Example 46 with AccessToken
use of org.keycloak.representations.AccessToken in project keycloak by keycloak.
the class RSAVerifierTest method testSimpleVerification.
@Test
public void testSimpleVerification() throws Exception {
String encoded = new JWSBuilder().jsonContent(token).rsa256(idpPair.getPrivate());
System.out.print("encoded size: " + encoded.length());
AccessToken token = verifySkeletonKeyToken(encoded);
Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
Assert.assertEquals("CN=Client", token.getSubject());
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Test(org.junit.Test)
Example 47 with AccessToken
use of org.keycloak.representations.AccessToken in project keycloak by keycloak.
the class RSAVerifierTest method testBadSignature.
@Test
public void testBadSignature() {
String encoded = new JWSBuilder().jsonContent(token).rsa256(badPair.getPrivate());
AccessToken v = null;
try {
v = verifySkeletonKeyToken(encoded);
Assert.fail();
} catch (VerificationException ignored) {
}
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
VerificationException(org.keycloak.common.VerificationException)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Test(org.junit.Test)
Example 48 with AccessToken
use of org.keycloak.representations.AccessToken in project keycloak by keycloak.
the class SkeletonKeyTokenTest method createSimpleToken.
private AccessToken createSimpleToken() {
AccessToken token = new AccessToken();
token.id("111");
token.issuer("http://localhost:8080/auth/acme");
token.addAccess("foo").addRole("admin");
token.addAccess("bar").addRole("user");
return token;
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
Example 49 with AccessToken
use of org.keycloak.representations.AccessToken in project keycloak by keycloak.
the class SkeletonKeyTokenTest method testTokenWithoutResourceAccess.
@Test
public void testTokenWithoutResourceAccess() throws Exception {
AccessToken token = new AccessToken();
token.id("111");
token.issuer("http://localhost:8080/auth/acme");
String json = JsonSerialization.writeValueAsString(token);
// Assert JSON doesn't contain "realm_access" or "resource_access" fields as it doesn't have any roles specified
Assert.assertFalse(json.contains("realm_access"));
Assert.assertFalse(json.contains("resource_access"));
token = JsonSerialization.readValue(json, AccessToken.class);
Assert.assertNull(token.getRealmAccess());
Assert.assertTrue(token.getResourceAccess() != null && token.getResourceAccess().isEmpty());
Assert.assertNull(token.getResourceAccess("foo"));
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
Test(org.junit.Test)
Example 50 with AccessToken
use of org.keycloak.representations.AccessToken in project keycloak by keycloak.
the class GSSCredentialsClient method getUserFromLDAP.
public static LDAPUser getUserFromLDAP(HttpServletRequest req) throws Exception {
KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal) req.getUserPrincipal();
AccessToken accessToken = keycloakPrincipal.getKeycloakSecurityContext().getToken();
String username = accessToken.getPreferredUsername();
// Retrieve kerberos credential from accessToken and deserialize it
String serializedGssCredential = (String) accessToken.getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL);
GSSCredential deserializedGssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
// First try to invoke without gssCredential. It should fail. This is here just for illustration purposes
try {
invokeLdap(null, username);
throw new RuntimeException("Not expected to authenticate to LDAP without credential");
} catch (NamingException nse) {
System.out.println("GSSCredentialsClient: Expected exception: " + nse.getMessage());
}
return invokeLdap(deserializedGssCredential, username);
}
Also used :
GSSCredential(org.ietf.jgss.GSSCredential)
AccessToken(org.keycloak.representations.AccessToken)
NamingException(javax.naming.NamingException)
KeycloakPrincipal(org.keycloak.KeycloakPrincipal)
Aggregations
AccessToken (org.keycloak.representations.AccessToken)230
Test (org.junit.Test)129
OAuthClient (org.keycloak.testsuite.util.OAuthClient)104
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)54
RefreshToken (org.keycloak.representations.RefreshToken)45
AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)37
JWSInput (org.keycloak.jose.jws.JWSInput)29
Permission (org.keycloak.representations.idm.authorization.Permission)28
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27
Response (javax.ws.rs.core.Response)26
ClientResource (org.keycloak.admin.client.resource.ClientResource)22
VerificationException (org.keycloak.common.VerificationException)19
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)19
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)18
IDToken (org.keycloak.representations.IDToken)18
AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)17
IOException (java.io.IOException)15
AuthzClient (org.keycloak.authorization.client.AuthzClient)15
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)14
ArrayList (java.util.ArrayList)13
