claims.setExpiryTime(currentTime + lifetime); claims.setIssuedAt(creationTimeInSeconds); claims.setNotBefore(creationTimeInSeconds); claims.setExpiryTime(expirationTime.getEpochSecond());
claims.setExpiryTime(currentTime + lifetime); claims.setIssuedAt(creationTimeInSeconds); claims.setNotBefore(creationTimeInSeconds); claims.setExpiryTime(expirationTime.getEpochSecond());
@Override public Pair<String, Date> generateJWT( final String tokenId, final String subject, final long duration, final Map<String, Object> claims) { credentialChecker.checkIsDefaultJWSKeyInUse(); long currentTime = new Date().getTime() / 1000L; long expiryTime = currentTime + 60L * duration; JwtClaims jwtClaims = new JwtClaims(); jwtClaims.setTokenId(tokenId); jwtClaims.setSubject(subject); jwtClaims.setIssuedAt(currentTime); jwtClaims.setIssuer(jwtIssuer); jwtClaims.setExpiryTime(expiryTime); jwtClaims.setNotBefore(currentTime); claims.forEach((key, value) -> { jwtClaims.setClaim(key, value); }); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, jwtClaims); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String signed = producer.signWith(jwsSignatureProvider); return Pair.of(signed, new Date(expiryTime * 1000L)); }
@Override public Pair<String, Date> update(final AccessToken accessToken, final byte[] authorities) { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody()); credentialChecker.checkIsDefaultJWSKeyInUse(); long duration = confDAO.find("jwt.lifetime.minutes", 120L); long currentTime = new Date().getTime() / 1000L; long expiry = currentTime + 60L * duration; consumer.getJwtClaims().setExpiryTime(expiry); Date expiryDate = new Date(expiry * 1000L); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String body = producer.signWith(jwsSignatureProvider); accessToken.setBody(body); // AccessToken stores expiry time in milliseconds, as opposed to seconds for the JWT tokens. accessToken.setExpiryTime(expiryDate); if (!adminUser.equals(accessToken.getOwner())) { accessToken.setAuthorities(authorities); } accessTokenDAO.save(accessToken); return Pair.of(body, expiryDate); }
claims.setIssuedAt(now.getEpochSecond()); if (expiry) { claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
claims.setIssuedAt(at.getIssuedAt()); if (at.getExpiresIn() > 0) { claims.setExpiryTime(at.getIssuedAt() + at.getExpiresIn());
Instant now = Instant.now(); claims.setIssuedAt(now.getEpochSecond()); claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond()); String audience = "https://localhost:" + port + "/services/token"; claims.setAudiences(Collections.singletonList(audience));
@org.junit.Test public void testExpiredToken() throws Exception { URL busFile = JWTPropertiesTest.class.getResource("client.xml"); List<Object> providers = new ArrayList<>(); providers.add(new JacksonJsonProvider()); providers.add(new JwtAuthenticationClientFilter()); String address = "https://localhost:" + PORT + "/unsignedjwt/bookstore/books"; WebClient client = WebClient.create(address, providers, busFile.toString()); client.type("application/json").accept("application/json"); // Create the JWT Token JwtClaims claims = new JwtClaims(); claims.setSubject("alice"); claims.setIssuer("DoubleItSTSIssuer"); ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); claims.setIssuedAt(now.toEpochSecond()); claims.setAudiences(toList(address)); // Set the expiry date to be yesterday claims.setExpiryTime(now.minusDays(1L).toEpochSecond()); JwtToken token = new JwtToken(claims); Map<String, Object> properties = new HashMap<>(); properties.put("rs.security.signature.algorithm", "none"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); assertNotEquals(response.getStatus(), 200); }
claims.setIssuedAt(at.getIssuedAt()); if (at.getExpiresIn() > 0) { claims.setExpiryTime(at.getIssuedAt() + at.getExpiresIn());
private ClientAccessToken getAccessToken() { JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256); JwtClaims claims = new JwtClaims(); claims.setIssuer(config.getServiceAccountClientId()); claims.setAudience("https://accounts.google.com/o/oauth2/token"); claims.setSubject(config.getServiceAccountSubject()); long issuedAt = OAuthUtils.getIssuedAt(); long tokenTimeout = config.getServiceAccountTokenLifetime(); claims.setIssuedAt(issuedAt); claims.setExpiryTime(issuedAt + tokenTimeout); claims.setProperty("scope", "https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.user"); JwtToken token = new JwtToken(headers, claims); JwsJwtCompactProducer p = new JwsJwtCompactProducer(token); String base64UrlAssertion = p.signWith(privateKey); JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion); WebClient accessTokenService = WebClient.create("https://accounts.google.com/o/oauth2/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter())); accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); return accessTokenService.post(grant, ClientAccessToken.class); }