/** * The Access Token if present parsed as a JsonObject * @return JSON */ public JsonObject accessToken() { if (cached_0 != null) { return cached_0; } JsonObject ret = delegate.accessToken(); cached_0 = ret; return ret; }
/** * The Access Token if present parsed as a JsonObject * @return JSON */ public JsonObject accessToken() { if (cached_0 != null) { return cached_0; } JsonObject ret = delegate.accessToken(); cached_0 = ret; return ret; }
public static java.util.Map<String, Object> accessToken(io.vertx.ext.auth.oauth2.AccessToken j_receiver) { return io.vertx.core.impl.ConversionHelper.fromJsonObject(j_receiver.accessToken()); } public static java.util.Map<String, Object> refreshToken(io.vertx.ext.auth.oauth2.AccessToken j_receiver) {
private String getUserName() { AccessToken tok = (AccessToken) user.getDelegate(); return tok.accessToken().getString("preferred_username"); }
/** * Factory method to create a RBAC handler for tokens adhering to the MP-JWT 1.1 spec. * @return a RBAC validator */ static OAuth2RBAC create() { return (user, authority, handler) -> { JsonObject accessToken = user.accessToken(); if (accessToken == null) { handler.handle(Future.failedFuture("AccessToken is not a valid JWT")); return; } // the spec MP-JWT 1.1 defines a custom grant called "groups" final JsonArray groups = accessToken.getJsonArray("groups"); // This MP-JWT custom claim is the list of group names that have been assigned to the principal of the MP-JWT. // This typically will required a mapping at the application container level to application deployment roles, // but a a one-to-one between group names and application role names is required to be performed in addition // to any other mapping. if (groups == null || groups.size() == 0) { handler.handle(Future.succeededFuture(false)); return; } // verify if the groups claim contains the required authority handler.handle(Future.succeededFuture(groups.contains(authority))); }; } }
public void isAuthorized(AccessToken user, String authority, Handler<AsyncResult<Boolean>> handler) { JsonObject accessToken = user.accessToken();
if (oauth2Token.accessToken() == null || jwt.isUnsecure()) {
@Override public void secure(Route route) { route.handler(oauth2Handler); // Check whether the oauth handler was successful and convert the user to a mesh user. route.handler(rc -> { User user = rc.user(); if (user instanceof AccessToken) { // FIXME - Workaround for Vert.x bug - https://github.com/vert-x3/vertx-auth/issues/216 AccessToken token = (AccessToken) user; if (token.accessToken() == null) { rc.fail(401); return; } else { rc.setUser(syncUser(token.accessToken())); } } rc.next(); }); }
@Test public void shouldReloadJWK(TestContext should) { final Async test = should.async(); keycloak.loadJWK(load -> { should.assertTrue(load.succeeded()); keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), authn -> { should.assertTrue(authn.succeeded()); should.assertNotNull(authn.result()); // generate a access token from the user AccessToken token = (AccessToken) authn.result(); should.assertNotNull(token.accessToken()); test.complete(); }); }); } }
should.assertNotNull(token.accessToken());
@Test public void itShouldNotFailForMissingGroupsField(TestContext should) { final Async test = should.async(); String accessToken = jwt.sign( new JsonObject( "{\n" + " \"iss\": \"https://server.example.com\",\n" + " \"aud\": \"s6BhdRkqt3\",\n" + " \"jti\": \"a-123\",\n" + " \"exp\": 999999999999,\n" + " \"iat\": 1311280970,\n" + " \"sub\": \"24400320\"\n" + "}"), new JWTOptions().setAlgorithm("RS256")); AccessToken token = new OAuth2TokenImpl( oauth, new JsonObject().put("access_token", accessToken).put("type_type", "Bearer")); // we ensure that the sign/decode is working as espected should.assertNotNull(token.accessToken()); token.isAuthorized("admin", authz -> { should.assertTrue(authz.succeeded()); should.assertFalse(authz.result()); test.complete(); }); }
should.assertNotNull(token.accessToken());
assertNotNull(token.principal()); assertNotNull(token.accessToken()); assertNotNull(token.refreshToken());