Example 6 with JwtIssuerValidator
use of org.springframework.security.oauth2.jwt.JwtIssuerValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidAudienceTests.
@Test
public void invalidAudienceTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: This aud claim is not equal to the configured audience");
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 7 with JwtIssuerValidator
use of org.springframework.security.oauth2.jwt.JwtIssuerValidator in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidIssuerTests.
@Test
public void invalidIssuerTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://spring.local/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt");
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Aggregations
ArrayList (java.util.ArrayList)7
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)7
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)7
JwtTimestampValidator (org.springframework.security.oauth2.jwt.JwtTimestampValidator)7
JwtIssuerValidator (org.springframework.security.oauth2.jwt.JwtIssuerValidator)6
JWSHeader (com.nimbusds.jose.JWSHeader)5
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)5
SignedJWT (com.nimbusds.jwt.SignedJWT)5
Test (org.junit.Test)5
Jwt (org.springframework.security.oauth2.jwt.Jwt)5
RestOperations (org.springframework.web.client.RestOperations)5
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2
Bean (org.springframework.context.annotation.Bean)2
FirebaseTokenValidator (org.springframework.cloud.gcp.security.firebase.FirebaseTokenValidator)1
