public String getRequest() { MultivaluedMap<String, String> map = super.toMap(); JwtClaims claims = new JwtClaims(); if (issuer != null) { claims.setIssuer(issuer); } for (String key : map.keySet()) { claims.setClaim(key, map.getFirst(key)); } return joseProducer.processJwt(new JwtToken(claims), clientSecret); }
public String getRequest() { MultivaluedMap<String, String> map = super.toMap(); JwtClaims claims = new JwtClaims(); if (issuer != null) { claims.setIssuer(issuer); } for (String key : map.keySet()) { claims.setClaim(key, map.getFirst(key)); } return joseProducer.processJwt(new JwtToken(claims), clientSecret); }
/** * Get a JwtClaims object. */ public JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) { JwtClaims claims = new JwtClaims(); claims.setSubject(getSubjectName(jwtClaimsProviderParameters)); claims.setTokenId(UUID.randomUUID().toString()); // Set the Issuer String issuer = jwtClaimsProviderParameters.getIssuer(); if (issuer == null) { STSPropertiesMBean stsProperties = jwtClaimsProviderParameters.getProviderParameters().getStsProperties(); claims.setIssuer(stsProperties.getIssuer()); } else { claims.setIssuer(issuer); } handleWSTrustClaims(jwtClaimsProviderParameters, claims); handleConditions(jwtClaimsProviderParameters, claims); handleAudienceRestriction(jwtClaimsProviderParameters, claims); handleActAs(jwtClaimsProviderParameters, claims); return claims; }
/** * Get a JwtClaims object. */ public JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) { JwtClaims claims = new JwtClaims(); claims.setSubject(getSubjectName(jwtClaimsProviderParameters)); claims.setTokenId(UUID.randomUUID().toString()); // Set the Issuer String issuer = jwtClaimsProviderParameters.getIssuer(); if (issuer == null) { STSPropertiesMBean stsProperties = jwtClaimsProviderParameters.getProviderParameters().getStsProperties(); claims.setIssuer(stsProperties.getIssuer()); } else { claims.setIssuer(issuer); } handleWSTrustClaims(jwtClaimsProviderParameters, claims); handleConditions(jwtClaimsProviderParameters, claims); handleAudienceRestriction(jwtClaimsProviderParameters, claims); handleActAs(jwtClaimsProviderParameters, claims); return claims; }
claims.setExpirationTimeMinutesInTheFuture(5); claims.setSubject("foki"); claims.setIssuer("the issuer"); claims.setAudience("the audience");
@org.junit.Test public void testBadSigningKey() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jks"); properties.put("rs.security.keystore.password", "password"); properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.alias", "alice"); properties.put("rs.security.keystore.file", "keys/alice.jks"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testMultipleAudiences() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); String badAddress = "https://localhost:" + PORT + "/badunsignedjwt/bookstore/books"; List<String> audiences = new ArrayList<>(); audiences.add(address); audiences.add(badAddress); claims.setAudiences(audiences); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
@org.junit.Test public void testAuthorizationNoRole() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testWrongSignatureAlgorithm() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "PS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testNoAudience() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
@org.junit.Test public void testSetClaimsDirectly() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); claims.setAudiences(toList(address)); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
@org.junit.Test public void testUnsignedTokenFailure() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address));
@org.junit.Test public void testBadAudience() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); String badAddress = "https://localhost:" + PORT + "/badunsignedjwt/bookstore/books"; claims.setAudiences(toList(badAddress)); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_CLAIMS, claims); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testSignatureProperties() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
@org.junit.Test public void testUnsignedTokenSuccess() throws Exception { URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); }
@org.junit.Test public void testNearFutureTokenFailure() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setAudiences(toList(address)); // Set the issued date to be in the near future ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.plusSeconds(30L).toEpochSecond()); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testNearFutureTokenSuccess() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwtnearfuture/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setAudiences(toList(address)); // Set the issued date to be in the near future ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.plusSeconds(30L).toEpochSecond()); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 200); }
@org.junit.Test public void testFutureToken() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setAudiences(toList(address)); // Set the issued date to be in the future ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.plusDays(1L).toEpochSecond()); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
private ClientAccessToken getAccessToken() { JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256); JwtClaims claims = new JwtClaims(); claims.setIssuer(config.getServiceAccountClientId()); claims.setAudience("https://accounts.google.com/o/oauth2/token"); claims.setSubject(config.getServiceAccountSubject()); long issuedAt = OAuthUtils.getIssuedAt(); long tokenTimeout = config.getServiceAccountTokenLifetime(); claims.setIssuedAt(issuedAt); claims.setExpiryTime(issuedAt + tokenTimeout); claims.setProperty("scope", "https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.user"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer p = new JwsJwtCompactProducer(token); String base64UrlAssertion = p.signWith(privateKey); JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion); WebClient accessTokenService = WebClient.create("https://accounts.google.com/o/oauth2/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter())); accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); return accessTokenService.post(grant, ClientAccessToken.class); }