Examples with JWTokenAttributesBuilder org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder used on opensource projects

Search in sources :

Example 1 with JWTokenAttributesBuilder

use of org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder in project knox by apache.

the class JWTAccessTokenAssertionFilter method getAccessToken.

private String getAccessToken(final String principalName, String serviceName, long expires) {
    String accessToken = null;
    Principal p = new Principal() {

        @Override
        public String getName() {
            return principalName;
        }
    };
    JWT token;
    try {
        final JWTokenAttributes jwtAttributes = new JWTokenAttributesBuilder().setPrincipal(p).setAudiences(serviceName).setAlgorithm(signatureAlgorithm).setExpires(expires).build();
        token = authority.issueToken(jwtAttributes);
        // Coverity CID 1327961
        if (token != null) {
            accessToken = token.toString();
        }
    } catch (TokenServiceException e) {
        log.unableToIssueToken(e);
    }
    return accessToken;
}
Also used : JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAttributes(org.apache.knox.gateway.services.security.token.JWTokenAttributes) Principal(java.security.Principal) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException) JWTokenAttributesBuilder(org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder)

Example 2 with JWTokenAttributesBuilder

use of org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder in project knox by apache.

the class JWTAuthCodeAssertionFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException {
    Subject subject = Subject.getSubject(AccessController.getContext());
    String principalName = getPrincipalName(subject);
    principalName = mapper.mapUserPrincipal(principalName);
    JWT authCode;
    try {
        authCode = authority.issueToken(new JWTokenAttributesBuilder().setPrincipal(subject).setAlgorithm(signatureAlgorithm).build());
        // get the url for the token service
        String url = null;
        if (sr != null) {
            url = sr.lookupServiceURL("token", "TGS");
        }
        HashMap<String, Object> map = new HashMap<>();
        // Coverity CID 1327960
        if (authCode != null) {
            map.put("iss", authCode.getIssuer());
            map.put("sub", authCode.getPrincipal());
            map.put("aud", authCode.getAudience());
            map.put("exp", authCode.getExpires());
            map.put("code", authCode.toString());
        }
        if (url != null) {
            map.put("tke", url);
        }
        String jsonResponse = JsonUtils.renderAsJsonString(map);
        response.getWriter().write(jsonResponse);
    } catch (TokenServiceException e) {
        e.printStackTrace();
    }
}
Also used : HashMap(java.util.HashMap) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) Subject(javax.security.auth.Subject) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException) JWTokenAttributesBuilder(org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder)

Example 3 with JWTokenAttributesBuilder

use of org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreation.

@Test
public void testTokenCreation() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes").anyTimes();
    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").anyTimes();
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeyPassphraseAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").anyTimes();
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    EasyMock.expect(config.getCredentialStoreType()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_TYPE).anyTimes();
    EasyMock.expect(config.getCredentialStoreAlgorithm()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_ALG).anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).anyTimes();
    EasyMock.replay(principal, config, ms, as);
    DefaultKeystoreService ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, new HashMap<>());
    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
    ta.setAliasService(as);
    ta.setKeystoreService(ks);
    ta.init(config, new HashMap<>());
    ta.start();
    JWT token = ta.issueToken(new JWTokenAttributesBuilder().setPrincipal(principal).setAlgorithm("RS256").setManaged(true).build());
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(Boolean.parseBoolean(token.getClaim(JWTToken.MANAGED_TOKEN_CLAIM)));
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) JWTokenAttributesBuilder(org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder) Test(org.junit.Test)

Example 4 with JWTokenAttributesBuilder

use of org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationAudience.

@Test
public void testTokenCreationAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes").anyTimes();
    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").anyTimes();
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeyPassphraseAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").anyTimes();
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    EasyMock.expect(config.getCredentialStoreType()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_TYPE).anyTimes();
    EasyMock.expect(config.getCredentialStoreAlgorithm()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_ALG).anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).anyTimes();
    EasyMock.replay(principal, config, ms, as);
    DefaultKeystoreService ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, new HashMap<>());
    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
    ta.setAliasService(as);
    ta.setKeystoreService(ks);
    ta.init(config, new HashMap<>());
    ta.start();
    JWT token = ta.issueToken(new JWTokenAttributesBuilder().setPrincipal(principal).setAudiences("https://login.example.com").setAlgorithm("RS256").build());
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) JWTokenAttributesBuilder(org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder) Test(org.junit.Test)

Example 5 with JWTokenAttributesBuilder

use of org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationNullAudience.

@Test
public void testTokenCreationNullAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes").anyTimes();
    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").anyTimes();
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").anyTimes();
    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeyPassphraseAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS).anyTimes();
    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").anyTimes();
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    EasyMock.expect(config.getCredentialStoreType()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_TYPE).anyTimes();
    EasyMock.expect(config.getCredentialStoreAlgorithm()).andReturn(GatewayConfig.DEFAULT_CREDENTIAL_STORE_ALG).anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).anyTimes();
    EasyMock.replay(principal, config, ms, as);
    DefaultKeystoreService ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, new HashMap<>());
    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
    ta.setAliasService(as);
    ta.setKeystoreService(ks);
    ta.init(config, new HashMap<>());
    ta.start();
    JWT token = ta.issueToken(new JWTokenAttributesBuilder().setPrincipal(principal).setAlgorithm("RS256").build());
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) JWTokenAttributesBuilder(org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder) Test(org.junit.Test)

Aggregations

JWTokenAttributesBuilder (org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder)10 Principal (java.security.Principal)9 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)9 AliasService (org.apache.knox.gateway.services.security.AliasService)7 File (java.io.File)6 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)6 MasterService (org.apache.knox.gateway.services.security.MasterService)6 DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)6 Test (org.junit.Test)6 JWTokenAttributes (org.apache.knox.gateway.services.security.token.JWTokenAttributes)4 TokenServiceException (org.apache.knox.gateway.services.security.token.TokenServiceException)4 HashMap (java.util.HashMap)2 GatewayServices (org.apache.knox.gateway.services.GatewayServices)2 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)2 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 KeyStoreException (java.security.KeyStoreException)1 Certificate (java.security.cert.Certificate)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial