use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method signedTokenTests.
@Test
public void signedTokenTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(mockRestOperations(), "https://spring.local", validator);
decoder.decode(signedJWT.serialize());
}
use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method refreshFlowTests.
@Test
public void refreshFlowTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
decoder.decode(signedJWT.serialize());
decoder.decode(signedJWT.serialize());
verify(operations, times(1)).exchange(eq("https://spring.local"), eq(HttpMethod.GET), isNull(), eq(new ParameterizedTypeReference<Map<String, String>>() {
}));
}
use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidSubject.
@Test
public void invalidSubject() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: sub claim can not be empty");
}
use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method validTokenTests.
@Test
public void validTokenTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
Jwt jwt = decoder.decode(signedJWT.serialize());
assertThat(jwt.getClaims()).isNotEmpty();
}
use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-boot by spring-projects.
the class OAuth2ResourceServerAutoConfigurationTests method autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri.
@SuppressWarnings("unchecked")
@Test
void autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri() throws Exception {
this.server = new MockWebServer();
this.server.start();
String path = "test";
String issuer = this.server.url(path).toString();
String cleanIssuerPath = cleanIssuerPath(issuer);
setupMockResponse(cleanIssuerPath);
this.contextRunner.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com", "spring.security.oauth2.resourceserver.jwt.issuer-uri=http://" + this.server.getHostName() + ":" + this.server.getPort() + "/" + path).run((context) -> {
assertThat(context).hasSingleBean(JwtDecoder.class);
JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
DelegatingOAuth2TokenValidator<Jwt> jwtValidator = (DelegatingOAuth2TokenValidator<Jwt>) ReflectionTestUtils.getField(jwtDecoder, "jwtValidator");
Collection<OAuth2TokenValidator<Jwt>> tokenValidators = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils.getField(jwtValidator, "tokenValidators");
assertThat(tokenValidators).hasAtLeastOneElementOfType(JwtIssuerValidator.class);
});
}
Aggregations