Example 1 with JwtAuthenticationToken
use of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken in project spring-security by spring-projects.
the class OAuth2ResourceServerBeanDefinitionParserTests method getWhenAuthenticationManagerResolverThenUses.
@Test
public void getWhenAuthenticationManagerResolverThenUses() throws Exception {
this.spring.configLocations(xml("AuthenticationManagerResolver")).autowire();
AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver = this.spring.getContext().getBean(AuthenticationManagerResolver.class);
given(authenticationManagerResolver.resolve(any(HttpServletRequest.class))).willReturn((authentication) -> new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
// @formatter:off
this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
// @formatter:on
verify(authenticationManagerResolver).resolve(any(HttpServletRequest.class));
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 2 with JwtAuthenticationToken
use of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken in project spring-security by spring-projects.
the class OAuth2ResourceServerBeanDefinitionParserTests method requestWhenJwtAuthenticationConverterThenUsed.
@Test
public void requestWhenJwtAuthenticationConverterThenUsed() throws Exception {
this.spring.configLocations(xml("MockJwtDecoder"), xml("MockJwtAuthenticationConverter"), xml("JwtAuthenticationConverter")).autowire();
Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter = (Converter<Jwt, JwtAuthenticationToken>) this.spring.getContext().getBean("jwtAuthenticationConverter");
given(jwtAuthenticationConverter.convert(any(Jwt.class))).willReturn(new JwtAuthenticationToken(TestJwts.jwt().build(), Collections.emptyList()));
JwtDecoder jwtDecoder = this.spring.getContext().getBean(JwtDecoder.class);
given(jwtDecoder.decode(anyString())).willReturn(TestJwts.jwt().build());
// @formatter:off
this.mvc.perform(get("/").header("Authorization", "Bearer token")).andExpect(status().isNotFound());
// @formatter:on
verify(jwtAuthenticationConverter).convert(any(Jwt.class));
}
Also used :
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
Converter(org.springframework.core.convert.converter.Converter)
Test(org.junit.jupiter.api.Test)
Example 3 with JwtAuthenticationToken
use of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken in project spring-security by spring-projects.
the class DefaultAuthenticationEventPublisherBearerTokenTests method publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps.
@Test
public void publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps() {
ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
Authentication authentication = new JwtAuthenticationToken(TestJwts.jwt().build());
Exception cause = new Exception();
this.publisher = new DefaultAuthenticationEventPublisher(appPublisher);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid"), authentication);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid", cause), authentication);
verify(appPublisher, times(2)).publishEvent(isA(AuthenticationFailureBadCredentialsEvent.class));
}
Also used :
DefaultAuthenticationEventPublisher(org.springframework.security.authentication.DefaultAuthenticationEventPublisher)
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
Authentication(org.springframework.security.core.Authentication)
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
AuthenticationFailureBadCredentialsEvent(org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent)
Test(org.junit.jupiter.api.Test)
Example 4 with JwtAuthenticationToken
use of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken in project spring-security by spring-projects.
the class JwtAuthenticationProviderTests method authenticateWhenConverterReturnsAuthenticationThenProviderPropagatesIt.
@Test
public void authenticateWhenConverterReturnsAuthenticationThenProviderPropagatesIt() {
BearerTokenAuthenticationToken token = this.authentication();
Object details = mock(Object.class);
token.setDetails(details);
Jwt jwt = TestJwts.jwt().build();
JwtAuthenticationToken authentication = new JwtAuthenticationToken(jwt);
given(this.jwtDecoder.decode(token.getToken())).willReturn(jwt);
given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(authentication);
// @formatter:off
assertThat(this.provider.authenticate(token)).isEqualTo(authentication).hasFieldOrPropertyWithValue("details", details);
// @formatter:on
}
Also used :
Jwt(org.springframework.security.oauth2.jwt.Jwt)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 5 with JwtAuthenticationToken
use of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken in project spring-security by spring-projects.
the class JwtAuthenticationProviderTests method authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt.
@Test
public void authenticateWhenJwtDecodesThenAuthenticationHasAttributesContainedInJwt() {
BearerTokenAuthenticationToken token = this.authentication();
Jwt jwt = TestJwts.jwt().claim("name", "value").build();
given(this.jwtDecoder.decode("token")).willReturn(jwt);
given(this.jwtAuthenticationConverter.convert(jwt)).willReturn(new JwtAuthenticationToken(jwt));
JwtAuthenticationToken authentication = (JwtAuthenticationToken) this.provider.authenticate(token);
assertThat(authentication.getTokenAttributes()).containsEntry("name", "value");
}
Also used :
Jwt(org.springframework.security.oauth2.jwt.Jwt)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)20
Jwt (org.springframework.security.oauth2.jwt.Jwt)16
JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)11
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
SecurityContext (org.springframework.security.core.context.SecurityContext)6
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)3
BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)3
Arrays (java.util.Arrays)2
List (java.util.List)2
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
Authentication (org.springframework.security.core.Authentication)2
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2
JwtDecoder (org.springframework.security.oauth2.jwt.JwtDecoder)2
NimbusJwtDecoder (org.springframework.security.oauth2.jwt.NimbusJwtDecoder)2
TestJwts (org.springframework.security.oauth2.jwt.TestJwts)2
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)1
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
AfterEach (org.junit.jupiter.api.AfterEach)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
