List of usage examples for org.springframework.security.jwt JwtHelper decode
public static Jwt decode(String token)
From source file:org.cloudfoundry.identity.uaa.audit.event.TokenIssuedEvent.java
private String getPrincipalId() { OAuth2AccessToken token = getSource(); Jwt jwt = JwtHelper.decode(token.getValue()); try {//from w w w.ja v a 2 s. c o m Map<String, Object> claims = mapper.readValue(jwt.getClaims(), new TypeReference<Map<String, Object>>() { }); return (claims.get("user_id") != null ? claims.get("user_id") : claims.get("client_id")).toString(); } catch (IOException e) { return null; } }
From source file:org.cloudfoundry.identity.uaa.oauth.JwtTokenEnhancerTests.java
@Test public void testEnhanceAccessToken() { OAuth2Authentication authentication = new OAuth2Authentication(new DefaultAuthorizationRequest("foo", null), userAuthentication);//from w w w . ja v a 2 s . c o m OAuth2AccessToken token = tokenEnhancer.enhance(new DefaultOAuth2AccessToken("FOO"), authentication); assertNotNull(token.getValue()); assertEquals("FOO", token.getAdditionalInformation().get(JwtTokenEnhancer.TOKEN_ID)); String claims = JwtHelper.decode(token.getValue()).getClaims(); assertTrue("Wrong claims: " + claims, claims.contains("\"" + UserInfo.USER_ID + "\"")); assertTrue("Wrong claims: " + claims, claims.contains("\"" + JwtTokenEnhancer.TOKEN_ID + "\"")); }
From source file:com.orange.clara.cloud.services.sandbox.infrastructure.CloudfoundryIdentityService.java
private String getUserGuidFromAccessToken(String username) { LOGGER.debug("Decoding JWT for user {}", username); Jwt jwt = JwtHelper.decode(oAuth2AccessToken.getValue()); Map map;//from w w w. j av a 2s. c o m try { ObjectMapper mapper = new ObjectMapper(); map = mapper.readValue(jwt.getClaims(), Map.class); } catch (IOException e) { throw new RuntimeException("Cannot parse jwt token for user " + username, e); } LOGGER.debug("Getting user_id for user {}", username); return (String) map.get("user_id"); }
From source file:org.cloudfoundry.identity.uaa.login.feature.ImplicitGrantIT.java
@Test public void testDefaultScopes() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); LinkedMultiValueMap<String, String> postBody = new LinkedMultiValueMap<>(); postBody.add("client_id", "cf"); postBody.add("redirect_uri", "https://uaa.cloudfoundry.com/redirect/cf"); postBody.add("response_type", "token"); postBody.add("source", "credentials"); postBody.add("username", testAccounts.getUserName()); postBody.add("password", testAccounts.getPassword()); ResponseEntity<Void> responseEntity = restOperations.exchange(baseUrl + "/oauth/authorize", HttpMethod.POST, new HttpEntity<>(postBody, headers), Void.class); Assert.assertEquals(HttpStatus.FOUND, responseEntity.getStatusCode()); UriComponents locationComponents = UriComponentsBuilder.fromUri(responseEntity.getHeaders().getLocation()) .build();//from w w w. j av a 2 s .co m Assert.assertEquals("uaa.cloudfoundry.com", locationComponents.getHost()); Assert.assertEquals("/redirect/cf", locationComponents.getPath()); MultiValueMap<String, String> params = parseFragmentParams(locationComponents); Assert.assertThat(params.get("jti"), not(empty())); Assert.assertEquals("bearer", params.getFirst("token_type")); Assert.assertThat(Integer.parseInt(params.getFirst("expires_in")), Matchers.greaterThan(40000)); String[] scopes = UriUtils.decode(params.getFirst("scope"), "UTF-8").split(" "); Assert.assertThat(Arrays.asList(scopes), containsInAnyOrder("scim.userids", "password.write", "cloud_controller.write", "openid", "cloud_controller.read")); Jwt access_token = JwtHelper.decode(params.getFirst("access_token")); Map<String, Object> claims = new ObjectMapper().readValue(access_token.getClaims(), new TypeReference<Map<String, Object>>() { }); Assert.assertThat((String) claims.get("jti"), is(params.getFirst("jti"))); Assert.assertThat((String) claims.get("client_id"), is("cf")); Assert.assertThat((String) claims.get("cid"), is("cf")); Assert.assertThat((String) claims.get("user_name"), is(testAccounts.getUserName())); Assert.assertThat(((List<String>) claims.get("scope")), containsInAnyOrder(scopes)); Assert.assertThat(((List<String>) claims.get("aud")), containsInAnyOrder("cf", "scim", "openid", "cloud_controller", "password")); }
From source file:org.cloudfoundry.identity.uaa.integration.AuthorizationCodeGrantIntegrationTests.java
@Test public void testSuccessfulAuthorizationCodeFlow() throws Exception { HttpHeaders headers = new HttpHeaders(); // TODO: should be able to handle just TEXT_HTML headers.setAccept(Arrays.asList(MediaType.TEXT_HTML, MediaType.ALL)); AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource(); URI uri = serverRunning.buildUri("/oauth/authorize").queryParam("response_type", "code") .queryParam("state", "mystateid").queryParam("client_id", resource.getClientId()) .queryParam("redirect_uri", resource.getPreEstablishedRedirectUri()).build(); ResponseEntity<Void> result = serverRunning.getForResponse(uri.toString(), headers); assertEquals(HttpStatus.FOUND, result.getStatusCode()); String location = result.getHeaders().getLocation().toString(); if (result.getHeaders().containsKey("Set-Cookie")) { String cookie = result.getHeaders().getFirst("Set-Cookie"); headers.set("Cookie", cookie); }//from w ww. j a va2 s . c om ResponseEntity<String> response = serverRunning.getForString(location, headers); // should be directed to the login screen... assertTrue(response.getBody().contains("/login.do")); assertTrue(response.getBody().contains("auth_key")); assertTrue(response.getBody().contains("password")); MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("auth_key", testAccounts.getUserName()); formData.add("password", testAccounts.getPassword()); // Should be redirected to the original URL, but now authenticated result = serverRunning.postForResponse("/login.do", headers, formData); assertEquals(HttpStatus.FOUND, result.getStatusCode()); if (result.getHeaders().containsKey("Set-Cookie")) { String cookie = result.getHeaders().getFirst("Set-Cookie"); headers.set("Cookie", cookie); } response = serverRunning.getForString(result.getHeaders().getLocation().toString(), headers); if (response.getStatusCode() == HttpStatus.OK) { // The grant access page should be returned assertTrue(response.getBody().contains("Do you authorize")); formData.clear(); formData.add("user_oauth_approval", "true"); result = serverRunning.postForResponse("/oauth/authorize", headers, formData); assertEquals(HttpStatus.FOUND, result.getStatusCode()); location = result.getHeaders().getLocation().toString(); } else { // Token cached so no need for second approval assertEquals(HttpStatus.FOUND, response.getStatusCode()); location = response.getHeaders().getLocation().toString(); } assertTrue("Wrong location: " + location, location.matches(resource.getPreEstablishedRedirectUri() + ".*code=.+")); formData.clear(); formData.add("client_id", resource.getClientId()); formData.add("redirect_uri", resource.getPreEstablishedRedirectUri()); formData.add("grant_type", "authorization_code"); formData.add("code", location.split("code=")[1].split("&")[0]); HttpHeaders tokenHeaders = new HttpHeaders(); tokenHeaders.set("Authorization", testAccounts.getAuthorizationHeader(resource.getClientId(), resource.getClientSecret())); @SuppressWarnings("rawtypes") ResponseEntity<Map> tokenResponse = serverRunning.postForMap("/oauth/token", formData, tokenHeaders); assertEquals(HttpStatus.OK, tokenResponse.getStatusCode()); @SuppressWarnings("unchecked") Map<String, String> body = tokenResponse.getBody(); Jwt token = JwtHelper.decode(body.get("access_token")); assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"aud\"")); assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"user_id\"")); }
From source file:org.cloudfoundry.identity.uaa.login.feature.OpenIdTokenGrantsIT.java
private void validateToken(String paramName, Map params, String[] scopes) throws java.io.IOException { Jwt access_token = JwtHelper.decode((String) params.get(paramName)); Map<String, Object> claims = new ObjectMapper().readValue(access_token.getClaims(), new TypeReference<Map<String, Object>>() { });/*w w w .j av a2 s . co m*/ Assert.assertThat((String) claims.get("jti"), is(params.get("jti"))); Assert.assertThat((String) claims.get("client_id"), is("cf")); Assert.assertThat((String) claims.get("cid"), is("cf")); Assert.assertThat((String) claims.get("user_name"), is(user.getUserName())); Assert.assertThat(((List<String>) claims.get("scope")), containsInAnyOrder(scopes)); Assert.assertThat(((List<String>) claims.get("aud")), containsInAnyOrder("cf", "scim", "openid", "cloud_controller", "password")); }
From source file:com.ge.predix.uaa.token.lib.FastTokenServices.java
protected Map<String, Object> getTokenClaims(final String accessToken) { if (StringUtils.isEmpty(accessToken)) { return null; }//from ww w .j av a2 s . c om Jwt token = JwtHelper.decode(accessToken); Map<String, Object> claims = JsonUtils.readValue(token.getClaims(), new TypeReference<Map<String, Object>>() { // Nothing to add here. }); return claims; }
From source file:org.cloudfoundry.identity.uaa.integration.OpenIdTokenAuthorizationWithApprovalIntegrationTests.java
private void exchangeCodeForToken(String clientId, String redirectUri, String clientSecret, String value, MultiValueMap<String, String> formData) { formData.clear();/*from ww w .j a va2 s .com*/ formData.add("client_id", clientId); formData.add("redirect_uri", redirectUri); formData.add("grant_type", "authorization_code"); formData.add("code", value); HttpHeaders tokenHeaders = new HttpHeaders(); tokenHeaders.set("Authorization", testAccounts.getAuthorizationHeader(clientId, clientSecret)); @SuppressWarnings("rawtypes") ResponseEntity<Map> tokenResponse = serverRunning.postForMap("/oauth/token", formData, tokenHeaders); assertEquals(HttpStatus.OK, tokenResponse.getStatusCode()); @SuppressWarnings("unchecked") Map<String, String> body = tokenResponse.getBody(); Jwt token = JwtHelper.decode(body.get("access_token")); assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"aud\"")); assertTrue("Wrong claims: " + token.getClaims(), token.getClaims().contains("\"user_id\"")); }