Support custom claim types in quarkus-test-security-jwt

Author: sberyozkin

test-framework/security-jwt/pom.xml

@@ -28,6 +28,10 @@
             <artifactId>junit-jupiter</artifactId>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-jsonp</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.microprofile.jwt</groupId>
             <artifactId>microprofile-jwt-auth-api</artifactId>

test-framework/security-jwt/src/main/java/io/quarkus/test/security/jwt/Claim.java

@@ -7,7 +7,19 @@
 @Retention(RetentionPolicy.RUNTIME)
 @Target({})
 public @interface Claim {
+    /**
+     * Claim name
+     */
     String key();
 
+    /**
+     * Claim value
+     */
     String value();
+
+    /**
+     * Claim value type, the value will be converted to String if this type is set to Object.class.
+     * Supported types: String, Integer, int, Long, long, Boolean, boolean, jakarta.json.JsonArray, jakarta.json.JsonObject.
+     */
+    Class<?> type() default Object.class;
 }

test-framework/security-jwt/src/main/java/io/quarkus/test/security/jwt/JwtTestSecurityIdentityAugmentor.java

@@ -0,0 +1,161 @@
+package io.quarkus.test.security.jwt;
+
+import java.io.StringReader;
+import java.lang.annotation.Annotation;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import jakarta.json.Json;
+import jakarta.json.JsonArray;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonReader;
+
+import org.eclipse.microprofile.jwt.Claims;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.security.runtime.QuarkusSecurityIdentity;
+import io.quarkus.test.security.TestSecurityIdentityAugmentor;
+
+public class JwtTestSecurityIdentityAugmentor implements TestSecurityIdentityAugmentor {
+    private static Converter<Long> longConverter = new LongConverter();
+    private static Converter<Integer> intConverter = new IntegerConverter();
+    private static Converter<Boolean> booleanConverter = new BooleanConverter();
+    private static Map<String, Converter<?>> standardClaimConverteres = Map.of(
+            Claims.exp.name(), longConverter,
+            Claims.iat.name(), longConverter,
+            Claims.nbf.name(), longConverter,
+            Claims.auth_time.name(), longConverter,
+            Claims.email_verified.name(), booleanConverter);
+
+    private static Map<Class<?>, Converter<?>> converters = Map.of(
+            String.class, new StringConverter(),
+            Integer.class, intConverter,
+            int.class, intConverter,
+            Long.class, longConverter,
+            long.class, longConverter,
+            Boolean.class, booleanConverter,
+            boolean.class, booleanConverter,
+            JsonArray.class, new JsonArrayConverter(),
+            JsonObject.class, new JsonObjectConverter());
+
+    @Override
+    public SecurityIdentity augment(final SecurityIdentity identity, final Annotation[] annotations) {
+        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(identity);
+
+        final JwtSecurity jwtSecurity = findJwtSecurity(annotations);
+        builder.setPrincipal(new JsonWebToken() {
+
+            @Override
+            public String getName() {
+                return identity.getPrincipal().getName();
+            }
+
+            @SuppressWarnings("unchecked")
+            @Override
+            public <T> T getClaim(String claimName) {
+                if (Claims.groups.name().equals(claimName)) {
+                    return (T) identity.getRoles();
+                }
+                if (jwtSecurity != null && jwtSecurity.claims() != null) {
+                    for (Claim claim : jwtSecurity.claims()) {
+                        if (claim.key().equals(claimName)) {
+                            return convertClaimValue(claim);
+                        }
+                    }
+                }
+                return null;
+            }
+
+            @Override
+            public Set<String> getClaimNames() {
+                if (jwtSecurity != null && jwtSecurity.claims() != null) {
+                    return Arrays.stream(jwtSecurity.claims()).map(Claim::key).collect(Collectors.toSet());
+                }
+                return Collections.emptySet();
+            }
+
+        });
+
+        return builder.build();
+    }
+
+    private static JwtSecurity findJwtSecurity(Annotation[] annotations) {
+        for (Annotation ann : annotations) {
+            if (ann instanceof JwtSecurity) {
+                return (JwtSecurity) ann;
+            }
+        }
+        return null;
+    }
+
+    @SuppressWarnings("unchecked")
+    private <T> T convertClaimValue(Claim claim) {
+        if (claim.type() != Object.class) {
+            Converter<?> converter = converters.get(claim.type());
+            if (converter != null) {
+                return (T) converter.convert(claim.value());
+            } else {
+                throw new RuntimeException("Unsupported claim type: " + claim.type().getName());
+            }
+        } else if (standardClaimConverteres.containsKey(claim.key())) {
+            Converter<?> converter = standardClaimConverteres.get(claim.key());
+            return (T) converter.convert(claim.value());
+        } else {
+            return (T) claim.value();
+        }
+    }
+
+    private static interface Converter<T> {
+        T convert(String value);
+    }
+
+    private static class StringConverter implements Converter<String> {
+        @Override
+        public String convert(String value) {
+            return value;
+        }
+    }
+
+    private static class IntegerConverter implements Converter<Integer> {
+        @Override
+        public Integer convert(String value) {
+            return Integer.valueOf(value);
+        }
+    }
+
+    private static class LongConverter implements Converter<Long> {
+        @Override
+        public Long convert(String value) {
+            return Long.valueOf(value);
+        }
+    }
+
+    private static class BooleanConverter implements Converter<Boolean> {
+        @Override
+        public Boolean convert(String value) {
+            return Boolean.valueOf(value);
+        }
+    }
+
+    private static class JsonObjectConverter implements Converter<JsonObject> {
+        @Override
+        public JsonObject convert(String value) {
+            try (JsonReader jsonReader = Json.createReader(new StringReader(value))) {
+                return jsonReader.readObject();
+            }
+        }
+    }
+
+    private static class JsonArrayConverter implements Converter<JsonArray> {
+        @Override
+        public JsonArray convert(String value) {
+            try (JsonReader jsonReader = Json.createReader(new StringReader(value))) {
+                return jsonReader.readArray();
+            }
+        }
+    }
+}

