加特林-解碼JWT令牌並驗證令牌中的值
[英]Gatling - decode JWT token and verify value in token
問題描述
我正在使用Scala中的加特林(Gatling)測試,並想驗證已解碼的JWT令牌中的某些字段。 我知道如何解碼它,但是像我在Java中那樣,用傑克遜將生成的JSON映射到一個實體來檢查值和/或是否存在是不可能/非常緩慢。
我執行一些HTTP請求,並在JSON中獲得JWT令牌,例如:
{"id_token":"xxxxxxx...."}
令牌是JWT; 我可以對其進行解碼以獲取另一個JSON:
JWSObject jwsObject = JWSObject.parse(authorizeToken); // from com.nimbusds.jose.JWTObject
log.info("Decoded JWS object: {}", jwsObject.getPayload().toString());
它讓我:
{
"sub": "c3f0d627-4820-4397-af20-1de71b208b15",
"birthdate": "1942-11-08",
"last_purchase_time": 1542286200,
"gender": "M",
"auth_level": "trusted",
"iss": "http:\/\/somehost.com",
"preferred_username": "test6@app.com",
"given_name": "test6",
"middle_name": "test6",
"nonce": "random_string",
"prv_member_id": 146794237,
"aud": "some_issuer",
"nbf": 1546869709,
"is_premium": true,
"updated_at": 1540812517,
"registered_time": 1527677605,
"name": "test6 test6 test6",
"nickname": "test6",
"exp": 1546870708,
"iat": 1546869709,
"family_name": "test6",
"jti": "838bdd3f-1add-46f5-b3a1-cb220d3547a6"
}
在Java中,我定義一個DTO並將此JSON轉換為DTO的一個實例,並使用Assert.assertEquals()或其他方法檢查每個字段的值。
但是,在加特林,這是不可能的:
- 與Jackson的轉換非常緩慢,需要我一生。
-
check()調用已鏈接,無法像org.junit.Assert一樣工作。
我和:
http(...).exec(...)
.check(
header(HttpHeaderNames.ContentType).is("application/json;charset=UTF-8"),
jsonPath("$..id_token") exists,
jsonPath("$..id_token").saveAs("id_token"),
status.is(200),
)
)
.exitHereIfFailed
.exec(session => {
val token = session("id_token").as[String]
log.debug("Token: " + token)
val decodedToken:String = JWSObject.parse(token).getPayload.toString()
val dto:JWTPayloadDTO = JsonUtil.fromJson(decodedToken) // this is very slow
// here verification
log.info("JWT payload: " + dto)
session
}
那么,我該怎么辦? check()在session => {}部分中不起作用。
JsonUtil.fromJson() :
package xxx.helpers
import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
import com.fasterxml.jackson.module.scala.experimental.ScalaObjectMapper
import com.fasterxml.jackson.module.scala.DefaultScalaModule
import scala.collection.mutable.ListBuffer
object JsonUtil {
val mapper = new ObjectMapper() with ScalaObjectMapper
mapper.registerModule(DefaultScalaModule)
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
def fromJson[T](json: String)(implicit m : Manifest[T]): T = {
mapper.readValue[T](json)
}
}
DTO:
package xxx.dto
import com.fasterxml.jackson.databind.PropertyNamingStrategy
import com.fasterxml.jackson.databind.annotation.JsonNaming
@JsonNaming(classOf[PropertyNamingStrategy.SnakeCaseStrategy])
case class JWTPayloadDTO(
aud: String,
iss: String,
exp: Long,
nbf: Long,
iat: Long,
sub: String,
authLevel: String,
jti: String,
nonce: String,
preferredUsername: String,
name: String,
givenName: String,
familyName: String,
middleName: String,
nickname: String,
profile: String,
picture: String,
website: String,
email: String,
emailVerified: Boolean,
gender: String,
birthdate: String,
zoneInfo: String,
locale: String,
phoneNumber: String,
phoneNumberVerified:Boolean,
mobileNumber: String,
updatedAt: Long,
registeredTime: Long,
prvMemberId: Long,
fbUid: String,
lastPurchaseTime: Long,
isPremium: Boolean,
isStaff: Boolean
)
1 個解決方案
解決方案1
0 2019-01-08 10:51:59
最初,我使用Sonartype進行依賴關系解決,如回購自述文件所示:
https://github.com/FasterXML/jackson-module-scala
sonatype.sbt :
resolvers += "Sonatype OSS Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots"
然后在build.sbt添加依賴build.sbt 。
然后,我進入該模塊的Wiki頁面,並將其更改為Maven(已刪除sonatype.sbt )
https://github.com/FasterXML/jackson-module-scala/wiki
僅在build.sbt :
libraryDependencies += "com.fasterxml.jackson.module" % "jackson-module-scala_2.12" % "2.9.8" // latest
現在它開始工作。
如何使用 nimbus-jose-jwt 解碼 JWT 令牌以獲取 Header 和 Payload 的詳細信息?
[英]How to decode JWT token to get details of Header and Payload using nimbus-jose-jwt?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.