加特林-解码JWT令牌并验证令牌中的值

时间:2019-01-07 14:26:01

标签: java scala jwt gatling scala-gatling

我正在Scala中进行加特林测试,并希望验证已解码的JWT令牌中的某些字段。我知道如何解码它,但是像我在Java中那样,用杰克逊将生成的JSON映射到一个实体来检查值和/或存在性,并非不可能/非常缓慢。

我执行一些HTTP请求并获得JSON中的JWT令牌,例如:

{"id_token":"xxxxxxx...."}

令牌是JWT;我可以对其进行解码以获取另一个JSON:

JWSObject jwsObject = JWSObject.parse(authorizeToken); // from com.nimbusds.jose.JWTObject
log.info("Decoded JWS object: {}", jwsObject.getPayload().toString());

它让我:

{
    "sub": "c3f0d627-4820-4397-af20-1de71b208b15",
    "birthdate": "1942-11-08",
    "last_purchase_time": 1542286200,
    "gender": "M",
    "auth_level": "trusted",
    "iss": "http:\/\/somehost.com",
    "preferred_username": "test6@app.com",
    "given_name": "test6",
    "middle_name": "test6",
    "nonce": "random_string",
    "prv_member_id": 146794237,
    "aud": "some_issuer",
    "nbf": 1546869709,
    "is_premium": true,
    "updated_at": 1540812517,
    "registered_time": 1527677605,
    "name": "test6 test6 test6",
    "nickname": "test6",
    "exp": 1546870708,
    "iat": 1546869709,
    "family_name": "test6",
    "jti": "838bdd3f-1add-46f5-b3a1-cb220d3547a6"
}

在Java中,我定义了一个DTO,并将此JSON转换为DTO的一个实例,并使用Assert.assertEquals()或其他方式检查每个字段的值。

但是,在加特林,这是不可能的:

  • 与杰克逊的转换非常缓慢,需要我一生。
  • check()调用已被链接,无法像org.junit.Assert那样工作。

我与:

  http(...).exec(...)
    .check(
      header(HttpHeaderNames.ContentType).is("application/json;charset=UTF-8"),
      jsonPath("$..id_token") exists,
      jsonPath("$..id_token").saveAs("id_token"),
      status.is(200),
    )
  )
  .exitHereIfFailed
  .exec(session => {
    val token = session("id_token").as[String]
    log.debug("Token: " + token)
    val decodedToken:String = JWSObject.parse(token).getPayload.toString()
    val dto:JWTPayloadDTO = JsonUtil.fromJson(decodedToken)  // this is very slow

    // here verification

    log.info("JWT payload: " + dto)
    session
  }

那我该怎么办? check()session => {}部分中无效。

JsonUtil.fromJson()

package xxx.helpers

import com.fasterxml.jackson.databind.{DeserializationFeature, ObjectMapper}
import com.fasterxml.jackson.module.scala.experimental.ScalaObjectMapper
import com.fasterxml.jackson.module.scala.DefaultScalaModule

import scala.collection.mutable.ListBuffer

object JsonUtil {
  val mapper = new ObjectMapper() with ScalaObjectMapper
  mapper.registerModule(DefaultScalaModule)
  mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)

  def fromJson[T](json: String)(implicit m : Manifest[T]): T = {
    mapper.readValue[T](json)
  }


}

DTO:

package xxx.dto

import com.fasterxml.jackson.databind.PropertyNamingStrategy
import com.fasterxml.jackson.databind.annotation.JsonNaming

@JsonNaming(classOf[PropertyNamingStrategy.SnakeCaseStrategy])
case class JWTPayloadDTO(
  aud:                String,
  iss:                String,
  exp:                Long,
  nbf:                Long,
  iat:                Long,
  sub:                String,
  authLevel:          String,
  jti:                String,
  nonce:              String,

  preferredUsername:  String,
  name:               String,
  givenName:          String,
  familyName:         String,
  middleName:         String,
  nickname:           String,
  profile:            String,
  picture:            String,
  website:            String,
  email:              String,
  emailVerified:      Boolean,
  gender:             String,
  birthdate:          String,
  zoneInfo:           String,
  locale:             String,
  phoneNumber:        String,
  phoneNumberVerified:Boolean,
  mobileNumber:       String,
  updatedAt:          Long,
  registeredTime:     Long,
  prvMemberId:        Long,
  fbUid:              String,
  lastPurchaseTime:   Long,
  isPremium:          Boolean,
  isStaff:            Boolean
)

1 个答案:

答案 0 :(得分:0)

起初,如回购自述文件所述,我求助于Sonartype来解决依赖项:

https://github.com/FasterXML/jackson-module-scala

sonatype.sbt

resolvers += "Sonatype OSS Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots"

然后在build.sbt中添加依赖项。

然后我进入该模块的Wiki页面并将其更改为Maven(已删除sonatype.sbt

https://github.com/FasterXML/jackson-module-scala/wiki

仅在build.sbt中:

libraryDependencies += "com.fasterxml.jackson.module" % "jackson-module-scala_2.12" % "2.9.8" // latest

现在它开始工作。

相关问题
最新问题