Example 11 with Token
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.
the class TokenValidatorTests method validateTokenShouldFetchTokenKeysIfNull.
@Test
void validateTokenShouldFetchTokenKeysIfNull() throws Exception {
given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
given(this.securityService.getUaaUrl()).willReturn("http://localhost:8080/uaa");
String header = "{ \"alg\": \"RS256\", \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())));
then(this.securityService).should().fetchTokenKeys();
}Example 12 with Token
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.
the class TokenValidatorTests method validateTokenWhenExpiredShouldThrowException.
@Test
void validateTokenWhenExpiredShouldThrowException() {
given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
given(this.securityService.fetchTokenKeys()).willReturn(VALID_KEYS);
String header = "{ \"alg\": \"RS256\", \"kid\": \"valid-key\", \"typ\": \"JWT\"}";
String claims = "{ \"jti\": \"0236399c350c47f3ae77e67a75e75e7d\", \"exp\": 1477509977, \"scope\": [\"actuator.read\"]}";
assertThatExceptionOfType(CloudFoundryAuthorizationException.class).isThrownBy(() -> this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())))).satisfies(reasonRequirement(Reason.TOKEN_EXPIRED));
}Example 13 with Token
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.
the class TokenValidatorTests method validateTokenWhenKidValidationFailsTwiceShouldThrowException.
@Test
void validateTokenWhenKidValidationFailsTwiceShouldThrowException() {
ReflectionTestUtils.setField(this.tokenValidator, "tokenKeys", INVALID_KEYS);
given(this.securityService.fetchTokenKeys()).willReturn(INVALID_KEYS);
String header = "{\"alg\": \"RS256\", \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
String claims = "{\"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
assertThatExceptionOfType(CloudFoundryAuthorizationException.class).isThrownBy(() -> this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())))).satisfies(reasonRequirement(Reason.INVALID_KEY_ID));
}Example 14 with Token
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.
the class CloudFoundrySecurityInterceptorTests method preHandleSuccessfulWithRestrictedAccess.
@Test
void preHandleSuccessfulWithRestrictedAccess() {
String accessToken = mockAccessToken();
this.request.addHeader("Authorization", "Bearer " + accessToken);
given(this.securityService.getAccessLevel(accessToken, "my-app-id")).willReturn(AccessLevel.RESTRICTED);
SecurityResponse response = this.interceptor.preHandle(this.request, EndpointId.of("info"));
ArgumentCaptor<Token> tokenArgumentCaptor = ArgumentCaptor.forClass(Token.class);
then(this.tokenValidator).should().validate(tokenArgumentCaptor.capture());
Token token = tokenArgumentCaptor.getValue();
assertThat(token.toString()).isEqualTo(accessToken);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK);
assertThat(this.request.getAttribute("cloudFoundryAccessLevel")).isEqualTo(AccessLevel.RESTRICTED);
}
Also used :
Token(org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token)
SecurityResponse(org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse)
Test(org.junit.jupiter.api.Test)
Example 15 with Token
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token in project spring-boot by spring-projects.
the class TokenValidatorTests method validateTokenWhenValidShouldNotFetchTokenKeys.
@Test
void validateTokenWhenValidShouldNotFetchTokenKeys() throws Exception {
ReflectionTestUtils.setField(this.tokenValidator, "tokenKeys", VALID_KEYS);
given(this.securityService.getUaaUrl()).willReturn("http://localhost:8080/uaa");
String header = "{ \"alg\": \"RS256\", \"kid\": \"valid-key\",\"typ\": \"JWT\"}";
String claims = "{ \"exp\": 2147483647, \"iss\": \"http://localhost:8080/uaa/oauth/token\", \"scope\": [\"actuator.read\"]}";
this.tokenValidator.validate(new Token(getSignedToken(header.getBytes(), claims.getBytes())));
then(this.securityService).should(never()).fetchTokenKeys();
}Aggregations
Token (org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token)15
Test (org.junit.jupiter.api.Test)14
Map (java.util.Map)3
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3
SecurityResponse (org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse)2
AccessLevel (org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel)1
CloudFoundryAuthorizationException (org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)1
