cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: Removing the obsolete JwtClaims.setAudience as agreed with Colm
Date Thu, 03 Dec 2015 13:50:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 70298efb5 -> 8006d4c4a


Removing the obsolete JwtClaims.setAudience as agreed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f37b8fcf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f37b8fcf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f37b8fcf

Branch: refs/heads/master
Commit: f37b8fcf706bbaf1c0466e093a5bbf75d9a4dda2
Parents: 3a69814
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Dec 3 13:49:38 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Dec 3 13:49:38 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwt/JwtClaims.java     | 10 ++----
 .../jose/jws/JwsCompactReaderWriterTest.java    |  3 +-
 .../oidc/idp/IdTokenResponseFilter.java         |  4 ++-
 .../rs/security/oidc/idp/UserInfoService.java   |  4 ++-
 .../oidc/rp/AbstractTokenValidator.java         |  5 +--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 --
 .../provider/jwt/DefaultJWTClaimsProvider.java  |  8 ++---
 .../security/jose/jwt/JWTAlgorithmTest.java     | 34 ++++++++++++--------
 .../security/jose/jwt/JWTAuthnAuthzTest.java    | 16 ++++++---
 9 files changed, 47 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index fe5b08a..a3c77b9 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
 
@@ -53,24 +54,19 @@ public class JwtClaims extends JsonMapObject {
         return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
     }
     
-    public void setAudience(String audience) {
-        setAudiences(Collections.singletonList(audience));
-    }
-    
     public void setAudiences(List<String> audiences) {
         setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
     }
     
-    @SuppressWarnings("unchecked")
     public List<String> getAudiences() {
         Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
         if (audiences instanceof List<?>) {
-            return (List<String>)audiences;
+            return CastUtils.cast((List<?>)audiences);
         } else if (audiences instanceof String) {
             return Collections.singletonList((String)audiences);
         }
         
-        return Collections.emptyList();
+        return null;
     }
     
     public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 9554dde..e1855ea 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -24,6 +24,7 @@ import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -142,7 +143,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         JwtClaims claims = new JwtClaims();
         claims.setIssuer("https://jwt-idp.example.com");
         claims.setSubject("mailto:mike@example.com");
-        claims.setAudience("https://jwt-rp.example.net");
+        claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net"));
         claims.setNotBefore(1300815780L);
         claims.setExpiryTime(1300819380L);
         claims.setClaim("http://claims.example.com/member", true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index f0b1d79..da93213 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
+import java.util.Collections;
+
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -37,7 +39,7 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer
im
             IdToken token = 
                 userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(),
st.getScopes());
             token.setIssuer(issuer);
-            token.setAudience(st.getClient().getClientId());
+            token.setAudiences(Collections.singletonList(st.getClient().getClientId()));
             
             String responseEntity = super.processJwt(new JwtToken(token), 
                                                      st.getClient());

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 7e3ef8f..1f5d99d 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
+import java.util.Collections;
+
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -49,7 +51,7 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer
{
         if (userInfo != null) {
             userInfo.setIssuer(issuer);
         }
-        userInfo.setAudience(oauth.getClientId());
+        userInfo.setAudiences(Collections.singletonList(oauth.getClientId()));
         Object responseEntity = userInfo;
         if (super.isJwsRequired() || super.isJweRequired()) {
             responseEntity = super.processJwt(new JwtToken(userInfo),

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 8fc0022..0db3541 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oidc.rp;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -68,8 +69,8 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
             }
             // validate audience
             List<String> audiences = claims.getAudiences();
-            if (audiences.isEmpty() && validateClaimsAlways 
-                || !audiences.isEmpty() && !audiences.contains(clientId)) {
+            if (StringUtils.isEmpty(audiences) && validateClaimsAlways 
+                || !StringUtils.isEmpty(audiences) && !audiences.contains(clientId))
{
                 throw new SecurityException("Invalid audience");
             }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
index 27ce275..4c9071c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -42,9 +42,6 @@ public class IdTokenReader extends AbstractTokenValidator {
     }
     public JwtToken getIdJwtToken(String idJwtToken, Consumer client) {
         JwtToken jwt = getJwtToken(idJwtToken, client.getClientSecret());
-        if (jwt.getClaims().getAudiences().size() > 1) {
-            throw new SecurityException("Invalid audience");
-        }
         validateJwtClaims(jwt.getClaims(), client.getClientId(), true);
         return jwt;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
index dcdc7c8..9eb215b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -31,7 +31,6 @@ import javax.security.auth.x500.X500Principal;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.claims.ClaimsUtils;
 import org.apache.cxf.sts.claims.ProcessedClaim;
@@ -265,11 +264,8 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
             }
         }
         
-        if (audiences.size() == 1) {
-            claims.setAudience(audiences.get(0));
-        } else if (!audiences.isEmpty()) {
-            claims.setProperty(JwtConstants.CLAIM_AUDIENCE, audiences);
-        }
+        claims.setAudiences(audiences);
+        
     }
     
     public boolean isUseX500CN() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
index 250e3a2..1af1b31 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwt;
 import java.net.URL;
 import java.security.Security;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -40,6 +41,7 @@ import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -92,7 +94,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase {
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -110,6 +112,10 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         assertEquals(returnedBook.getId(), 123L);
     }
     
+    private List<String> toList(String address) {
+        return Collections.singletonList(address);
+    }
+
     @org.junit.Test
     public void testEncryptionDynamic() throws Exception {
 
@@ -132,7 +138,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -175,7 +181,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -217,7 +223,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -260,7 +266,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -300,7 +306,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -337,7 +343,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -377,7 +383,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -413,7 +419,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -451,7 +457,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -492,7 +498,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
 
         JwtToken token = new JwtToken(claims);
 
@@ -530,7 +536,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
         
@@ -566,7 +572,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
         
@@ -601,7 +607,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
index 45d109d..0e012e7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwt;
 import java.net.URL;
 import java.security.Security;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -39,6 +40,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -84,7 +86,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase {
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -105,6 +107,10 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         assertEquals(returnedBook.getId(), 123L);
     }
     
+    private List<String> toList(String address) {
+        return Collections.singletonList(address);
+    }
+    
     @org.junit.Test
     public void testAuthenticationFailure() throws Exception {
 
@@ -124,7 +130,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -162,7 +168,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         // The endpoint requires a role of "boss"
         claims.setProperty("role", "boss");
         
@@ -204,7 +210,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -241,7 +247,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
         claims.setProperty("role", "manager");
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 


Mime
View raw message