Example 11 with OAuth2TokenValidatorResult
use of org.springframework.security.oauth2.core.OAuth2TokenValidatorResult in project spring-security by spring-projects.
the class JwtTimestampValidatorTests method validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew.
@Test
public void validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew() {
Duration oneDayOff = Duration.ofDays(1);
JwtTimestampValidator jwtValidator = new JwtTimestampValidator(oneDayOff);
Instant now = Instant.now();
Instant almostOneDayAgo = now.minus(oneDayOff).plusSeconds(10);
Instant almostOneDayFromNow = now.plus(oneDayOff).minusSeconds(10);
Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10);
Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10);
Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build();
OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
// @formatter:off
Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
// @formatter:on
assertThat(result.hasErrors()).isTrue();
assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build();
result = jwtValidator.validate(jwt);
// @formatter:off
messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
// @formatter:on
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
}
Also used :
Instant(java.time.Instant)
OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
Duration(java.time.Duration)
Test(org.junit.jupiter.api.Test)
Example 12 with OAuth2TokenValidatorResult
use of org.springframework.security.oauth2.core.OAuth2TokenValidatorResult in project spring-security by spring-projects.
the class JwtTimestampValidator method validate.
@Override
public OAuth2TokenValidatorResult validate(Jwt jwt) {
Assert.notNull(jwt, "jwt cannot be null");
Instant expiry = jwt.getExpiresAt();
if (expiry != null) {
if (Instant.now(this.clock).minus(this.clockSkew).isAfter(expiry)) {
OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt expired at %s", jwt.getExpiresAt()));
return OAuth2TokenValidatorResult.failure(oAuth2Error);
}
}
Instant notBefore = jwt.getNotBefore();
if (notBefore != null) {
if (Instant.now(this.clock).plus(this.clockSkew).isBefore(notBefore)) {
OAuth2Error oAuth2Error = createOAuth2Error(String.format("Jwt used before %s", jwt.getNotBefore()));
return OAuth2TokenValidatorResult.failure(oAuth2Error);
}
}
return OAuth2TokenValidatorResult.success();
}
Also used :
Instant(java.time.Instant)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
Example 13 with OAuth2TokenValidatorResult
use of org.springframework.security.oauth2.core.OAuth2TokenValidatorResult in project spring-security by spring-projects.
the class NimbusReactiveJwtDecoder method validateJwt.
private Jwt validateJwt(Jwt jwt) {
OAuth2TokenValidatorResult result = this.jwtValidator.validate(jwt);
if (result.hasErrors()) {
Collection<OAuth2Error> errors = result.getErrors();
String validationErrorString = getJwtValidationExceptionMessage(errors);
throw new JwtValidationException(validationErrorString, errors);
}
return jwt;
}
Also used :
OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
Example 14 with OAuth2TokenValidatorResult
use of org.springframework.security.oauth2.core.OAuth2TokenValidatorResult in project spring-cloud-gcp by spring-cloud.
the class IapAuthenticationAutoConfigurationTests method testIapBeansReturnedWhenBothIapWithMultipleAudiencesAndSpringSecurityConfigPresent.
@Test
public void testIapBeansReturnedWhenBothIapWithMultipleAudiencesAndSpringSecurityConfigPresent() {
when(mockJwt.getAudience()).thenReturn(Collections.singletonList("aud1"));
this.contextRunner.withPropertyValues("spring.cloud.gcp.security.iap.audience=aud1, aud2").run((context) -> {
AudienceValidator validator = context.getBean(AudienceValidator.class);
OAuth2TokenValidatorResult result = validator.validate(mockJwt);
assertThat(result.hasErrors()).isFalse();
});
}
Also used :
AudienceValidator(org.springframework.cloud.gcp.security.iap.AudienceValidator)
OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)
Test(org.junit.Test)
Aggregations
OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)13
Test (org.junit.jupiter.api.Test)9
OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)9
Instant (java.time.Instant)2
Test (org.junit.Test)2
URL (java.net.URL)1
Duration (java.time.Duration)1
MockResponse (okhttp3.mockwebserver.MockResponse)1
MockWebServer (okhttp3.mockwebserver.MockWebServer)1
AudienceValidator (org.springframework.cloud.gcp.security.iap.AudienceValidator)1
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)1
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)1
