Example 6 with DelegatingOAuth2TokenValidator
use of org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method validTokenTests.
@Test
public void validTokenTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
Jwt jwt = decoder.decode(signedJWT.serialize());
assertThat(jwt.getClaims()).isNotEmpty();
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 7 with DelegatingOAuth2TokenValidator
use of org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class IapAuthenticationAutoConfigurationTests method testFixedStringAudienceValidatorAddedWhenAvailable.
@Test
public void testFixedStringAudienceValidatorAddedWhenAvailable() throws Exception {
when(mockJwt.getExpiresAt()).thenReturn(Instant.now().plusSeconds(10));
when(mockJwt.getNotBefore()).thenReturn(Instant.now().minusSeconds(10));
this.contextRunner.withUserConfiguration(FixedAudienceValidatorConfiguration.class).run((context) -> {
DelegatingOAuth2TokenValidator validator = context.getBean("iapJwtDelegatingValidator", DelegatingOAuth2TokenValidator.class);
OAuth2TokenValidatorResult result = validator.validate(mockJwt);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().size()).isEqualTo(2);
assertThat(result.getErrors().stream().map(error -> error.getDescription())).containsExactlyInAnyOrder("The iss claim is not valid", "This aud claim is not equal to the configured audience");
});
}
Also used :
OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
Test(org.junit.Test)
Example 8 with DelegatingOAuth2TokenValidator
use of org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator in project spring-boot by spring-projects.
the class OAuth2ResourceServerAutoConfigurationTests method autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri.
@SuppressWarnings("unchecked")
@Test
void autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri() throws Exception {
this.server = new MockWebServer();
this.server.start();
String path = "test";
String issuer = this.server.url(path).toString();
String cleanIssuerPath = cleanIssuerPath(issuer);
setupMockResponse(cleanIssuerPath);
this.contextRunner.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com", "spring.security.oauth2.resourceserver.jwt.issuer-uri=http://" + this.server.getHostName() + ":" + this.server.getPort() + "/" + path).run((context) -> {
assertThat(context).hasSingleBean(JwtDecoder.class);
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
DelegatingOAuth2TokenValidator<Jwt> jwtValidator = (DelegatingOAuth2TokenValidator<Jwt>) ReflectionTestUtils.getField(jwtDecoder, "jwtValidator");
Collection<OAuth2TokenValidator<Jwt>> tokenValidators = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils.getField(jwtValidator, "tokenValidators");
assertThat(tokenValidators).hasAtLeastOneElementOfType(JwtIssuerValidator.class);
});
}
Also used :
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
SupplierJwtDecoder(org.springframework.security.oauth2.jwt.SupplierJwtDecoder)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
MockWebServer(okhttp3.mockwebserver.MockWebServer)
Collection(java.util.Collection)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
Test(org.junit.jupiter.api.Test)
Example 9 with DelegatingOAuth2TokenValidator
use of org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class IapAuthenticationAutoConfiguration method iapJwtDecoder.
@Bean
@ConditionalOnMissingBean
public JwtDecoder iapJwtDecoder(IapAuthenticationProperties properties, @Qualifier("iapJwtDelegatingValidator") DelegatingOAuth2TokenValidator<Jwt> validator) {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(properties.getRegistry()).jwsAlgorithm(SignatureAlgorithm.from(properties.getAlgorithm())).build();
jwtDecoder.setJwtValidator(validator);
return jwtDecoder;
}
Also used :
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 10 with DelegatingOAuth2TokenValidator
use of org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidAudienceTests.
@Test
public void invalidAudienceTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: This aud claim is not equal to the configured audience");
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Aggregations
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)11
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)10
ArrayList (java.util.ArrayList)8
Jwt (org.springframework.security.oauth2.jwt.Jwt)8
JwtTimestampValidator (org.springframework.security.oauth2.jwt.JwtTimestampValidator)8
Test (org.junit.Test)7
JWSHeader (com.nimbusds.jose.JWSHeader)6
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)6
SignedJWT (com.nimbusds.jwt.SignedJWT)6
JwtIssuerValidator (org.springframework.security.oauth2.jwt.JwtIssuerValidator)6
RestOperations (org.springframework.web.client.RestOperations)6
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)3
Bean (org.springframework.context.annotation.Bean)3
Collection (java.util.Collection)2
MockWebServer (okhttp3.mockwebserver.MockWebServer)2
Test (org.junit.jupiter.api.Test)2
FirebaseTokenValidator (org.springframework.cloud.gcp.security.firebase.FirebaseTokenValidator)1
OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)1
JwtDecoder (org.springframework.security.oauth2.jwt.JwtDecoder)1
NimbusJwtDecoder (org.springframework.security.oauth2.jwt.NimbusJwtDecoder)1
