-
-
Notifications
You must be signed in to change notification settings - Fork 80
/
WithMockJwtAuth.java
99 lines (84 loc) · 4.38 KB
/
WithMockJwtAuth.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/*
* Copyright 2019 Jérôme Wacongne.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
*/
package com.c4_soft.springaddons.security.oauth2.test.annotations;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.Optional;
import org.springframework.core.annotation.AliasFor;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.test.context.support.TestExecutionEvent;
import org.springframework.security.test.context.support.WithSecurityContext;
import lombok.RequiredArgsConstructor;
import reactor.core.publisher.Mono;
/**
* Annotation to setup test {@link SecurityContext} with an {@link JwtAuthenticationToken}. Sample usage:
*
* <pre>
* @Test
* @WithMockJwtAuth(@OpenIdClaims(sub = "42"))
* public void test() {
* ...
* }
* </pre>
*
* @author Jérôme Wacongne <ch4mp@c4-soft.com>
* @see WithJwt @WithJwt is an alternative using a JSON file as source for claims
* @see WithMockAuthentication @WithMockAuthentication is a convenient alternative when you just need to define name and authorities (and optionally the
* Authentication type)
* @deprecated not as convenient in @Parameterized tests as alternatives listed above and provide with less reliable consistency between claims and
* authorities
*/
@Target({ ElementType.METHOD, ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@WithSecurityContext(factory = WithMockJwtAuth.JwtAuthenticationTokenFactory.class)
public @interface WithMockJwtAuth {
@AliasFor("claims")
OpenIdClaims value() default @OpenIdClaims();
@AliasFor("value")
OpenIdClaims claims() default @OpenIdClaims();
String tokenString() default "machin.truc.chose";
Claims headers() default @Claims(stringClaims = @StringClaim(name = "alg", value = "none"));
@AliasFor(annotation = WithSecurityContext.class)
TestExecutionEvent setupBefore() default TestExecutionEvent.TEST_METHOD;
@RequiredArgsConstructor
public static final class JwtAuthenticationTokenFactory extends AbstractAnnotatedAuthenticationBuilder<WithMockJwtAuth, AbstractAuthenticationToken> {
private final Optional<Converter<Jwt, ? extends AbstractAuthenticationToken>> jwtAuthenticationConverter;
private final Optional<Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>> reactiveJwtAuthenticationConverter;
@Override
public AbstractAuthenticationToken authentication(WithMockJwtAuth annotation) {
final var token = super.claims(annotation.claims()).build();
final var jwt = new Jwt(annotation.tokenString(), token.getIssuedAt(), token.getExpiresAt(), Claims.Token.of(annotation.headers()), token);
return jwtAuthenticationConverter.map(c -> {
final AbstractAuthenticationToken auth = c.convert(jwt);
return auth;
}).orElseGet(() -> reactiveJwtAuthenticationConverter.map(c -> {
final AbstractAuthenticationToken auth = c.convert(jwt).block();
return auth;
}).orElseGet(() -> {
final var converter = new JwtAuthenticationConverter();
converter.setPrincipalClaimName(annotation.claims().usernameClaim());
return converter.convert(jwt);
}));
}
}
}