You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2020/03/10 12:03:51 UTC
[cxf] branch master updated: cxf-systests-rs-security: explicit
'issuer' initialization
This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 85b048e cxf-systests-rs-security: explicit 'issuer' initialization
85b048e is described below
commit 85b048e674b16541cf6a4a35ea96a7d1081faca9
Author: Alexey Markevich <bu...@gmail.com>
AuthorDate: Tue Mar 10 15:02:02 2020 +0300
cxf-systests-rs-security: explicit 'issuer' initialization
---
.../oauth2/grants/AuthorizationGrantTest.java | 293 ++++++---------------
.../grants-server-jcache-jwt-non-persist.xml | 7 +-
.../oauth2/grants/grants-server-jcache-jwt.xml | 7 +-
.../oauth2/grants/grants-server-jcache.xml | 6 +-
.../security/oauth2/grants/grants-server-jpa.xml | 6 +-
5 files changed, 93 insertions(+), 226 deletions(-)
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 161da2f..4a6b009 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -20,35 +20,30 @@
package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
import java.io.IOException;
-import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
+import org.apache.cxf.systest.jaxrs.security.oidc.SpringBusTestServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
+import org.apache.cxf.transport.http.HTTPConduitConfigurer;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.junit.AfterClass;
@@ -70,16 +65,24 @@ import static org.junit.Assert.assertTrue;
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
- public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache");
- public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache");
- public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-jwt");
- public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-jwt");
- public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jpa");
- public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jpa");
- public static final String JWT_NON_PERSIST_JCACHE_PORT =
- TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-jwt-non-persist");
- public static final String JWT_NON_PERSIST_JCACHE_PORT2 =
- TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-jwt-non-persist");
+ private static final SpringBusTestServer JCACHE_SERVER =
+ new SpringBusTestServer("grants-server-jcache") { };
+ private static final String JCACHE_PORT2 = TestUtil.getPortNumber("grants-server-jcache.2");
+
+ private static final SpringBusTestServer JWT_JCACHE_SERVER =
+ new SpringBusTestServer("grants-server-jcache-jwt") { };
+ private static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("grants-server-jcache-jwt.2");
+
+ private static final SpringBusTestServer JPA_SERVER =
+ new SpringBusTestServer("grants-server-jpa") { };
+ private static final String JPA_PORT2 = TestUtil.getPortNumber("grants-server-jpa.2");
+
+ private static final SpringBusTestServer JWT_NON_PERSIST_JCACHE_SERVER =
+ new SpringBusTestServer("grants-server-jcache-jwt-non-persist") { };
+ private static final String JWT_NON_PERSIST_JCACHE_PORT2 =
+ TestUtil.getPortNumber("grants-server-jcache-jwt-non-persist.2");
+
+ private static final String ISSUER = "OIDC IdP";
final String port;
@@ -89,14 +92,14 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@BeforeClass
public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(BookServerOAuth2GrantsJCache.class, true));
- assertTrue("server did not launch correctly",
- launchServer(BookServerOAuth2GrantsJCacheJWT.class, true));
- assertTrue("server did not launch correctly",
- launchServer(BookServerOAuth2GrantsJPA.class, true));
- assertTrue("server did not launch correctly",
- launchServer(BookServerOAuth2GrantsJCacheJWTNonPersist.class, true));
+ createStaticBus().setExtension(OAuth2TestUtils.clientHTTPConduitConfigurer(), HTTPConduitConfigurer.class);
+
+ System.setProperty("issuer", ISSUER);
+
+ assertTrue("server did not launch correctly", launchServer(JCACHE_SERVER));
+ assertTrue("server did not launch correctly", launchServer(JWT_JCACHE_SERVER));
+ assertTrue("server did not launch correctly", launchServer(JPA_SERVER));
+ assertTrue("server did not launch correctly", launchServer(JWT_NON_PERSIST_JCACHE_SERVER));
}
@AfterClass
@@ -105,18 +108,19 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
}
@Parameters(name = "{0}")
- public static Collection<String> data() {
-
- return Arrays.asList(JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT, JWT_NON_PERSIST_JCACHE_PORT);
+ public static String[] data() {
+ return new String[] {
+ JCACHE_SERVER.getPort(),
+ JWT_JCACHE_SERVER.getPort(),
+ JPA_SERVER.getPort(),
+ JWT_NON_PERSIST_JCACHE_SERVER.getPort()};
}
@org.junit.Test
public void testAuthorizationCodeGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -126,11 +130,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
assertNotNull(code);
// Now get the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -146,11 +146,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
// use of the "POST" method as well.
