Examples with JwtTimestampValidator org.springframework.security.oauth2.jwt.JwtTimestampValidator used on opensource projects

Search in sources :

Example 6 with JwtTimestampValidator

use of org.springframework.security.oauth2.jwt.JwtTimestampValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method validTokenTests.

@Test
public void validTokenTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
    validators.add(new JwtTimestampValidator());
    validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
    validators.add(new FirebaseTokenValidator("123456"));
    DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    Jwt jwt = decoder.decode(signedJWT.serialize());
    assertThat(jwt.getClaims()).isNotEmpty();
}
Also used : JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) Jwt(org.springframework.security.oauth2.jwt.Jwt) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 7 with JwtTimestampValidator

use of org.springframework.security.oauth2.jwt.JwtTimestampValidator in project spring-security by spring-projects.

the class JwtTimestampValidatorTests method validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime.

@Test
public void validateWhenJwtIsExpiredThenErrorMessageIndicatesExpirationTime() {
    Instant oneHourAgo = Instant.now().minusSeconds(3600);
    Jwt jwt = TestJwts.jwt().expiresAt(oneHourAgo).build();
    JwtTimestampValidator jwtValidator = new JwtTimestampValidator();
    Collection<OAuth2Error> details = jwtValidator.validate(jwt).getErrors();
    // @formatter:off
    Collection<String> messages = details.stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
    // @formatter:on
    assertThat(messages).contains("Jwt expired at " + oneHourAgo);
    assertThat(details).allMatch((error) -> Objects.equals(error.getErrorCode(), OAuth2ErrorCodes.INVALID_TOKEN));
}
Also used : Instant(java.time.Instant) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Test(org.junit.jupiter.api.Test)

Example 8 with JwtTimestampValidator

use of org.springframework.security.oauth2.jwt.JwtTimestampValidator in project spring-security by spring-projects.

the class JwtTimestampValidatorTests method validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew.

@Test
public void validateWhenConfiguredWithClockSkewThenValidatesUsingThatSkew() {
    Duration oneDayOff = Duration.ofDays(1);
    JwtTimestampValidator jwtValidator = new JwtTimestampValidator(oneDayOff);
    Instant now = Instant.now();
    Instant almostOneDayAgo = now.minus(oneDayOff).plusSeconds(10);
    Instant almostOneDayFromNow = now.plus(oneDayOff).minusSeconds(10);
    Instant justOverOneDayAgo = now.minus(oneDayOff).minusSeconds(10);
    Instant justOverOneDayFromNow = now.plus(oneDayOff).plusSeconds(10);
    Jwt jwt = TestJwts.jwt().expiresAt(almostOneDayAgo).notBefore(almostOneDayFromNow).build();
    assertThat(jwtValidator.validate(jwt).hasErrors()).isFalse();
    jwt = TestJwts.jwt().expiresAt(justOverOneDayAgo).build();
    OAuth2TokenValidatorResult result = jwtValidator.validate(jwt);
    // @formatter:off
    Collection<String> messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
    // @formatter:on
    assertThat(result.hasErrors()).isTrue();
    assertThat(messages).contains("Jwt expired at " + justOverOneDayAgo);
    jwt = TestJwts.jwt().notBefore(justOverOneDayFromNow).build();
    result = jwtValidator.validate(jwt);
    // @formatter:off
    messages = result.getErrors().stream().map(OAuth2Error::getDescription).collect(Collectors.toList());
    // @formatter:on
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
    assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
}
Also used : Instant(java.time.Instant) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Duration(java.time.Duration) Test(org.junit.jupiter.api.Test)

Example 9 with JwtTimestampValidator

use of org.springframework.security.oauth2.jwt.JwtTimestampValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method invalidAudienceTests.

@Test
public void invalidAudienceTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().minusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
    validators.add(new JwtTimestampValidator());
    validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
    validators.add(new FirebaseTokenValidator("123456"));
    DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: This aud claim is not equal to the configured audience");
}
Also used : JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) Jwt(org.springframework.security.oauth2.jwt.Jwt) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Example 10 with JwtTimestampValidator

use of org.springframework.security.oauth2.jwt.JwtTimestampValidator in project spring-cloud-gcp by spring-cloud.

the class FirebaseJwtTokenDecoderTests method expiredTokenTests.

@Test
public void expiredTokenTests() throws Exception {
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().minusSeconds(3600))).build();
    SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
    List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
    validators.add(new JwtTimestampValidator());
    DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
    RestOperations operations = mockRestOperations();
    FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
    assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: Jwt expired at");
}
Also used : Jwt(org.springframework.security.oauth2.jwt.Jwt) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator) RestOperations(org.springframework.web.client.RestOperations) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.Test)

Aggregations

ArrayList (java.util.ArrayList)8 DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)8 OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)8 JwtTimestampValidator (org.springframework.security.oauth2.jwt.JwtTimestampValidator)8 JWSHeader (com.nimbusds.jose.JWSHeader)6 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)6 SignedJWT (com.nimbusds.jwt.SignedJWT)6 Test (org.junit.Test)6 Jwt (org.springframework.security.oauth2.jwt.Jwt)6 JwtIssuerValidator (org.springframework.security.oauth2.jwt.JwtIssuerValidator)6 RestOperations (org.springframework.web.client.RestOperations)6 Instant (java.time.Instant)3 Test (org.junit.jupiter.api.Test)3 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)3 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2 Bean (org.springframework.context.annotation.Bean)2 Duration (java.time.Duration)1 FirebaseTokenValidator (org.springframework.cloud.gcp.security.firebase.FirebaseTokenValidator)1 OAuth2TokenValidatorResult (org.springframework.security.oauth2.core.OAuth2TokenValidatorResult)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial