Examples with Token org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token used on opensource projects

Example 6 with Token

use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.

the class CloudFoundrySecurityInterceptorTests method preHandleSuccessfulWithFullAccess.

@Test
void preHandleSuccessfulWithFullAccess() {
    String accessToken = mockAccessToken();
    this.request.addHeader("Authorization", "Bearer " + accessToken);
    given(this.securityService.getAccessLevel(accessToken, "my-app-id")).willReturn(AccessLevel.FULL);
    SecurityResponse response = this.interceptor.preHandle(this.request, EndpointId.of("test"));
    ArgumentCaptor<Token> tokenArgumentCaptor = ArgumentCaptor.forClass(Token.class);
    then(this.tokenValidator).should().validate(tokenArgumentCaptor.capture());
    Token token = tokenArgumentCaptor.getValue();
    assertThat(token.toString()).isEqualTo(accessToken);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK);
    assertThat(this.request.getAttribute("cloudFoundryAccessLevel")).isEqualTo(AccessLevel.FULL);
}

Example 7 with Token

use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.

the class TokenValidatorTests method validateTokenWhenKidValidationSucceedsInTheSecondAttempt.

@Test
void validateTokenWhenKidValidationSucceedsInTheSecondAttempt() throws Exception {
    ReflectionTestUtils.setField(this.tokenValidator, "tokenKeys", INVALID_KEYS);
    given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
    given(this.securityService.getUaaUrl()).willReturn("http://localhost:8080/uaa");
    String header = "{ \"alg\": \"RS256\",  \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
    String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
    this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())));
    then(this.securityService).should().fetchTokenKeys();
}

Example 8 with Token

use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.

the class CloudFoundrySecurityInterceptor method check.

private void check(HttpServletRequest request, EndpointId endpointId) throws Exception {
    Token token = getToken(request);
    this.tokenValidator.validate(token);
    AccessLevel accessLevel = this.cloudFoundrySecurityService.getAccessLevel(token.toString(), this.applicationId);
    if (!accessLevel.isAccessAllowed((endpointId != null) ? endpointId.toLowerCaseString() : "")) {
        throw new CloudFoundryAuthorizationException(Reason.ACCESS_DENIED, "Access denied");
    }
    request.setAttribute(AccessLevel.REQUEST_ATTRIBUTE, accessLevel);
}

Example 9 with Token

use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.

the class ReactiveTokenValidatorTests method validateTokenWhenCacheValidShouldNotFetchTokenKeys.

@Test
void validateTokenWhenCacheValidShouldNotFetchTokenKeys() throws Exception {
    PublisherProbe<Map<String, String>> fetchTokenKeys = PublisherProbe.empty();
    ReflectionTestUtils.setField(this.tokenValidator, "cachedTokenKeys", VALID_KEYS);
    given(this.securityService.getUaaUrl()).willReturn(Mono.just("http://localhost:8080/uaa"));
    String header = "{\"alg\": \"RS256\",  \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
    String claims = "{\"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
    StepVerifier.create(this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())))).verifyComplete();
    fetchTokenKeys.assertWasNotSubscribed();
}

Example 10 with Token

use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.

the class ReactiveTokenValidatorTests method validateTokenWhenKidValidationSucceedsInTheSecondAttempt.

@Test
void validateTokenWhenKidValidationSucceedsInTheSecondAttempt() throws Exception {
    PublisherProbe<Map<String, String>> fetchTokenKeys = PublisherProbe.of(Mono.just(VALID_KEYS));
    ReflectionTestUtils.setField(this.tokenValidator, "cachedTokenKeys", INVALID_KEYS);
    given(this.securityService.fetchTokenKeys()).willReturn(fetchTokenKeys.mono());
    given(this.securityService.getUaaUrl()).willReturn(Mono.just("http://localhost:8080/uaa"));
    String header = "{\"alg\": \"RS256\",  \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
    String claims = "{\"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
    StepVerifier.create(this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())))).verifyComplete();
    assertThat(this.tokenValidator).hasFieldOrPropertyWithValue("cachedTokenKeys", VALID_KEYS);
    fetchTokenKeys.assertWasSubscribed();
}