You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/25 17:14:49 UTC
[2/2] cxf git commit: Adding OIDC Hybrid tests
Adding OIDC Hybrid tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c8636c03
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c8636c03
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c8636c03
Branch: refs/heads/3.1.x-fixes
Commit: c8636c03666ce1d6bc101e5ae5f39a05375077bd
Parents: 7181101
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Apr 25 16:14:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Apr 25 16:14:28 2016 +0100
----------------------------------------------------------------------
.../security/oauth2/common/OAuth2TestUtils.java | 14 +-
.../oauth2/common/OAuthDataProviderImpl.java | 1 +
.../jaxrs/security/oidc/OIDCFlowTest.java | 161 +++++++++++++++++++
.../systest/jaxrs/security/oidc/oidc-server.xml | 14 +-
4 files changed, 185 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c8636c03/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index ea7afa0..3ab095d 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -69,11 +69,18 @@ public final class OAuth2TestUtils {
public static String getAuthorizationCode(WebClient client, String scope, String consumerId,
String nonce, String state) {
+ String location = getLocation(client, scope, consumerId, nonce, state, "code", "authorize/");
+ return getSubstring(location, "code");
+ }
+
+ public static String getLocation(WebClient client, String scope, String consumerId,
+ String nonce, String state, String responseType,
+ String path) {
// Make initial authorization request
client.type("application/json").accept("application/json");
client.query("client_id", consumerId);
client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("response_type", "code");
+ client.query("response_type", responseType);
if (scope != null) {
client.query("scope", scope);
}
@@ -84,7 +91,7 @@ public final class OAuth2TestUtils {
client.query("state", state);
}
- client.path("authorize/");
+ client.path(path);
Response response = client.get();
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
@@ -106,6 +113,7 @@ public final class OAuth2TestUtils {
if (authzData.getState() != null) {
form.param("state", authzData.getState());
}
+ form.param("response_type", authzData.getResponseType());
form.param("oauthDecision", "allow");
response = client.post(form);
@@ -114,7 +122,7 @@ public final class OAuth2TestUtils {
Assert.assertTrue(location.contains("state=" + state));
}
- return getSubstring(location, "code");
+ return location;
}
public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/c8636c03/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
index 0fed0d4..0252e1a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
@@ -45,6 +45,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
client.getAllowedGrantTypes().add("authorization_code");
client.getAllowedGrantTypes().add("refresh_token");
client.getAllowedGrantTypes().add("implicit");
+ client.getAllowedGrantTypes().add("hybrid");
client.getAllowedGrantTypes().add("password");
client.getAllowedGrantTypes().add("client_credentials");
client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:saml2-bearer");
http://git-wip-us.apache.org/repos/asf/cxf/blob/c8636c03/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index bba05a4..2195cf3 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -303,6 +304,166 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
assertNotNull(accessToken.getTokenKey());
}
+ @org.junit.Test
+ public void testImplicitFlow() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Access Token
+ client.type("application/json").accept("application/json");
+ client.query("client_id", "consumer-id");
+ client.query("redirect_uri", "http://www.blah.apache.org");
+ client.query("scope", "openid");
+ client.query("response_type", "id_token token");
+ client.query("nonce", "123456789");
+ client.path("authorize-implicit/");
+ Response response = client.get();
+
+ OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+
+ // Now call "decision" to get the access token
+ client.path("decision");
+ client.type("application/x-www-form-urlencoded");
+
+ Form form = new Form();
+ form.param("session_authenticity_token", authzData.getAuthenticityToken());
+ form.param("client_id", authzData.getClientId());
+ form.param("redirect_uri", authzData.getRedirectUri());
+ form.param("scope", authzData.getProposedScope());
+ if (authzData.getResponseType() != null) {
+ form.param("response_type", authzData.getResponseType());
+ }
+ if (authzData.getNonce() != null) {
+ form.param("nonce", authzData.getNonce());
+ }
+ form.param("oauthDecision", "allow");
+
+ response = client.post(form);
+
+ String location = response.getHeaderString("Location");
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+ assertNotNull(accessToken);
+
+ // Check IdToken
+ String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+ Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+ Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+ }
+
+ @org.junit.Test
+ public void testHybridCodeIdToken() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ String location =
+ OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
+ "code id_token", "authorize-hybrid");
+ assertNotNull(location);
+
+ // Check code
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check id_token
+ String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, "123456789");
+
+ // Now get the access token
+ client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "consumer-id", "this-is-a-secret", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ // Check id_token from the token endpoint
+ idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+ }
+
+ @org.junit.Test
+ public void testHybridCodeToken() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ String location =
+ OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
+ "code token", "authorize-hybrid");
+ assertNotNull(location);
+
+ // Check code
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+ assertNotNull(accessToken);
+ }
+
+ @org.junit.Test
+ public void testHybridCodeIdTokenToken() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ String location =
+ OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
+ "code id_token token", "authorize-hybrid");
+ assertNotNull(location);
+
+ // Check code
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check id_token
+ String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, "123456789");
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+ assertNotNull(accessToken);
+ }
+
private void validateIdToken(String idToken, String nonce)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
http://git-wip-us.apache.org/repos/asf/cxf/blob/c8636c03/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index ad95bec..f779096 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -66,12 +66,14 @@ under the License.
<constructor-arg><value>${testutil.ports.jaxrs-oidc}</value></constructor-arg>
</bean>
- <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
- <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
<property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
</bean>
<bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
@@ -94,6 +96,13 @@ under the License.
<property name="responseFilter" ref="idTokenFilter"/>
</bean>
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
<bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
<bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
<property name="callbackHandler" ref="callbackHandler"/>
@@ -106,6 +115,7 @@ under the License.
address="https://localhost:${testutil.ports.jaxrs-oidc}/services">
<jaxrs:serviceBeans>
<ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
<ref bean="implicitService"/>
<ref bean="tokenService"/>
<ref bean="oidcKeysService"/>