Example 11 with BearerTokenAuthenticationToken
use of org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken in project spring-security by spring-projects.
the class JwtReactiveAuthenticationManagerTests method authenticateWhenJwtThenSuccess.
@Test
public void authenticateWhenJwtThenSuccess() {
BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1");
given(this.jwtDecoder.decode(token.getToken())).willReturn(Mono.just(this.jwt));
Authentication authentication = this.manager.authenticate(token).block();
assertThat(authentication).isNotNull();
assertThat(authentication.isAuthenticated()).isTrue();
// @formatter:off
assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("SCOPE_message:read", "SCOPE_message:write");
// @formatter:on
}
Also used :
Authentication(org.springframework.security.core.Authentication)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 12 with BearerTokenAuthenticationToken
use of org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken in project spring-security by spring-projects.
the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenActiveTokenThenOk.
@Test
public void authenticateWhenActiveTokenThenOk() throws Exception {
OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals.active((attributes) -> attributes.put("extension_field", "twenty-seven"));
ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
given(introspector.introspect(any())).willReturn(Mono.just(authority));
OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
// @formatter:off
assertThat(attributes).isNotNull().containsEntry(OAuth2TokenIntrospectionClaimNames.ACTIVE, true).containsEntry(OAuth2TokenIntrospectionClaimNames.AUD, Arrays.asList("https://protected.example.net/resource")).containsEntry(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4").containsEntry(OAuth2TokenIntrospectionClaimNames.EXP, Instant.ofEpochSecond(1419356238)).containsEntry(OAuth2TokenIntrospectionClaimNames.ISS, new URL("https://server.example.com/")).containsEntry(OAuth2TokenIntrospectionClaimNames.NBF, Instant.ofEpochSecond(29348723984L)).containsEntry(OAuth2TokenIntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin")).containsEntry(OAuth2TokenIntrospectionClaimNames.SUB, "Z5O3upPC88QrAjx00dis").containsEntry(OAuth2TokenIntrospectionClaimNames.USERNAME, "jdoe").containsEntry("extension_field", "twenty-seven");
assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin");
// @formatter:on
}
Also used :
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
Authentication(org.springframework.security.core.Authentication)
ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
URL(java.net.URL)
Test(org.junit.jupiter.api.Test)
Example 13 with BearerTokenAuthenticationToken
use of org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken in project spring-security by spring-projects.
the class OpaqueTokenAuthenticationProvider method authenticate.
/**
* Introspect and validate the opaque
* <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
* Token</a>.
* @param authentication the authentication request object.
* @return A successful authentication
* @throws AuthenticationException if authentication failed for some reason
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!(authentication instanceof BearerTokenAuthenticationToken)) {
return null;
}
BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
OAuth2AuthenticatedPrincipal principal = getOAuth2AuthenticatedPrincipal(bearer);
AbstractAuthenticationToken result = convert(principal, bearer.getToken());
result.setDetails(bearer.getDetails());
this.logger.debug("Authenticated token");
return result;
}
Also used :
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
Example 14 with BearerTokenAuthenticationToken
use of org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken in project midpoint by Evolveum.
the class OidcResourceServerProvider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
Authentication token;
if (authentication instanceof BearerTokenAuthenticationToken) {
BearerTokenAuthenticationToken oidcAuthenticationToken = (BearerTokenAuthenticationToken) authentication;
JwtAuthenticationToken jwtAuthentication;
try {
jwtAuthentication = (JwtAuthenticationToken) oidcProvider.authenticate(oidcAuthenticationToken);
} catch (AuthenticationException e) {
getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
throw e;
}
HttpModuleAuthentication oidcModule = (HttpModuleAuthentication) AuthUtil.getProcessingModule();
try {
String username = jwtAuthentication.getName();
if (StringUtils.isEmpty(username)) {
LOGGER.error("Username from jwt token don't contains value");
throw new AuthenticationServiceException("web.security.provider.invalid");
}
token = getPreAuthenticationToken(username, focusType, requireAssignment, channel);
} catch (AuthenticationException e) {
oidcModule.setAuthentication(oidcAuthenticationToken);
LOGGER.info("Authentication with oidc module failed: {}", e.getMessage());
throw e;
}
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
Also used :
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
AuthenticationException(org.springframework.security.core.AuthenticationException)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
Authentication(org.springframework.security.core.Authentication)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 15 with BearerTokenAuthenticationToken
use of org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken in project spring-security by spring-projects.
the class JwtAuthenticationProvider method authenticate.
/**
* Decode and validate the
* <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer
* Token</a>.
* @param authentication the authentication request object.
* @return A successful authentication
* @throws AuthenticationException if authentication failed for some reason
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication;
Jwt jwt = getJwt(bearer);
AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
token.setDetails(bearer.getDetails());
this.logger.debug("Authenticated token");
return token;
}
Also used :
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
Aggregations
BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)23
Test (org.junit.jupiter.api.Test)18
Authentication (org.springframework.security.core.Authentication)8
OAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)5
BadJwtException (org.springframework.security.oauth2.jwt.BadJwtException)5
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)3
Jwt (org.springframework.security.oauth2.jwt.Jwt)3
OpaqueTokenIntrospector (org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector)3
ReactiveOpaqueTokenIntrospector (org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector)3
URL (java.net.URL)2
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)2
AuthenticationException (org.springframework.security.core.AuthenticationException)2
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)2
JwtException (org.springframework.security.oauth2.jwt.JwtException)2
OAuth2IntrospectionAuthenticatedPrincipal (org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal)2
OAuth2IntrospectionException (org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException)2
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)1
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1
JWSHeader (com.nimbusds.jose.JWSHeader)1
JWSObject (com.nimbusds.jose.JWSObject)1
