I have a SystemTest. This means, i start all my Applications and access them only by doing REST calls. I also create for every Test a new User.
Now i have to add Security to my Application. This will be "OpenId Connect". Currently nothing is implemented. As there are many Tutorials, i thinks the implementation will be "easy". But I am not sure how to handle my SystemTest.
I think one solution could be using the https://github.com/spring-projects/spring-authorization-server/releases/tag/0.2.0. See also https://www.baeldung.com/spring-security-oauth-auth-server#authServerImplementation
My resource server will have only this configuration
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://auth-server:9000
I think my test should work like this:
Question:
Update: Another Idea: Maybe it would be good to use a slim OpenId Connect Client in the SystemTest. Then i have to modify only the Authorization Server to register user dynamic. I also have to ensure that user need no credentials, he must be just allowed to to things.
Best regards G
I was able to fix my Problem :-) I created an App that has this Controller and other Classes. I hope it help the other dev :-)
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.RSAKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.PostConstruct;
import java.lang.invoke.MethodHandles;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
@RestController
@RequestMapping("/openid-connect/mock")
public class OpenIdConnectMockController {
static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private KeyPair rsaKeyPair;
private RSAKey jwkRsaPublicKey;
@PostConstruct
public void generateKey() throws NoSuchAlgorithmException, JOSEException {
this.rsaKeyPair = generateRsaKeyPair(2048);
logger.info("generate key {}", this.rsaKeyPair.getPublic());
RSAPublicKey rsaPublicKey = (RSAPublicKey) this.rsaKeyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) this.rsaKeyPair.getPrivate();
this.jwkRsaPublicKey = new RSAKey.Builder(rsaPublicKey).build();
logger.info("jwkRsaPublicKey (JWK-Format) {}", this.jwkRsaPublicKey);
}
@GetMapping(path = "/keys", produces = "application/json")
public String keys() {
logger.info("Keys was called {}", this.jwkRsaPublicKey.toString());
return "{\"keys\":[" + this.jwkRsaPublicKey.toString() + "]}";
}
@GetMapping(path = "/private-key", produces = "application/json")
public byte[] getPrivateKey() throws JOSEException {
RSAKey privateKey = new RSAKey.Builder((RSAPublicKey) this.rsaKeyPair.getPublic()).privateKey(this.rsaKeyPair.getPrivate()).build();
return privateKey.toRSAPrivateKey().getEncoded();
}
private KeyPair generateRsaKeyPair(int keyLengthInt) throws NoSuchAlgorithmException {
KeyPairGenerator keypairGenerator = KeyPairGenerator.getInstance("RSA");
keypairGenerator.initialize(keyLengthInt, new SecureRandom());
return keypairGenerator.generateKeyPair();
}
}
public static Jwt jwtTokenClient(String userId) {
byte[] privateKey = OpenIdConnectMockService.privateKey(openIdConnectMockWebClient);
return JwtUtil.createJWT(privateKey, UUID.randomUUID().toString(), "MS-SystemTest-Issuer", userId);
}
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
public class JwtUtil {
public static final long SECOND_IN_MILLIS = 1000;
public static final long MINUTE_IN_MILLIS = SECOND_IN_MILLIS * 60;
public static final long HOUR_IN_MILLIS = MINUTE_IN_MILLIS * 60;
public static final long DAY_IN_MILLIS = HOUR_IN_MILLIS * 24;
private JwtUtil() {
}
public static Jwt createJWT(byte[] privateKey, String id, String issuer, String subject) {
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256;
long nowMillis = System.currentTimeMillis();
//We will sign our JWT with our ApiKey secret
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKey);
KeyFactory rsaFact = null;
try {
rsaFact = KeyFactory.getInstance("RSA");
RSAPrivateKey key = (RSAPrivateKey) rsaFact.generatePrivate(spec);
JwtBuilder builder = Jwts.builder().setId(id)
.setIssuedAt(new Date(nowMillis))
.setSubject(subject)
.setIssuer(issuer)
.setExpiration(new Date(nowMillis + DAY_IN_MILLIS))
.signWith(signatureAlgorithm, key);
//Builds the JWT and serializes it to a compact, URL-safe string
return new Jwt(builder.compact());
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new IllegalStateException(e);
}
}
}