/** * Get the verification key for the token signatures. The principal has to * be provided only if the key is secret * (shared not public). * * @param principal the currently authenticated user if there is one * @return the key used to verify tokens */ @RequestMapping(value = "/oauth/token_key", method = RequestMethod.GET) @ResponseBody public Map<String, String> getKey(Principal principal) { if ((principal == null || principal instanceof AnonymousAuthenticationToken) && !converter.isPublic()) { throw new AccessDeniedException("You need to authenticate to see a shared key"); } Map<String, String> result = converter.getKey(); return result; }
/** * Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys * should be in OpenSSH format, as produced by <tt>ssh-keygen</tt>. * * @param key the key to be used for signing JWTs. */ public void setSigningKey(String key) { Assert.hasText(key); key = key.trim(); this.signingKey = key; if (isPublic(key)) { signer = new RsaSigner(key); logger.info("Configured with RSA signing key"); } else { // Assume it's a MAC key this.verifierKey = key; signer = new MacSigner(key); } }
/** * Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys * should be in OpenSSH format, as produced by <tt>ssh-keygen</tt>. * * @param key the key to be used for signing JWTs. */ public void setSigningKey(String key) { Assert.hasText(key); key = key.trim(); this.signingKey = key; if (isPublic(key)) { signer = new RsaSigner(key); logger.info("Configured with RSA signing key"); } else { // Assume it's a MAC key this.verifierKey = key; signer = new MacSigner(key); } }
/** * Get the verification key for the token signatures. The principal has to * be provided only if the key is secret * (shared not public). * * @param principal the currently authenticated user if there is one * @return the key used to verify tokens */ @RequestMapping(value = "/oauth/token_key", method = RequestMethod.GET) @ResponseBody public Map<String, String> getKey(Principal principal) { if ((principal == null || principal instanceof AnonymousAuthenticationToken) && !converter.isPublic()) { throw new AccessDeniedException("You need to authenticate to see a shared key"); } Map<String, String> result = converter.getKey(); return result; }
@Test public void configureWhenPrivateKeyIsProvidedThenExposesJwtAccessTokenConverter() throws Exception { Path privateKeyPath = new ClassPathResource("key.private", this.getClass()) .getFile().toPath(); String privateKey = Files.readAllLines(privateKeyPath).stream() .collect(Collectors.joining("\n")); TestPropertyValues.of("security.oauth2.authorization.jwt.key-value=" + privateKey) .applyTo(this.environment); this.context = new SpringApplicationBuilder( AuthorizationServerConfiguration.class).environment(this.environment) .web(WebApplicationType.NONE).run(); JwtAccessTokenConverter converter = this.context .getBean(JwtAccessTokenConverter.class); assertThat(converter.isPublic()).isTrue(); }