book (org.apache.cxf.systest.jaxrs.security.Book)28 Date (java.util.Date)20 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)20 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)19 KeyStore (java.security.KeyStore)14 JAXBElement (javax.xml.bind.JAXBElement)13 Crypto (org.apache.wss4j.common.crypto.Crypto)13 X509Certificate (java.security.cert.X509Certificate)12 Element (org.w3c.dom.Element)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial