You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/08 16:24:31 UTC
[5/5] cxf git commit: Adding JWT Grant + Authn tests
Adding JWT Grant + Authn tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/03f3fecb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/03f3fecb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/03f3fecb
Branch: refs/heads/master
Commit: 03f3fecbbe8c36811bddce991b98a59fd7fa80b7
Parents: 4a4fe37
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Dec 8 15:21:52 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Dec 8 15:22:09 2015 +0000
----------------------------------------------------------------------
.../jaxrs/security/oauth2/JAXRSOAuth2Test.java | 89 ++++++++++++++++++++
.../security/oauth2/OAuthDataProviderImpl.java | 1 +
.../systest/jaxrs/security/oauth2/server.xml | 29 +++++++
3 files changed, 119 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
index 7901fc6..d20d3ff 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
@@ -20,8 +20,12 @@
package org.apache.cxf.systest.jaxrs.security.oauth2;
import java.net.URL;
+import java.util.Calendar;
+import java.util.Collections;
+import java.util.Date;
import java.util.HashMap;
import java.util.Map;
+import java.util.Properties;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
@@ -37,11 +41,18 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant;
import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
import org.apache.cxf.rs.security.oauth2.saml.Constants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -136,6 +147,41 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
assertNotNull(at.getTokenKey());
}
+ @Test
+ public void testJWTBearerGrant() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "alice", address, true, true);
+
+ JwtBearerGrant grant = new JwtBearerGrant(token);
+ ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
+ new Consumer("alice", "alice"),
+ grant,
+ false);
+ assertNotNull(at.getTokenKey());
+ }
+
+ @Test
+ public void testJWTBearerAuthenticationDirect() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "alice", address, true, true);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
+ new CustomGrant(),
+ extraParams);
+ assertNotNull(at.getTokenKey());
+ }
+
private WebClient createWebClient(String address) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -180,6 +226,49 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
return wc;
}
+ private String createToken(String issuer, String subject, String audience,
+ boolean expiry, boolean sign) {
+ // Create the JWT Token
+ JwtClaims claims = new JwtClaims();
+ claims.setSubject(subject);
+ if (issuer != null) {
+ claims.setIssuer(issuer);
+ }
+ claims.setIssuedAt(new Date().getTime() / 1000L);
+ if (expiry) {
+ Calendar cal = Calendar.getInstance();
+ cal.add(Calendar.SECOND, 60);
+ claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+ }
+ if (audience != null) {
+ claims.setAudiences(Collections.singletonList(audience));
+ }
+
+ if (sign) {
+ // Sign the JWT Token
+ Properties signingProperties = new Properties();
+ signingProperties.put("rs.security.keystore.type", "jks");
+ signingProperties.put("rs.security.keystore.password", "password");
+ signingProperties.put("rs.security.keystore.alias", "alice");
+ signingProperties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ signingProperties.put("rs.security.key.password", "password");
+ signingProperties.put("rs.security.signature.algorithm", "RS256");
+
+ JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+
+ JwsSignatureProvider sigProvider =
+ JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
+
+ return jws.signWith(sigProvider);
+ }
+
+ JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+ return jws.getSignedEncodedJws();
+ }
+
private static class CustomGrant implements AccessTokenGrant {
private static final long serialVersionUID = -4007538779198315873L;
http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
index ce89320..b1472e5 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
@@ -45,6 +45,7 @@ public class OAuthDataProviderImpl implements OAuthDataProvider {
public OAuthDataProviderImpl() throws Exception {
Client client = new Client("alice", "alice", true);
client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
client.getAllowedGrantTypes().add("custom_grant");
clients.put(client.getClientId(), client);
http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
index 260f4ba..75fb048 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
@@ -62,7 +62,13 @@ under the License.
<bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+
<bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+ <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+
<bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
@@ -72,6 +78,7 @@ under the License.
<property name="grantHandlers">
<list>
<ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
<ref bean="customGrantHandler"/>
</list>
</property>
@@ -82,6 +89,12 @@ under the License.
</jaxrs:serviceBeans>
<jaxrs:properties>
<entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
</jaxrs:properties>
</jaxrs:server>
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
@@ -95,4 +108,20 @@ under the License.
<entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth-jwt">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwtAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
</beans>