test-framework/security-jwt/src/main/java/io/quarkus/test/security/jwt/JwtTestSecurityIdentityAugmentorProducer.java

@@ -1,20 +1,9 @@
 package io.quarkus.test.security.jwt;
 
-import java.lang.annotation.Annotation;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Set;
-import java.util.stream.Collectors;
-
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.enterprise.inject.Produces;
 
-import org.eclipse.microprofile.jwt.Claims;
-import org.eclipse.microprofile.jwt.JsonWebToken;
-
 import io.quarkus.arc.Unremovable;
-import io.quarkus.security.identity.SecurityIdentity;
-import io.quarkus.security.runtime.QuarkusSecurityIdentity;
 import io.quarkus.test.security.TestSecurityIdentityAugmentor;
 
 @ApplicationScoped
@@ -25,57 +14,4 @@ public class JwtTestSecurityIdentityAugmentorProducer {
     public TestSecurityIdentityAugmentor produce() {
         return new JwtTestSecurityIdentityAugmentor();
     }
-
-    private static class JwtTestSecurityIdentityAugmentor implements TestSecurityIdentityAugmentor {
-
-        @Override
-        public SecurityIdentity augment(final SecurityIdentity identity, final Annotation[] annotations) {
-            QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(identity);
-
-            final JwtSecurity jwtSecurity = findJwtSecurity(annotations);
-            builder.setPrincipal(new JsonWebToken() {
-
-                @Override
-                public String getName() {
-                    return identity.getPrincipal().getName();
-                }
-
-                @SuppressWarnings("unchecked")
-                @Override
-                public <T> T getClaim(String claimName) {
-                    if (Claims.groups.name().equals(claimName)) {
-                        return (T) identity.getRoles();
-                    }
-                    if (jwtSecurity != null && jwtSecurity.claims() != null) {
-                        for (Claim claim : jwtSecurity.claims()) {
-                            if (claim.key().equals(claimName)) {
-                                return (T) claim.value();
-                            }
-                        }
-                    }
-                    return null;
-                }
-
-                @Override
-                public Set<String> getClaimNames() {
-                    if (jwtSecurity != null && jwtSecurity.claims() != null) {
-                        return Arrays.stream(jwtSecurity.claims()).map(Claim::key).collect(Collectors.toSet());
-                    }
-                    return Collections.emptySet();
-                }
-
-            });
-
-            return builder.build();
-        }
-
-        private JwtSecurity findJwtSecurity(Annotation[] annotations) {
-            for (Annotation ann : annotations) {
-                if (ann instanceof JwtSecurity) {
-                    return (JwtSecurity) ann;
-                }
-            }
-            return null;
-        }
-    }
 }

test-framework/security-jwt/src/test/java/io/quarkus/test/security/jwt/JwtTestSecurityIdentityAugmentorTest.java

@@ -0,0 +1,74 @@
+package io.quarkus.test.security.jwt;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.lang.annotation.Annotation;
+import java.security.Principal;
+import java.util.Set;
+
+import jakarta.json.JsonArray;
+import jakarta.json.JsonObject;
+
+import org.eclipse.microprofile.jwt.Claims;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+import org.junit.jupiter.api.Test;
+
+import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.security.runtime.QuarkusSecurityIdentity;
+
+public class JwtTestSecurityIdentityAugmentorTest {
+
+    @Test
+    @JwtSecurity(claims = {
+            @Claim(key = "exp", value = "123456789"),
+            @Claim(key = "iat", value = "123456788"),
+            @Claim(key = "nbf", value = "123456787"),
+            @Claim(key = "auth_time", value = "123456786"),
+            @Claim(key = "customlong", value = "123456785", type = Long.class),
+            @Claim(key = "email", value = "[email protected]"),
+            @Claim(key = "email_verified", value = "true"),
+            @Claim(key = "email_checked", value = "false", type = Boolean.class),
+            @Claim(key = "jsonarray_claim", value = "[\"1\", \"2\"]", type = JsonArray.class),
+            @Claim(key = "jsonobject_claim", value = "{\"a\":\"1\", \"b\":\"2\"}", type = JsonObject.class)
+    })
+    public void testClaimValues() throws Exception {
+        SecurityIdentity identity = QuarkusSecurityIdentity.builder()
+                .setPrincipal(new Principal() {
+                    @Override
+                    public String getName() {
+                        return "alice";
+                    }
+
+                })
+                .addRole("user")
+                .build();
+
+        JwtTestSecurityIdentityAugmentor augmentor = new JwtTestSecurityIdentityAugmentor();
+
+        Annotation[] annotations = JwtTestSecurityIdentityAugmentorTest.class.getMethod("testClaimValues").getAnnotations();
+        JsonWebToken jwt = (JsonWebToken) augmentor.augment(identity, annotations).getPrincipal();
+
+        assertEquals("alice", jwt.getName());
+        assertEquals(Set.of("user"), jwt.getGroups());
+
+        assertEquals(123456789, jwt.getExpirationTime());
+        assertEquals(123456788, jwt.getIssuedAtTime());
+        assertEquals(123456787, (Long) jwt.getClaim(Claims.nbf.name()));
+        assertEquals(123456786, (Long) jwt.getClaim(Claims.auth_time.name()));
+        assertEquals(123456785, (Long) jwt.getClaim("customlong"));
+        assertEquals("[email protected]", jwt.getClaim(Claims.email));
+        assertTrue((Boolean) jwt.getClaim(Claims.email_verified.name()));
+        assertFalse((Boolean) jwt.getClaim("email_checked"));
+
+        JsonArray array = jwt.getClaim("jsonarray_claim");
+        assertEquals("1", array.getString(0));
+        assertEquals("2", array.getString(1));
+
+        JsonObject map = jwt.getClaim("jsonobject_claim");
+        assertEquals("1", map.getString("a"));
+        assertEquals("2", map.getString("b"));
+    }
+
+}