public JwtClaims setClaim(String name, Object value) { setProperty(name, value); return this; }
public JwtClaims setClaim(String name, Object value) { setProperty(name, value); return this; }
protected void handleWSTrustClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) { TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters(); // Handle Claims ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters); if (retrievedClaims != null) { Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator(); while (claimIterator.hasNext()) { ProcessedClaim claim = claimIterator.next(); if (claim.getClaimType() != null && claim.getValues() != null && !claim.getValues().isEmpty()) { Object claimValues = claim.getValues(); if (claim.getValues().size() == 1) { claimValues = claim.getValues().get(0); } claims.setProperty(translateClaim(claim.getClaimType().toString()), claimValues); } } } }
protected void handleWSTrustClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) { TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters(); // Handle Claims ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters); if (retrievedClaims != null) { Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator(); while (claimIterator.hasNext()) { ProcessedClaim claim = claimIterator.next(); if (claim.getClaimType() != null && claim.getValues() != null && !claim.getValues().isEmpty()) { Object claimValues = claim.getValues(); if (claim.getValues().size() == 1) { claimValues = claim.getValues().get(0); } claims.setProperty(translateClaim(claim.getClaimType().toString()), claimValues); } } } }
claims.setAudiences(toList(address)); claims.setProperty("role", "boss"); claims.setProperty("http://claims/authentication", "password");
@org.junit.Test public void testClaimsAuthorizationNoClaims() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/booksclaims"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "boss"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertEquals(response.getStatus(), 403); }
@org.junit.Test public void testAuthorizationWrongRole() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthz/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setProperty("role", "manager"); claims.setAudiences(toList(address)); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
@org.junit.Test public void testAuthorizationWrongRolesAllowedAnnotation() throws Exception { URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); claims.setIssuedAt(Instant.now().getEpochSecond()); claims.setAudiences(toList(address)); // The endpoint requires a role of "boss" claims.setProperty("role", "manager"); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
claims.setAudiences(toList(address)); claims.setProperty("role", "boss"); claims.setProperty("http://claims/authentication", "smartcard");
claims.setAudiences(toList(address)); claims.setProperty("role", "boss");
claims.setAudiences(toList(address)); claims.setProperty("role", "boss");
claims.setAudiences( Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/")); claims.setProperty("client_id", "consumer-id2");
private ClientAccessToken getAccessToken() { JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256); JwtClaims claims = new JwtClaims(); claims.setIssuer(config.getServiceAccountClientId()); claims.setAudience("https://accounts.google.com/o/oauth2/token"); claims.setSubject(config.getServiceAccountSubject()); long issuedAt = OAuthUtils.getIssuedAt(); long tokenTimeout = config.getServiceAccountTokenLifetime(); claims.setIssuedAt(issuedAt); claims.setExpiryTime(issuedAt + tokenTimeout); claims.setProperty("scope", "https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.user"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer p = new JwsJwtCompactProducer(token); String base64UrlAssertion = p.signWith(privateKey); JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion); WebClient accessTokenService = WebClient.create("https://accounts.google.com/o/oauth2/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter())); accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); return accessTokenService.post(grant, ClientAccessToken.class); }
claims.setAudiences( Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/")); claims.setProperty("response_type", "token");