Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use Jwt.Builder

Browse Source 
Fixes gh-7443
This commit is contained in:
Josh Cummings
2019-09-16 09:00:04 -06:00
parent 40901fe072
commit 05caf3d8fb
25 changed files with 248 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/src/test/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurersJwtTests.java
+7 -11
View File
@@ -15,12 +15,8 @@
*/
package org.springframework.security.test.web.reactive.server;
import java.time.Instant;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
import java.util.Collections;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -33,8 +29,8 @@ import org.springframework.http.MediaType;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver;
import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
@@ -145,11 +141,11 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
@Test
public void mockJwtWhenProvidingPreparedJwtThenProducesJwtAuthentication() {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.SUB, "some_user");
Jwt originalToken = new Jwt("token123", Instant.now(), Instant.now().plusSeconds(3600),
Collections.singletonMap("header1", "value1"), claims);
client
Jwt originalToken = TestJwts.jwt()
.header("header1", "value1")
.subject("some_user")
.build();
this.client
.mutateWith(mockJwt(originalToken))
.get()
.exchange()
@@ -160,7 +156,7 @@ public class SecurityMockServerConfigurersJwtTests extends AbstractMockServerCon
JwtAuthenticationToken.class);
JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
assertThat(retrievedToken.getToken().getSubject()).isEqualTo("some_user");
assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token123");
assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token");
assertThat(retrievedToken.getToken().getHeaders().get("header1")).isEqualTo("value1");
}
}
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsJwtTests.java
+7 -13
View File
@@ -15,13 +15,8 @@
*/
package org.springframework.security.test.web.servlet.request;
import java.time.Instant;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
@@ -39,8 +34,8 @@ import org.springframework.security.config.BeanIds;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.test.context.TestSecurityContextHolder;
import org.springframework.security.test.web.support.WebTestUtils;
@@ -164,19 +159,18 @@ public class SecurityMockMvcRequestPostProcessorsJwtTests {
@Test
public void jwtWhenProvidingPreparedJwtThenUsesItForAuthentication() {
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.SUB, "some_user");
Jwt originalToken = new Jwt("token123", Instant.now(), Instant.now().plusSeconds(3600),
Collections.singletonMap("header1", "value1"), claims);
Jwt originalToken = TestJwts.jwt()
.header("header1", "value1")
.subject("some_user")
.build();
jwt(originalToken).postProcessRequest(this.request);
verify(this.repository).saveContext(this.contextCaptor.capture(), eq(this.request),
any(HttpServletResponse.class));
SecurityContext context = this.contextCaptor.getValue();
JwtAuthenticationToken retrievedToken = (JwtAuthenticationToken) context.getAuthentication();
assertThat(retrievedToken.getToken().getSubject()).isEqualTo("some_user");
assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token123");
assertThat(retrievedToken.getToken().getTokenValue()).isEqualTo("token");
assertThat(retrievedToken.getToken().getHeaders().get("header1")).isEqualTo("value1");
}
}