Example 11 with DefaultJWTClaimsProvider
use of org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider in project cxf by apache.
the class JWTTokenValidatorTest method testChangedSignature.
@org.junit.Test
public void testChangedSignature() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
DefaultJWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider();
jwtClaimsProvider.setLifetime(1L);
((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(jwtClaimsProvider);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
// Change the signature
token += "blah";
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
Thread.sleep(1500L);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used :
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Aggregations
DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)11
JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)11
Instant (java.time.Instant)8
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)7
Lifetime (org.apache.cxf.sts.request.Lifetime)7
STSException (org.apache.cxf.ws.security.sts.provider.STSException)3
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)2
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)2
TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)2
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)2
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)2
JWTTokenValidator (org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)2
URI (java.net.URI)1
HashMap (java.util.HashMap)1
Claim (org.apache.cxf.rt.security.claims.Claim)1
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1
ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)1
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)1
StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)1
