org.springframework.security.oauth2.jwt.Jwt类的使用及代码示例
本文整理了Java中org.springframework.security.oauth2.jwt.Jwt类的一些代码示例,展示了Jwt类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Jwt类的具体详情如下:
包路径:org.springframework.security.oauth2.jwt.Jwt
类名称:Jwt
Jwt介绍
[英]An implementation of an AbstractOAuth2Token representing a JSON Web Token (JWT).
JWTs represent a set of "claims" as a JSON object that may be encoded in a JSON Web Signature (JWS) and/or JSON Web Encryption (JWE) structure. The JSON object, also known as the JWT Claims Set, consists of one or more claim name/value pairs. The claim name is a String and the claim value is an arbitrary JSON object.
[中]表示JSON Web令牌(JWT)的AbstractOAuth2Token的实现。
JWT将一组“声明”表示为JSON对象,可以用JSON Web签名(JWS)和/或JSON Web加密(JWE)结构编码。JSON对象,也称为JWT声明集,由一个或多个声明名称/值对组成。声明名称是字符串,声明值是任意JSON对象。
代码示例
代码示例来源:origin: spring-projects/spring-security
@Test
public void constructorWhenParametersProvidedAndValidThenCreated() {
Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE),
Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS);
assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE);
assertThat(jwt.getHeaders()).isEqualTo(HEADERS);
assertThat(jwt.getClaims()).isEqualTo(CLAIMS);
assertThat(jwt.getIssuer().toString()).isEqualTo(ISS_VALUE);
assertThat(jwt.getSubject()).isEqualTo(SUB_VALUE);
assertThat(jwt.getAudience()).isEqualTo(AUD_VALUE);
assertThat(jwt.getExpiresAt().toEpochMilli()).isEqualTo(EXP_VALUE);
assertThat(jwt.getNotBefore().getEpochSecond()).isEqualTo(NBF_VALUE);
assertThat(jwt.getIssuedAt().toEpochMilli()).isEqualTo(IAT_VALUE);
assertThat(jwt.getId()).isEqualTo(JTI_VALUE);
}
}代码示例来源:origin: spring-projects/spring-security
if (!idToken.getAudience().contains(this.clientRegistration.getClientId())) {
invalidClaims.put(IdTokenClaimNames.AUD, idToken.getAudience());
String authorizedParty = idToken.getClaimAsString(IdTokenClaimNames.AZP);
if (idToken.getAudience().size() > 1 && authorizedParty == null) {
invalidClaims.put(IdTokenClaimNames.AZP, authorizedParty);
if (now.minus(this.clockSkew).isAfter(idToken.getExpiresAt())) {
invalidClaims.put(IdTokenClaimNames.EXP, idToken.getExpiresAt());
if (now.plus(this.clockSkew).isBefore(idToken.getIssuedAt())) {
invalidClaims.put(IdTokenClaimNames.IAT, idToken.getIssuedAt());代码示例来源:origin: spring-projects/spring-security
private static Map<String, Object> validateRequiredClaims(Jwt idToken) {
Map<String, Object> requiredClaims = new HashMap<>();
URL issuer = idToken.getIssuer();
if (issuer == null) {
requiredClaims.put(IdTokenClaimNames.ISS, issuer);
}
String subject = idToken.getSubject();
if (subject == null) {
requiredClaims.put(IdTokenClaimNames.SUB, subject);
}
List<String> audience = idToken.getAudience();
if (CollectionUtils.isEmpty(audience)) {
requiredClaims.put(IdTokenClaimNames.AUD, audience);
}
Instant expiresAt = idToken.getExpiresAt();
if (expiresAt == null) {
requiredClaims.put(IdTokenClaimNames.EXP, expiresAt);
}
Instant issuedAt = idToken.getIssuedAt();
if (issuedAt == null) {
requiredClaims.put(IdTokenClaimNames.IAT, issuedAt);
}
return requiredClaims;
}
}代码示例来源:origin: spring-projects/spring-security
private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
return jwtDecoder.decode(rawIdToken)
.map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
}
}代码示例来源:origin: spring-projects/spring-security
/**
* {@inheritDoc}
*/
@Override
public OAuth2TokenValidatorResult validate(Jwt jwt) {
Assert.notNull(jwt, "jwt cannot be null");
Instant expiry = jwt.getExpiresAt();
if (expiry != null) {
if (Instant.now(this.clock).minus(clockSkew).isAfter(expiry)) {
OAuth2Error error = new OAuth2Error(
OAuth2ErrorCodes.INVALID_REQUEST,
String.format("Jwt expired at %s", jwt.getExpiresAt()),
"https://tools.ietf.org/html/rfc6750#section-3.1");
return OAuth2TokenValidatorResult.failure(error);
}
}
Instant notBefore = jwt.getNotBefore();
if (notBefore != null) {
if (Instant.now(this.clock).plus(clockSkew).isBefore(notBefore)) {
OAuth2Error error = new OAuth2Error(
OAuth2ErrorCodes.INVALID_REQUEST,
String.format("Jwt used before %s", jwt.getNotBefore()),
"https://tools.ietf.org/html/rfc6750#section-3.1");
return OAuth2TokenValidatorResult.failure(error);
}
}
return OAuth2TokenValidatorResult.success();
}代码示例来源:origin: spring-projects/spring-security
private Jwt createJwt(JWT parsedJwt, JWTClaimsSet jwtClaimsSet) {
Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims());
Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP);
Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT);
return new Jwt(parsedJwt.getParsedString(), issuedAt, expiresAt, headers, claims);
}代码示例来源:origin: spring-projects/spring-security
/**
* {@inheritDoc}
*/
@Override
public Map<String, Object> getTokenAttributes() {
return this.getToken().getClaims();
}代码示例来源:origin: spring-cloud/spring-cloud-gcp
@RequestMapping("/topsecret")
public String secured() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.getPrincipal() instanceof Jwt) {
Jwt jwt = (Jwt) authentication.getPrincipal();
return String.format("You are [%s] with e-mail address [%s].%n",
jwt.getSubject(), jwt.getClaimAsString("email"));
}
else {
return "Something went wrong; authentication is not provided by IAP/JWT.\n";
}
}代码示例来源:origin: spring-projects/spring-security
/**
* The {@link Jwt}'s subject, if any
*/
@Override
public String getName() {
return this.getToken().getSubject();
}
}代码示例来源:origin: org.springframework.cloud/spring-cloud-gcp-security-iap
@Override
public OAuth2TokenValidatorResult validate(Jwt t) {
if (t.getAudience() != null && t.getAudience().contains(this.audience)) {
return OAuth2TokenValidatorResult.success();
}
else {
if (LOGGER.isWarnEnabled()) {
LOGGER.warn(String.format(
"Expected audience %s did not match token audience %s", this.audience, t.getAudience()));
}
return OAuth2TokenValidatorResult.failure(INVALID_AUDIENCE);
}
}代码示例来源:origin: spring-projects/spring-security
/**
* {@inheritDoc}
*/
@Override
public OAuth2TokenValidatorResult validate(Jwt token) {
Assert.notNull(token, "token cannot be null");
String tokenIssuer = token.getClaimAsString(JwtClaimNames.ISS);
if (this.issuer.equals(tokenIssuer)) {
return OAuth2TokenValidatorResult.success();
} else {
return OAuth2TokenValidatorResult.failure(INVALID_ISSUER);
}
}
}代码示例来源:origin: spring-projects/spring-security
private OidcIdToken createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
JwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
Jwt jwt;
try {
jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN));
} catch (JwtException ex) {
OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, ex.getMessage(), null);
throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), ex);
}
OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims());
return idToken;
}
}代码示例来源:origin: spring-projects/spring-security
private Jwt jwt(Map<String, Object> claims) {
Map<String, Object> headers = new HashMap<>();
headers.put("alg", JwsAlgorithms.RS256);
return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims);
}
}代码示例来源:origin: spring-projects/spring-security
/**
* Gets the scopes from a {@link Jwt} token
* @param jwt The {@link Jwt} token
* @return The scopes from the token
*/
private Collection<String> getScopes(Jwt jwt) {
for ( String attributeName : WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES ) {
Object scopes = jwt.getClaims().get(attributeName);
if (scopes instanceof String) {
if (StringUtils.hasText((String) scopes)) {
return Arrays.asList(((String) scopes).split(" "));
} else {
return Collections.emptyList();
}
} else if (scopes instanceof Collection) {
return (Collection<String>) scopes;
}
}
return Collections.emptyList();
}
}代码示例来源:origin: org.springframework.security/spring-security-oauth2-jose
/**
* {@inheritDoc}
*/
@Override
public OAuth2TokenValidatorResult validate(Jwt jwt) {
Assert.notNull(jwt, "jwt cannot be null");
Instant expiry = jwt.getExpiresAt();
if (expiry != null) {
if (Instant.now(this.clock).minus(maxClockSkew).isAfter(expiry)) {
OAuth2Error error = new OAuth2Error(
OAuth2ErrorCodes.INVALID_REQUEST,
String.format("Jwt expired at %s", jwt.getExpiresAt()),
"https://tools.ietf.org/html/rfc6750#section-3.1");
return OAuth2TokenValidatorResult.failure(error);
}
}
Instant notBefore = jwt.getNotBefore();
if (notBefore != null) {
if (Instant.now(this.clock).plus(maxClockSkew).isBefore(notBefore)) {
OAuth2Error error = new OAuth2Error(
OAuth2ErrorCodes.INVALID_REQUEST,
String.format("Jwt used before %s", jwt.getNotBefore()),
"https://tools.ietf.org/html/rfc6750#section-3.1");
return OAuth2TokenValidatorResult.failure(error);
}
}
return OAuth2TokenValidatorResult.success();
}代码示例来源:origin: org.springframework.security/spring-security-oauth2-resource-server
/**
* The {@link Jwt}'s subject, if any
*/
@Override
public String getName() {
return this.getToken().getSubject();
}
}代码示例来源:origin: spring-cloud/spring-cloud-gcp
@Override
public OAuth2TokenValidatorResult validate(Jwt t) {
if (t.getAudience() != null && t.getAudience().contains(this.audience)) {
return OAuth2TokenValidatorResult.success();
}
else {
if (LOGGER.isWarnEnabled()) {
LOGGER.warn(String.format(
"Expected audience %s did not match token audience %s", this.audience, t.getAudience()));
}
return OAuth2TokenValidatorResult.failure(INVALID_AUDIENCE);
}
}代码示例来源:origin: org.springframework.security/spring-security-oauth2-jose
/**
* {@inheritDoc}
*/
@Override
public OAuth2TokenValidatorResult validate(Jwt token) {
Assert.notNull(token, "token cannot be null");
String tokenIssuer = token.getClaimAsString(JwtClaimNames.ISS);
if (this.issuer.equals(tokenIssuer)) {
return OAuth2TokenValidatorResult.success();
} else {
return OAuth2TokenValidatorResult.failure(INVALID_ISSUER);
}
}
}代码示例来源:origin: apache/servicemix-bundles
private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
ReactiveJwtDecoder jwtDecoder = this.decoderFactory.apply(clientRegistration);
String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
return jwtDecoder.decode(rawIdToken)
.map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()))
.doOnNext(idToken -> OidcTokenValidator.validateIdToken(idToken, clientRegistration));
}代码示例来源:origin: spring-projects/spring-security
private Jwt jwt(Map<String, Object> claims) {
Map<String, Object> headers = new HashMap<>();
headers.put("alg", JwsAlgorithms.RS256);
return new Jwt("token", Instant.now(), Instant.now().plusSeconds(3600), headers, claims);
}
}内容来源于网络,如有侵权,请联系作者删除!
