Search in sources :

Example 46 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenValidatorTest method testInvalidSignature.

@org.junit.Test
public void testInvalidSignature() throws Exception {
    // Create
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    TokenProviderParameters providerParameters = createProviderParameters();
    Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
    CallbackHandler callbackHandler = new EveCallbackHandler();
    providerParameters.getStsProperties().setSignatureCrypto(crypto);
    providerParameters.getStsProperties().setCallbackHandler(callbackHandler);
    providerParameters.getStsProperties().setSignatureUsername("eve");
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    // Validate the token
    TokenValidator jwtTokenValidator = new JWTTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a JWT Token
    ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 47 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenValidatorTest method testChangedSignature.

@org.junit.Test
public void testChangedSignature() throws Exception {
    // Create
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    DefaultJWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider();
    jwtClaimsProvider.setLifetime(1L);
    ((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(jwtClaimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters();
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    // Change the signature
    token += "blah";
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    Thread.sleep(1500L);
    // Validate the token
    TokenValidator jwtTokenValidator = new JWTTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a JWT Token
    ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 48 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenValidatorTest method testUnsignedToken.

@org.junit.Test
public void testUnsignedToken() throws Exception {
    // Create
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
    TokenProviderParameters providerParameters = createProviderParameters();
    Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
    CallbackHandler callbackHandler = new EveCallbackHandler();
    providerParameters.getStsProperties().setSignatureCrypto(crypto);
    providerParameters.getStsProperties().setCallbackHandler(callbackHandler);
    providerParameters.getStsProperties().setSignatureUsername("eve");
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 2);
    // Validate the token
    TokenValidator jwtTokenValidator = new JWTTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a JWT Token
    ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 49 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenValidatorTest method testJWTWithRoles.

@org.junit.Test
public void testJWTWithRoles() throws Exception {
    // Create
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    JWTClaimsProvider claimsProvider = new RoleJWTClaimsProvider("manager");
    ((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters();
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    // Validate the token
    TokenValidator jwtTokenValidator = new JWTTokenValidator();
    // Set the role
    DefaultJWTRoleParser roleParser = new DefaultJWTRoleParser();
    roleParser.setRoleClaim("role");
    ((JWTTokenValidator) jwtTokenValidator).setRoleParser(roleParser);
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a JWT Token
    ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
    Set<Principal> roles = validatorResponse.getRoles();
    assertTrue(roles != null && !roles.isEmpty());
    assertTrue(roles.iterator().next().getName().equals("manager"));
}
Also used : TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) JWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.JWTClaimsProvider) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) DefaultJWTRoleParser(org.apache.cxf.sts.token.validator.jwt.DefaultJWTRoleParser) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Aggregations

JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)49 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)33 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)33 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)23 Crypto (org.apache.wss4j.common.crypto.Crypto)18 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)18 JAXBElement (javax.xml.bind.JAXBElement)17 Element (org.w3c.dom.Element)15 ArrayList (java.util.ArrayList)13 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)13 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)13 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)13 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)13 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)12 DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)12 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)11 MessageImpl (org.apache.cxf.message.MessageImpl)11 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)11 Principal (java.security.Principal)10 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)10