Examples with JWTTokenProvider org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider used on opensource projects

Search in sources :

Example 11 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTValidLifetime.

/**
 * Issue JWT token with a valid requested lifetime
 */
@org.junit.Test
public void testJWTValidLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
    assertEquals(requestedLifetime, duration);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 12 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTProviderOnBehalfOfTest method testJWTOnBehalfOfUsernameToken.

/**
 * Create a JWT Token with OnBehalfOf from a UsernameToken
 */
@org.junit.Test
public void testJWTOnBehalfOfUsernameToken() throws Exception {
    TokenProvider tokenProvider = new JWTTokenProvider();
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("bob");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE, usernameTokenType);
    // Principal must be set in ReceivedToken/OnBehalfOf
    providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(new CustomTokenPrincipal(username.getValue()));
    assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("bob", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 13 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenProviderRealmTest method testRealms.

@org.junit.Test
public void testRealms() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    providerParameters.setRealm("A");
    // Create Realms
    Map<String, RealmProperties> jwtRealms = new HashMap<>();
    RealmProperties jwtRealm = new RealmProperties();
    jwtRealm.setIssuer("A-Issuer");
    jwtRealms.put("A", jwtRealm);
    jwtRealm = new RealmProperties();
    jwtRealm.setIssuer("B-Issuer");
    jwtRealms.put("B", jwtRealm);
    ((JWTTokenProvider) jwtTokenProvider).setRealmMap(jwtRealms);
    // Realm "A"
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "A"));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "A-Issuer");
    // Realm "B"
    providerParameters.setRealm("B");
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "B"));
    providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    token = (String) providerResponse.getToken();
    assertNotNull(token);
    jwtConsumer = new JwsJwtCompactConsumer(token);
    jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "B-Issuer");
    // Default Realm
    providerParameters.setRealm(null);
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, null));
    providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    token = (String) providerResponse.getToken();
    assertNotNull(token);
    jwtConsumer = new JwsJwtCompactConsumer(token);
    jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "STS");
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) HashMap(java.util.HashMap) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 14 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenProviderTest method testCachedSignedJWT.

@org.junit.Test
public void testCachedSignedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    TokenProviderParameters providerParameters = createProviderParameters();
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
    Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
    Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    // Check that the token is stored correctly in the cache
    String signature = token.substring(token.lastIndexOf(".") + 1);
    SecurityToken secToken = tokenStore.getToken(Integer.toString(Arrays.hashCode(signature.getBytes())));
    Assert.assertNotNull(secToken);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 15 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenProviderTest method testCreateSignedJWT.

@org.junit.Test
public void testCreateSignedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    TokenProviderParameters providerParameters = createProviderParameters();
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
    Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
    Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    // Verify Signature
    Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    assertNotNull(certs);
    assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) Crypto(org.apache.wss4j.common.crypto.Crypto) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Aggregations

JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)49 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)33 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)33 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)23 Crypto (org.apache.wss4j.common.crypto.Crypto)18 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)18 JAXBElement (javax.xml.bind.JAXBElement)17 Element (org.w3c.dom.Element)15 ArrayList (java.util.ArrayList)13 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)13 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)13 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)13 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)13 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)12 DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)12 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)11 MessageImpl (org.apache.cxf.message.MessageImpl)11 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)11 Principal (java.security.Principal)10 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial