Examples with BadJwtException org.springframework.security.oauth2.jwt.BadJwtException used on opensource projects

Search in sources :

Example 1 with BadJwtException

use of org.springframework.security.oauth2.jwt.BadJwtException in project spring-security by spring-projects.

the class JwtAuthenticationProviderTests method authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne.

@Test
public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
    BearerTokenAuthenticationToken token = this.authentication();
    given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
    // @formatter:off
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
// @formatter:on
}
Also used : BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 2 with BadJwtException

use of org.springframework.security.oauth2.jwt.BadJwtException in project spring-security by spring-projects.

the class JwtReactiveAuthenticationManagerTests method authenticateWhenJwtExceptionThenOAuth2AuthenticationException.

@Test
public void authenticateWhenJwtExceptionThenOAuth2AuthenticationException() {
    BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
    given(this.jwtDecoder.decode(any())).willReturn(Mono.error(new BadJwtException("Oops")));
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.manager.authenticate(token).block());
}
Also used : BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Test(org.junit.jupiter.api.Test)

Example 3 with BadJwtException

use of org.springframework.security.oauth2.jwt.BadJwtException in project spring-security by spring-projects.

the class JwtReactiveAuthenticationManagerTests method authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne.

// gh-7549
@Test
public void authenticateWhenDecoderThrowsIncompatibleErrorMessageThenWrapsWithGenericOne() {
    BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
    given(this.jwtDecoder.decode(token.getToken())).willThrow(new BadJwtException("with \"invalid\" chars"));
    // @formatter:off
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.manager.authenticate(token).block()).satisfies((ex) -> assertThat(ex).hasFieldOrPropertyWithValue("error.description", "Invalid token"));
// @formatter:on
}
Also used : BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 4 with BadJwtException

use of org.springframework.security.oauth2.jwt.BadJwtException in project spring-security by spring-projects.

the class NimbusJwtDecoder method createJwt.

private Jwt createJwt(String token, JWT parsedJwt) {
    try {
        // Verify the signature
        JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null);
        Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
        Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
        // @formatter:off
        return Jwt.withTokenValue(token).headers((h) -> h.putAll(headers)).claims((c) -> c.putAll(claims)).build();
    // @formatter:on
    } catch (RemoteKeySourceException ex) {
        this.logger.trace("Failed to retrieve JWK set", ex);
        if (ex.getCause() instanceof ParseException) {
            throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set"), ex);
        }
        throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
    } catch (JOSEException ex) {
        this.logger.trace("Failed to process JWT", ex);
        throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
    } catch (Exception ex) {
        this.logger.trace("Failed to process JWT", ex);
        if (ex.getCause() instanceof ParseException) {
            throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"), ex);
        }
        throw new BadJwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
    }
}
Also used : Arrays(java.util.Arrays) URL(java.net.URL) JOSEException(com.nimbusds.jose.JOSEException) JWKSet(com.nimbusds.jose.jwk.JWKSet) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) JWTParser(com.nimbusds.jwt.JWTParser) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) JWKSetCache(com.nimbusds.jose.jwk.source.JWKSetCache) PlainJWT(com.nimbusds.jwt.PlainJWT) RSAPublicKey(java.security.interfaces.RSAPublicKey) Map(java.util.Map) JWT(com.nimbusds.jwt.JWT) ParseException(java.text.ParseException) RestTemplate(org.springframework.web.client.RestTemplate) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) HttpHeaders(org.springframework.http.HttpHeaders) Collection(java.util.Collection) MediaType(org.springframework.http.MediaType) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) SecretKey(javax.crypto.SecretKey) LogFactory(org.apache.commons.logging.LogFactory) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) SecurityContext(com.nimbusds.jose.proc.SecurityContext) Resource(com.nimbusds.jose.util.Resource) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) Cache(org.springframework.cache.Cache) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWTProcessor(com.nimbusds.jwt.proc.JWTProcessor) RemoteJWKSet(com.nimbusds.jose.jwk.source.RemoteJWKSet) HashSet(java.util.HashSet) LinkedHashMap(java.util.LinkedHashMap) RemoteKeySourceException(com.nimbusds.jose.RemoteKeySourceException) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) Converter(org.springframework.core.convert.converter.Converter) RequestEntity(org.springframework.http.RequestEntity) ConfigurableJWTProcessor(com.nimbusds.jwt.proc.ConfigurableJWTProcessor) MalformedURLException(java.net.MalformedURLException) HttpMethod(org.springframework.http.HttpMethod) IOException(java.io.IOException) RestOperations(org.springframework.web.client.RestOperations) SingleKeyJWSKeySelector(com.nimbusds.jose.proc.SingleKeyJWSKeySelector) ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever) Consumer(java.util.function.Consumer) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Log(org.apache.commons.logging.Log) ResponseEntity(org.springframework.http.ResponseEntity) Collections(java.util.Collections) Assert(org.springframework.util.Assert) StringUtils(org.springframework.util.StringUtils) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) RemoteKeySourceException(com.nimbusds.jose.RemoteKeySourceException) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) JOSEException(com.nimbusds.jose.JOSEException) ParseException(java.text.ParseException) RemoteKeySourceException(com.nimbusds.jose.RemoteKeySourceException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) LinkedHashMap(java.util.LinkedHashMap)

Example 5 with BadJwtException

use of org.springframework.security.oauth2.jwt.BadJwtException in project spring-security by spring-projects.

the class OAuth2ResourceServerConfigurerTests method requestWhenUsingCustomAuthenticationEventPublisherThenUses.

// gh-7793
@Test
public void requestWhenUsingCustomAuthenticationEventPublisherThenUses() throws Exception {
    this.spring.register(CustomAuthenticationEventPublisher.class).autowire();
    given(bean(JwtDecoder.class).decode(anyString())).willThrow(new BadJwtException("problem"));
    this.mvc.perform(get("/").with(bearerToken("token")));
    verifyBean(AuthenticationEventPublisher.class).publishAuthenticationFailure(any(OAuth2AuthenticationException.class), any(Authentication.class));
}
Also used : BadJwtException(org.springframework.security.oauth2.jwt.BadJwtException) BearerTokenAuthentication(org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication) Authentication(org.springframework.security.core.Authentication) NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder) JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder) AuthenticationEventPublisher(org.springframework.security.authentication.AuthenticationEventPublisher) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)4 BadJwtException (org.springframework.security.oauth2.jwt.BadJwtException)4 BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)3 JOSEException (com.nimbusds.jose.JOSEException)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 RemoteKeySourceException (com.nimbusds.jose.RemoteKeySourceException)1 JWKSet (com.nimbusds.jose.jwk.JWKSet)1 JWKSetCache (com.nimbusds.jose.jwk.source.JWKSetCache)1 JWKSource (com.nimbusds.jose.jwk.source.JWKSource)1 RemoteJWKSet (com.nimbusds.jose.jwk.source.RemoteJWKSet)1 JWSKeySelector (com.nimbusds.jose.proc.JWSKeySelector)1 JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)1 SecurityContext (com.nimbusds.jose.proc.SecurityContext)1 SingleKeyJWSKeySelector (com.nimbusds.jose.proc.SingleKeyJWSKeySelector)1 Resource (com.nimbusds.jose.util.Resource)1 ResourceRetriever (com.nimbusds.jose.util.ResourceRetriever)1 JWT (com.nimbusds.jwt.JWT)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 JWTParser (com.nimbusds.jwt.JWTParser)1 PlainJWT (com.nimbusds.jwt.PlainJWT)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial