You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/07/20 13:17:09 UTC
[cxf] branch 3.2.x-fixes updated (ba5706d -> 13875ca)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from ba5706d Adding parameterized JCache OAuthDataProvider tests to the systests
new 963b17b Fixed potential NPE in SAML OAuth 2.0 code
new 332db08 Add @Lob annotation for application certificates
new 13875ca Added JPA systests for the OAuth Data Provider
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../grants/saml/Saml2BearerGrantHandler.java | 2 +-
.../cxf/rs/security/oauth2/common/Client.java | 4 +-
systests/rs-security/pom.xml | 32 ++++++
...iderImpl.java => JPAOAuthDataProviderImpl.java} | 26 ++---
.../oauth2/common/JPASaml2BearerGrantHandler.java | 18 ++-
.../grants/AuthorizationGrantNegativeTest.java | 26 ++++-
.../oauth2/grants/AuthorizationGrantTest.java | 28 ++++-
.../oauth2/grants/IntrospectionServiceTest.java | 28 ++++-
.../security/oauth2/grants/JAXRSOAuth2Test.java | 26 ++++-
.../systest/jaxrs/security/oidc/OIDCFlowTest.java | 29 ++++-
.../jaxrs/security/oidc/OIDCNegativeServer.java | 46 --------
.../jaxrs/security/oidc/OIDCNegativeServerJWT.java | 46 --------
.../jaxrs/security/oidc/OIDCNegativeTest.java | 127 ++++++++++++++++++++-
.../systest/jaxrs/security/oidc/UserInfoTest.java | 28 ++++-
.../src/test/resources/META-INF/persistence.xml | 28 +----
...ache-jwt.xml => grants-negative-server-jpa.xml} | 23 +++-
...server-jcache-jwt.xml => grants-server-jpa.xml} | 25 ++--
...ver-jcache.xml => introspection-server-jpa.xml} | 21 +++-
.../grants/{server-jcache.xml => server-jpa.xml} | 32 ++++--
...jwt.xml => oidc-negative-server-jcache-jwt.xml} | 12 +-
...-server.xml => oidc-negative-server-jcache.xml} | 12 +-
...server-jwt.xml => oidc-negative-server-jpa.xml} | 26 +++--
.../{oidc-server-jwt.xml => oidc-server-jpa.xml} | 24 +++-
...info-server-jwt.xml => userinfo-server-jpa.xml} | 30 +++--
24 files changed, 495 insertions(+), 204 deletions(-)
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/{JCacheOAuthDataProviderImpl.java => JPAOAuthDataProviderImpl.java} (91%)
copy rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java => systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java (57%)
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java
copy {rt/rs/security/sso/oidc => systests/rs-security}/src/test/resources/META-INF/persistence.xml (56%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server-jcache-jwt.xml => grants-negative-server-jpa.xml} (91%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server-jcache-jwt.xml => grants-server-jpa.xml} (90%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{introspection-server-jcache.xml => introspection-server-jpa.xml} (91%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{server-jcache.xml => server-jpa.xml} (88%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-negative-server-jwt.xml => oidc-negative-server-jcache-jwt.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-negative-server.xml => oidc-negative-server-jcache.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-negative-server-jwt.xml => oidc-negative-server-jpa.xml} (92%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-server-jwt.xml => oidc-server-jpa.xml} (90%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{userinfo-server-jwt.xml => userinfo-server-jpa.xml} (92%)
[cxf] 03/03: Added JPA systests for the OAuth Data Provider
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 13875caf7adb708343d8a3d9670852dad4a9b1bb
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 20 13:27:18 2018 +0100
Added JPA systests for the OAuth Data Provider
(cherry picked from commit 28d19eaa59b4cfe41069e66318b644c2fa00e404)
---
systests/rs-security/pom.xml | 32 +++
.../oauth2/common/JPAOAuthDataProviderImpl.java | 256 +++++++++++++++++++++
.../common/JPASaml2BearerGrantHandler.java} | 35 ++-
.../grants/AuthorizationGrantNegativeTest.java | 26 ++-
.../oauth2/grants/AuthorizationGrantTest.java | 28 ++-
.../oauth2/grants/IntrospectionServiceTest.java | 28 ++-
.../security/oauth2/grants/JAXRSOAuth2Test.java | 26 ++-
.../systest/jaxrs/security/oidc/OIDCFlowTest.java | 29 ++-
.../jaxrs/security/oidc/OIDCNegativeServerJWT.java | 46 ----
.../jaxrs/security/oidc/OIDCNegativeTest.java | 127 +++++++++-
.../systest/jaxrs/security/oidc/UserInfoTest.java | 28 ++-
.../src/test/resources/META-INF/persistence.xml | 33 +++
.../oauth2/grants/grants-negative-server-jpa.xml | 156 +++++++++++++
.../security/oauth2/grants/grants-server-jpa.xml | 156 +++++++++++++
.../oauth2/grants/introspection-server-jpa.xml | 137 +++++++++++
.../jaxrs/security/oauth2/grants/server-jpa.xml | 160 +++++++++++++
.../oidc/oidc-negative-server-jcache-jwt.xml | 184 +++++++++++++++
.../security/oidc/oidc-negative-server-jcache.xml | 183 +++++++++++++++
.../security/oidc/oidc-negative-server-jpa.xml | 196 ++++++++++++++++
.../jaxrs/security/oidc/oidc-server-jpa.xml | 171 ++++++++++++++
.../jaxrs/security/oidc/userinfo-server-jpa.xml | 205 +++++++++++++++++
21 files changed, 2167 insertions(+), 75 deletions(-)
diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml
index 0fa73f7..c7d6c96 100644
--- a/systests/rs-security/pom.xml
+++ b/systests/rs-security/pom.xml
@@ -33,6 +33,8 @@
<properties>
<oauth.version>20100527</oauth.version>
<cxf.module.name>org.apache.cxf.systests.security</cxf.module.name>
+ <hibernate.em.version>4.1.0.Final</hibernate.em.version>
+ <hsqldb.version>2.3.4</hsqldb.version>
</properties>
<dependencies>
<dependency>
@@ -208,6 +210,36 @@
<version>${cxf.ehcache3.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.hibernate.javax.persistence</groupId>
+ <artifactId>hibernate-jpa-2.1-api</artifactId>
+ <version>1.0.2.Final</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-orm</artifactId>
+ <version>${cxf.spring.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>${hibernate.em.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-ehcache</artifactId>
+ <version>${hibernate.em.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldb.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java
new file mode 100644
index 0000000..af65796
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java
@@ -0,0 +1,256 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.oauth2.common;
+
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.persistence.EntityManagerFactory;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.saml.Constants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.xml.security.utils.ClassLoaderUtils;
+
+/**
+ * Extend the JPACodeDataProvider to allow refreshing of tokens
+ */
+public class JPAOAuthDataProviderImpl extends JPACodeDataProvider {
+ private Set<String> externalClients = new HashSet<>();
+
+ public JPAOAuthDataProviderImpl(String servicePort, EntityManagerFactory emf) throws Exception {
+ this(servicePort, null, emf);
+ }
+
+ public JPAOAuthDataProviderImpl(String servicePort, String partnerPort, EntityManagerFactory emf) throws Exception {
+ super();
+
+ super.setEntityManagerFactory(emf);
+
+ // filters/grants test client
+ Client client = new Client("consumer-id", "this-is-a-secret", true);
+ List<String> redirectUris = new ArrayList<>();
+ redirectUris.add("http://www.blah.apache.org");
+ if (partnerPort != null) {
+ redirectUris.add("https://localhost:" + partnerPort + "/partnerservice/bookstore/books");
+ }
+ client.setRedirectUris(redirectUris);
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+ client.getAllowedGrantTypes().add("implicit");
+ client.getAllowedGrantTypes().add("hybrid");
+ client.getAllowedGrantTypes().add("password");
+ client.getAllowedGrantTypes().add("client_credentials");
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:saml2-bearer");
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
+
+ client.getRegisteredScopes().add("read_balance");
+ client.getRegisteredScopes().add("create_balance");
+ client.getRegisteredScopes().add("read_data");
+ client.getRegisteredScopes().add("read_book");
+ client.getRegisteredScopes().add("create_book");
+ client.getRegisteredScopes().add("create_image");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // OIDC filters test client
+ client = new Client("consumer-id-oidc", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("https://localhost:" + servicePort
+ + "/secured/bookstore/books"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // Audience test client
+ client = new Client("consumer-id-aud", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredAudiences().add("https://localhost:" + servicePort
+ + "/secured/bookstore/books");
+ client.getRegisteredAudiences().add("https://127.0.0.1/test");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // Audience test client 2
+ client = new Client("consumer-id-aud2", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredAudiences().add("https://localhost:" + servicePort
+ + "/securedxyz/bookstore/books");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // JAXRSOAuth2Test clients
+ client = new Client("alice", "alice", true);
+ client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fredNoPassword", null, true);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fredPublic", null, false);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fred", "password", true);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ Certificate cert = loadCert();
+ String encodedCert = Base64Utility.encode(cert.getEncoded());
+
+ Client client2 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US",
+ null,
+ true,
+ null,
+ null);
+ client2.getAllowedGrantTypes().add("custom_grant");
+ client2.setApplicationCertificates(Collections.singletonList(encodedCert));
+ this.setClient(client2);
+
+ // external clients (in LDAP/etc) which can be used for client cred
+ externalClients.add("bob:bobPassword");
+
+ }
+
+ private Certificate loadCert() throws Exception {
+ try (InputStream is = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) {
+ return CryptoUtils.loadCertificate(is, "password".toCharArray(), "morpit", null);
+ }
+ }
+
+ @Override
+ public Client getClient(String clientId) {
+ Client c = super.getClient(clientId);
+ if (c == null) {
+ String clientSecret = super.getCurrentClientSecret();
+ if (externalClients.contains(clientId + ":" + clientSecret)) {
+ c = new Client(clientId, clientSecret, true);
+ c.setTokenEndpointAuthMethod(OAuthConstants.TOKEN_ENDPOINT_AUTH_BASIC);
+ }
+ }
+ return c;
+
+ }
+
+ @Override
+ protected boolean isRefreshTokenSupported(List<String> theScopes) {
+ return true;
+ }
+
+ @Override
+ public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
+ if (requestedScopes.isEmpty()) {
+ return Collections.emptyList();
+ }
+
+ List<OAuthPermission> permissions = new ArrayList<>();
+ for (String requestedScope : requestedScopes) {
+ if ("read_book".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_book");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/books/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_book".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_book");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/books/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_image".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_image");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/image/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("read_balance".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_balance");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/balance/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_balance".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_balance");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/balance/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("read_data".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_data");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/data/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("openid".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("openid", "Authenticate user");
+ permissions.add(permission);
+ } else {
+ throw new OAuthServiceException("invalid_scope");
+ }
+ }
+
+ return permissions;
+ }
+}
\ No newline at end of file
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java
similarity index 50%
rename from systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java
rename to systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java
index 79a2367..ab609dc 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java
@@ -16,31 +16,22 @@
* specific language governing permissions and limitations
* under the License.
*/
+package org.apache.cxf.systest.jaxrs.security.oauth2.common;
-package org.apache.cxf.systest.jaxrs.security.oidc;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class OIDCNegativeServer extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- OIDCNegativeServer.class.getResource("oidc-negative-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
+/**
+ * Extend Saml2BearerGrantHandler not to use SamlUserSubject, which is not an entity and hence causes problems with JPA.
+ */
+public class JPASaml2BearerGrantHandler extends Saml2BearerGrantHandler {
- try {
- new OIDCNegativeServer();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
+ @Override
+ protected UserSubject getGrantSubject(Message message, SamlAssertionWrapper wrapper) {
+ UserSubject userSubject = super.getGrantSubject(message, wrapper);
+ return new UserSubject(userSubject.getLogin(), userSubject.getRoles());
}
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 8c68fb6..2495cde 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestBase {
@@ -75,6 +76,8 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache");
public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jcache-jwt");
public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache-jwt");
+ public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jpa");
+ public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jpa");
final String port;
@@ -92,6 +95,8 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
launchServer(BookServerOAuth2GrantsNegativeJCache.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2GrantsNegativeJCacheJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsNegativeJPA.class, true));
}
@AfterClass
@@ -102,7 +107,7 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
//
@@ -984,4 +989,23 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
}
}
+
+ public static class BookServerOAuth2GrantsNegativeJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsNegative.class.getResource("grants-negative-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsNegativeJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index e52c96b..10c683a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@@ -75,6 +76,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache");
public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-jwt");
public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-jwt");
+ public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jpa");
+ public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jpa");
final String port;
@@ -92,6 +95,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2GrantsJCache.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2GrantsJCacheJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsJPA.class, true));
}
@AfterClass
@@ -102,7 +107,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
@org.junit.Test
@@ -358,6 +363,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
audPort = JCACHE_PORT2;
} else if (JWT_JCACHE_PORT.equals(port)) {
audPort = JWT_JCACHE_PORT2;
+ } else if (JPA_PORT.equals(port)) {
+ audPort = JPA_PORT2;
}
String audience = "https://localhost:" + audPort + "/secured/bookstore/books";
ClientAccessToken accessToken =
@@ -633,4 +640,23 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
}
}
+
+ public static class BookServerOAuth2GrantsJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("grants-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
index 737f2fa..5c831fe 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
@@ -49,6 +49,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
@@ -61,6 +62,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache");
public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache-jwt");
public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache-jwt");
+ public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jpa");
+ public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jpa");
final String port;
@@ -78,6 +81,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2IntrospectionJCache.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2IntrospectionJCacheJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2IntrospectionJPA.class, true));
}
@AfterClass
@@ -88,7 +93,7 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); // TODOJPA_PORT);
}
@org.junit.Test
@@ -163,6 +168,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
audPort = JCACHE_PORT2;
} else if (JWT_JCACHE_PORT.equals(port)) {
audPort = JWT_JCACHE_PORT2;
+ } else if (JPA_PORT.equals(port)) {
+ audPort = JPA_PORT2;
}
String audience = "https://localhost:" + audPort + "/secured/bookstore/books";
ClientAccessToken accessToken =
@@ -412,4 +419,23 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
}
}
+
+ public static class BookServerOAuth2IntrospectionJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Introspection.class.getResource("introspection-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2IntrospectionJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
index a1c6773..a098dbf 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
@@ -80,6 +80,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
@@ -91,6 +92,8 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
public static final String JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache");
public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jcache-jwt");
public static final String JWT_JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache-jwt");
+ public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jpa");
+ public static final String JPA_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jpa");
private static final String CRYPTO_RESOURCE_PROPERTIES =
"org/apache/cxf/systest/jaxrs/security/alice.properties";
@@ -111,6 +114,8 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2JCache.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2JCacheJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2JPA.class, true));
}
@AfterClass
@@ -121,7 +126,7 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
@Test
@@ -705,4 +710,23 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
}
}
+
+ public static class BookServerOAuth2JPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2JPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index ab18d0a..eb98186 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -71,6 +71,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class OIDCFlowTest extends AbstractBusClientServerTestBase {
@@ -79,6 +80,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oidc-jwt");
static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache");
static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache-jwt");
+ static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oidc-jpa");
final String port;
@@ -112,6 +114,12 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
// set this to false to fork
launchServer(OIDCServerJCacheJWT.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCServerJPA.class, true)
+ );
}
@AfterClass
@@ -122,7 +130,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
@org.junit.Test
@@ -1077,4 +1085,23 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
}
}
+
+ public static class OIDCServerJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCServer.class.getResource("oidc-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCServerJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java
deleted file mode 100644
index f71756a..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oidc;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class OIDCNegativeServerJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new OIDCNegativeServerJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
index 001ac9b..781efe6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
@@ -28,6 +28,9 @@ import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
@@ -42,6 +45,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.junit.AfterClass;
@@ -55,12 +59,18 @@ import org.junit.runners.Parameterized.Parameters;
* implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
static final String PORT = TestUtil.getPortNumber("jaxrs-negative-oidc");
static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jwt");
+ static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jcache");
+ static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jcache-jwt");
+ static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jpa");
final String port;
@@ -82,6 +92,24 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
// set this to false to fork
launchServer(OIDCNegativeServerJWT.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCNegativeServerJCache.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCNegativeServerJCacheJWT.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCNegativeServerJPA.class, true)
+ );
}
@AfterClass
@@ -92,7 +120,7 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
@org.junit.Test
@@ -423,5 +451,102 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
assertEquals("consumer-id", userInfo.getAudience());
}
+ //
+ // Server implementations
+ //
+
+ public static class OIDCNegativeServer extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCNegativeServer.class.getResource("oidc-negative-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCNegativeServer();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+
+ public static class OIDCNegativeServerJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCNegativeServerJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCNegativeServerJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCNegativeServerJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCNegativeServerJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCNegativeServerJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCNegativeServerJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCNegativeServer.class.getResource("oidc-negative-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCNegativeServerJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
index 5ff0e80..059a8a6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
@@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters;
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
* c) JCACHE_PORT - JCache
* d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
+ * e) JPA_PORT - JPA provider
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class UserInfoTest extends AbstractBusClientServerTestBase {
@@ -72,6 +73,7 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jwt");
static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache");
static final String JCACHE_JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache-jwt");
+ static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jpa");
final String port;
@@ -105,6 +107,12 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
// set this to false to fork
launchServer(UserInfoServerJCacheJWT.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(UserInfoServerJPA.class, true)
+ );
}
@AfterClass
@@ -115,7 +123,7 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT, JPA_PORT);
}
@org.junit.Test
@@ -390,4 +398,22 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
}
+ public static class UserInfoServerJPA extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ UserInfoServer.class.getResource("userinfo-server-jpa.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new UserInfoServerJPA();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/resources/META-INF/persistence.xml b/systests/rs-security/src/test/resources/META-INF/persistence.xml
new file mode 100644
index 0000000..e954d3b
--- /dev/null
+++ b/systests/rs-security/src/test/resources/META-INF/persistence.xml
@@ -0,0 +1,33 @@
+<persistence xmlns="http://java.sun.com/xml/ns/persistence"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
+ version="2.0">
+
+ <persistence-unit name="testUnitHibernate" transaction-type="RESOURCE_LOCAL">
+ <provider>org.hibernate.ejb.HibernatePersistence</provider>
+ <class>org.apache.cxf.rs.security.oauth2.common.Client</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.UserSubject</class>
+ <class>org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant</class>
+ <class>org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant</class>
+ <class>org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.ServerAccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.AccessToken</class>
+ <class>org.apache.cxf.rs.security.oauth2.common.OAuthPermission</class>
+ <class>org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken</class>
+ <exclude-unlisted-classes>true</exclude-unlisted-classes>
+ <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode>
+ <properties>
+ <property name="hibernate.connection.url" value="jdbc:hsqldb:mem:oauth-jpa"/>
+ <property name="hibernate.connection.driver_class" value="org.hsqldb.jdbcDriver"/>
+ <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect"/>
+ <property name="hibernate.hbm2ddl.auto" value="create-drop"/>
+ <property name="hibernate.connection.username" value="sa"/>
+ <property name="hibernate.connection.password" value=""/>
+ <property name="javax.persistence.validation.mode" value="none"/>
+ <property name="hibernate.cache.region.factory_class"
+ value="org.hibernate.cache.ehcache.SingletonEhCacheRegionFactory"/>
+ <property name="hibernate.max_fetch_depth" value="3"/>
+ </properties>
+ </persistence-unit>
+
+</persistence>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml
new file mode 100644
index 0000000..b75be09
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-negative-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="${testutil.ports.jaxrs-oauth2-grants2-negative-jpa}"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-negative-jpa}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml
new file mode 100644
index 0000000..13d709a
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="${testutil.ports.jaxrs-oauth2-grants2-jpa}"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPASaml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jpa}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml
new file mode 100644
index 0000000..928964c
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-introspection-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-introspection2-jpa}</value></constructor-arg>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-introspection-jpa}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ <ref bean="tokenIntrospectionService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml
new file mode 100644
index 0000000..72636e2
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="12345"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+ <bean id="samlGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPASaml2BearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+
+ <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+ <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+
+ <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="clientCredGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+ <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ <ref bean="customGrantHandler"/>
+ <ref bean="clientCredGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <bean id="serviceBeanPublic" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="customGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-oauth2-public-jpa}/oauth2Public">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBeanPublic"/>
+ </jaxrs:serviceBeans>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2-auth-jwt">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwtAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml
new file mode 100644
index 0000000..ef885db
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-negative-oidc-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/ui/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml
new file mode 100644
index 0000000..cfec724
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-negative-oidc-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/ui/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml
new file mode 100644
index 0000000..ada2fc0
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml
@@ -0,0 +1,196 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="${testutil.ports.jaxrs-negative-oidc-jpa}"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/ui/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml
new file mode 100644
index 0000000..28808aa
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oidc-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="${testutil.ports.jaxrs-oidc-jpa}"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jpa}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jpa}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml
new file mode 100644
index 0000000..387f2f8
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-userinfo-jpa}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="entityManagerFactory"
+ class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <property name="persistenceUnitName"
+ value="testUnitHibernate" />
+ <property name="jpaPropertyMap">
+ <map>
+ <entry key="hibernate.jdbc.fetch_size" value="400" />
+ <entry key="hibernate.jdbc.batch_size" value="100" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
+ <constructor-arg value="${testutil.ports.jaxrs-userinfo-jpa}"/>
+ <constructor-arg ref="entityManagerFactory"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/oidc">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+ <bean id="signedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/signed">
+ <jaxrs:serviceBeans>
+ <ref bean="signedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="encryptedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ <property name="jweRequired" value="true"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/encrypted">
+ <jaxrs:serviceBeans>
+ <ref bean="encryptedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="bob"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/bob.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+
+ </jaxrs:server>
+
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+
+</beans>
[cxf] 01/03: Fixed potential NPE in SAML OAuth 2.0 code
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 963b17be320f5206280c18075cfe7ebd1b41e9df
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 20 12:30:21 2018 +0100
Fixed potential NPE in SAML OAuth 2.0 code
(cherry picked from commit dd2ad753ca0980a3f83347016adff97aee5c09c2)
---
.../cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index c989109..36e9e68 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -138,7 +138,7 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler {
SAMLSecurityContext jaxrsSc = (SAMLSecurityContext)sc;
Set<Principal> rolesP = jaxrsSc.getUserRoles();
List<String> roles = new ArrayList<>();
- if (roles != null) {
+ if (rolesP != null) {
for (Principal p : rolesP) {
roles.add(p.getName());
}
[cxf] 02/03: Add @Lob annotation for application certificates
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 332db08ca95c7da951043ae8e2b18833a33fe1bb
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 20 12:49:27 2018 +0100
Add @Lob annotation for application certificates
(cherry picked from commit 260efe56fc1bfc89950d1eda89114feb287490cd)
---
.../main/java/org/apache/cxf/rs/security/oauth2/common/Client.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
index b337bc9..c0f897a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
@@ -28,6 +28,7 @@ import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
+import javax.persistence.Lob;
import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn;
import javax.persistence.OneToOne;
@@ -66,7 +67,7 @@ public class Client implements Serializable {
private String homeRealm;
private boolean registeredDynamically;
private String tokenEndpointAuthMethod;
-
+
public Client() {
}
@@ -346,6 +347,7 @@ public class Client implements Serializable {
@ElementCollection(fetch = FetchType.EAGER)
@OrderColumn
+ @Lob
public List<String> getApplicationCertificates() {
return applicationCertificates;
}