Example 1 with InvalidBearerTokenException
use of org.springframework.security.oauth2.server.resource.InvalidBearerTokenException in project spring-security by spring-projects.
the class DefaultAuthenticationEventPublisherBearerTokenTests method publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps.
@Test
public void publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps() {
ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
Authentication authentication = new JwtAuthenticationToken(TestJwts.jwt().build());
Exception cause = new Exception();
this.publisher = new DefaultAuthenticationEventPublisher(appPublisher);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid"), authentication);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid", cause), authentication);
verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
}
Also used :
DefaultAuthenticationEventPublisher(org.springframework.security.authentication.DefaultAuthenticationEventPublisher)
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Authentication(org.springframework.security.core.Authentication)
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
AuthenticationFailureBadCredentialsEvent(org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent)
Test(org.junit.jupiter.api.Test)
Example 2 with InvalidBearerTokenException
use of org.springframework.security.oauth2.server.resource.InvalidBearerTokenException in project dhis2-core by dhis2.
the class Dhis2JwtAuthenticationManagerResolver method getAuthenticationManager.
/**
* Looks for a DhisOidcClientRegistration in the DhisOidcProviderRepository
* that matches the input JWT "issuer". It creates a new
* DhisJwtAuthenticationProvider if it finds a matching config.
* <p>
* The DhisJwtAuthenticationProvider is configured with a custom
* {@link Converter} that "converts" the incoming JWT token into a
* {@link DhisJwtAuthenticationToken}.
* <p>
* It also configures a JWT decoder that "decodes" incoming JSON string into
* a JWT token ({@link Jwt}
*
* @param issuer JWT issuer to look up
*
* @return a DhisJwtAuthenticationProvider
*/
private AuthenticationManager getAuthenticationManager(String issuer) {
return this.authenticationManagers.computeIfAbsent(issuer, s -> {
DhisOidcClientRegistration clientRegistration = clientRegistrationRepository.findByIssuerUri(issuer);
if (clientRegistration == null) {
throw new InvalidBearerTokenException("Invalid issuer");
}
Converter<Jwt, DhisJwtAuthenticationToken> authConverter = getConverter(clientRegistration);
JwtDecoder decoder = getDecoder(issuer);
return new DhisJwtAuthenticationProvider(decoder, authConverter)::authenticate;
});
}
Also used :
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
InvalidBearerTokenException(org.springframework.security.oauth2.server.resource.InvalidBearerTokenException)
Aggregations
DhisOidcClientRegistration (org.hisp.dhis.security.oidc.DhisOidcClientRegistration)1
Test (org.junit.jupiter.api.Test)1
ApplicationEventPublisher (org.springframework.context.ApplicationEventPublisher)1
DefaultAuthenticationEventPublisher (org.springframework.security.authentication.DefaultAuthenticationEventPublisher)1
AuthenticationFailureBadCredentialsEvent (org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent)1
Authentication (org.springframework.security.core.Authentication)1
Jwt (org.springframework.security.oauth2.jwt.Jwt)1
JwtDecoder (org.springframework.security.oauth2.jwt.JwtDecoder)1
InvalidBearerTokenException (org.springframework.security.oauth2.server.resource.InvalidBearerTokenException)1
JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)1
