You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/04/25 15:40:55 UTC
cxf git commit: Starting with testing the client cert access token
binding
Repository: cxf
Updated Branches:
refs/heads/master 9cc3f37d1 -> aeba7ad5a
Starting with testing the client cert access token binding
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aeba7ad5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aeba7ad5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aeba7ad5
Branch: refs/heads/master
Commit: aeba7ad5a291db366abd65dc34c92ee8a21ee9be
Parents: 9cc3f37
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Apr 25 16:40:40 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Apr 25 16:40:40 2017 +0100
----------------------------------------------------------------------
.../security/oauth2/tls/JAXRSOAuth2TlsTest.java | 28 ++++++++--
.../oauth2/tls/OAuthDataProviderImpl.java | 1 +
.../jaxrs/security/oauth2/tls/serverTls.xml | 56 ++++++++++++++++++--
3 files changed, 77 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
index ad9f4bb..3824259 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
@@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
@@ -53,16 +54,21 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase {
@Test
public void testTwoWayTLSClientIdIsSubjectDn() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2/token";
- WebClient wc = createWebClient(address);
+ WebClient wc = createOAuth2WebClient(address);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant());
assertNotNull(at.getTokenKey());
+
+ String rsAddress = "https://localhost:" + PORT + "/rs/bookstore/books/123";
+ WebClient wcRs = createRsWebClient(rsAddress, at);
+ Book book = wcRs.get(Book.class);
+ assertEquals(123L, book.getId());
}
@Test
public void testTwoWayTLSClientIdBound() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2/token";
- WebClient wc = createWebClient(address);
+ WebClient wc = createOAuth2WebClient(address);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
new Consumer("bound"),
@@ -73,7 +79,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase {
@Test
public void testTwoWayTLSClientUnbound() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2/token";
- WebClient wc = createWebClient(address);
+ WebClient wc = createOAuth2WebClient(address);
try {
OAuthClientUtils.getAccessToken(wc,
new Consumer("unbound"),
@@ -86,7 +92,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase {
}
- private WebClient createWebClient(String address) {
+ private WebClient createOAuth2WebClient(String address) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -99,6 +105,20 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase {
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
return wc;
}
+ private WebClient createRsWebClient(String address, ClientAccessToken at) {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSOAuth2TlsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ WebClient wc = bean.createWebClient();
+ wc.accept(MediaType.APPLICATION_XML);
+ wc.authorization(at);
+ return wc;
+ }
private static class CustomGrant implements AccessTokenGrant {
http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
index 47f1d71..55ff852 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
@@ -42,6 +42,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
null);
client1.getAllowedGrantTypes().add("custom_grant");
registerCert(client1);
+ this.setClient(client1);
Client client2 = new Client("bound",
null,
http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
index 1901ba5..219bf45 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
@@ -24,8 +24,10 @@ under the License.
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:jaxrs-client="http://cxf.apache.org/jaxrs-client"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/jaxrs-client http://cxf.apache.org/schemas/jaxrs-client.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
@@ -45,7 +47,7 @@ under the License.
<util:list id="busProviders">
<ref bean="oauthJson"/>
</util:list>
- <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine-factory id="client-server-tls-config">
<httpj:engine port="${testutil.ports.jaxrs-oauth2-tls}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
@@ -61,9 +63,12 @@ under the License.
<bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
+
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.tls.OAuthDataProviderImpl"/>
- <bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <bean id="rsService" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
+
+ <bean id="accessTokenService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
@@ -72,10 +77,53 @@ under the License.
</property>
</bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2">
+ <bean id="tokenValidatorService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="blockUnauthorizedRequests" value="false"/>
+ </bean>
+
+ <jaxrs:server id="tokenServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="accessTokenService1"/>
+ <ref bean="tokenValidatorService1"/>
+ </jaxrs:serviceBeans>
+ </jaxrs:server>
+
+ <jaxrs-client:client id="tokenValidatorClient1"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2/validate"
+ serviceClass="org.apache.cxf.jaxrs.client.WebClient">
+ <jaxrs-client:headers>
+ <entry key="Accept" value="application/xml"/>
+ <entry key="Content-Type" value="application/x-www-form-urlencoded"/>
+ </jaxrs-client:headers>
+ </jaxrs-client:client>
+
+ <bean id="tokenValidator1" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient">
+ <property name="tokenValidatorClient" ref="tokenValidatorClient1"/>
+ </bean>
+
+ <bean id="oauth2Filter1" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="tokenValidator" ref="tokenValidator1"/>
+ </bean>
+ <jaxrs:server id="rsServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rs">
<jaxrs:serviceBeans>
- <ref bean="accessTokenService"/>
+ <ref bean="rsService"/>
</jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oauth2Filter1"/>
+ </jaxrs:providers>
</jaxrs:server>
+
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
</beans>