Search in sources :

Example 11 with OAuth2TokenValidator

use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method signedTokenTests.

@Test
public void signedTokenTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
    when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(mockRestOperations(), "https://spring.local", validator);
    decoder.decode(signedJWT.serialize());
}
Also used : OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 12 with OAuth2TokenValidator

use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method refreshFlowTests.

@Test
public void refreshFlowTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
    when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    decoder.decode(signedJWT.serialize());
    decoder.decode(signedJWT.serialize());
    verify(operations, times(1)).exchange(eq("https://spring.local"), eq(HttpMethod.GET), isNull(), eq(new ParameterizedTypeReference<Map<String, String>>() {
    }));
}
Also used : OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ParameterizedTypeReference(org.springframework.core.ParameterizedTypeReference) SignedJWT(com.nimbusds.jwt.SignedJWT) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 13 with OAuth2TokenValidator

use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method invalidSubject.

@Test
public void invalidSubject() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
    validators.add(new JwtTimestampValidator());
    validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
    validators.add(new FirebaseTokenValidator("123456"));
    DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: sub claim can not be empty");
}
Also used : JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) Jwt(org.springframework.security.oauth2.jwt.Jwt) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 14 with OAuth2TokenValidator

use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method validTokenTests.

@Test
public void validTokenTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
    validators.add(new JwtTimestampValidator());
    validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
    validators.add(new FirebaseTokenValidator("123456"));
    DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    Jwt jwt = decoder.decode(signedJWT.serialize());
    assertThat(jwt.getClaims()).isNotEmpty();
}
Also used : JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) Jwt(org.springframework.security.oauth2.jwt.Jwt) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 15 with OAuth2TokenValidator

use of org.springframework.security.oauth2.core.OAuth2TokenValidator in project spring-boot by spring-projects.

the class OAuth2ResourceServerAutoConfigurationTests method autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri.

@SuppressWarnings("unchecked")
@Test
void autoConfigurationShouldConfigureResourceServerUsingJwkSetUriAndIssuerUri() throws Exception {
    this.server = new MockWebServer();
    this.server.start();
    String path = "test";
    String issuer = this.server.url(path).toString();
    String cleanIssuerPath = cleanIssuerPath(issuer);
    setupMockResponse(cleanIssuerPath);
    this.contextRunner.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://jwk-set-uri.com", "spring.security.oauth2.resourceserver.jwt.issuer-uri=http://" + this.server.getHostName() + ":" + this.server.getPort() + "/" + path).run((context) -> {
        assertThat(context).hasSingleBean(JwtDecoder.class);
        JwtDecoder jwtDecoder = context.getBean(JwtDecoder.class);
        DelegatingOAuth2TokenValidator<Jwt> jwtValidator = (DelegatingOAuth2TokenValidator<Jwt>) ReflectionTestUtils.getField(jwtDecoder, "jwtValidator");
        Collection<OAuth2TokenValidator<Jwt>> tokenValidators = (Collection<OAuth2TokenValidator<Jwt>>) ReflectionTestUtils.getField(jwtValidator, "tokenValidators");
        assertThat(tokenValidators).hasAtLeastOneElementOfType(JwtIssuerValidator.class);
    });
}
Also used : OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) Jwt(org.springframework.security.oauth2.jwt.Jwt) SupplierJwtDecoder(org.springframework.security.oauth2.jwt.SupplierJwtDecoder) JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder) MockWebServer(okhttp3.mockwebserver.MockWebServer) Collection(java.util.Collection) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) Test(org.junit.jupiter.api.Test)

Aggregations

OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)17 DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)14 Test (org.junit.jupiter.api.Test)13 JWSHeader (com.nimbusds.jose.JWSHeader)10 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)10 SignedJWT (com.nimbusds.jwt.SignedJWT)10 Test (org.junit.Test)10 Jwt (org.springframework.security.oauth2.jwt.Jwt)10 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)9 ArrayList (java.util.ArrayList)8 JwtTimestampValidator (org.springframework.security.oauth2.jwt.JwtTimestampValidator)8 RestOperations (org.springframework.web.client.RestOperations)8 JwtIssuerValidator (org.springframework.security.oauth2.jwt.JwtIssuerValidator)6 OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)5 MockWebServer (okhttp3.mockwebserver.MockWebServer)4 Collection (java.util.Collection)2 MockResponse (okhttp3.mockwebserver.MockResponse)2 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)2 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2