@org.junit.Test
public void testAuthorizationCodeGrantPOST() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -164,19 +162,14 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("client_id", "consumer-id");
form.param("redirect_uri", "http://www.blah.apache.org");
form.param("response_type", "code");
- Response response = client.post(form);
- OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+ OAuthAuthorizationData authzData = client.post(form, OAuthAuthorizationData.class);
String location = OAuth2TestUtils.getLocation(client, authzData, null);
String code = OAuth2TestUtils.getSubstring(location, "code");
assertNotNull(code);
// Now get the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -189,11 +182,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeGrantRefresh() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -204,7 +195,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -221,9 +212,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("grant_type", "refresh_token");
form.param("refresh_token", accessToken.getRefreshToken());
form.param("client_id", "consumer-id");
- Response response = client.post(form);
- accessToken = response.readEntity(ClientAccessToken.class);
+ accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
@@ -234,11 +224,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeGrantRefreshWithScope() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -249,7 +237,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -267,9 +255,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("refresh_token", accessToken.getRefreshToken());
form.param("client_id", "consumer-id");
form.param("scope", "read_balance");
- Response response = client.post(form);
- accessToken = response.readEntity(ClientAccessToken.class);
+ accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
@@ -280,11 +267,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeGrantWithScope() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -294,11 +279,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
assertNotNull(code);
// Now get the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -307,11 +288,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeGrantWithState() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -323,11 +302,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
assertNotNull(code);
// Now get the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -336,11 +311,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeGrantWithAudience() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -350,18 +323,14 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
assertNotNull(code);
// Now get the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id-aud", "this-is-a-secret", busFile.toString());
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ client = WebClient.create(address, "consumer-id-aud", "this-is-a-secret", null);
String audPort = JCACHE_PORT2;
- if (JWT_JCACHE_PORT.equals(port)) {
+ if (JWT_JCACHE_SERVER.getPort().equals(port)) {
audPort = JWT_JCACHE_PORT2;
- } else if (JPA_PORT.equals(port)) {
+ } else if (JPA_SERVER.getPort().equals(port)) {
audPort = JPA_PORT2;
- } else if (JWT_NON_PERSIST_JCACHE_PORT.equals(port)) {
+ } else if (JWT_NON_PERSIST_JCACHE_SERVER.getPort().equals(port)) {
audPort = JWT_NON_PERSIST_JCACHE_PORT2;
}
String audience = "https://localhost:" + audPort + "/secured/bookstore/books";
@@ -373,11 +342,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testImplicitGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
+ "alice", "security", null);
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
@@ -388,9 +355,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
client.query("redirect_uri", "http://www.blah.apache.org");
client.query("response_type", "token");
client.path("authorize-implicit/");
- Response response = client.get();
- OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+ OAuthAuthorizationData authzData = client.get(OAuthAuthorizationData.class);
// Now call "decision" to get the access token
client.path("decision");
@@ -402,7 +368,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("redirect_uri", authzData.getRedirectUri());
form.param("oauthDecision", "allow");
- response = client.post(form);
+ Response response = client.post(form);
String location = response.getHeaderString("Location");
String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
@@ -415,12 +381,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testPasswordsCredentialsGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret",
- busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Get Access Token
client.type("application/x-www-form-urlencoded").accept("application/json");
@@ -430,9 +393,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("grant_type", "password");
form.param("username", "alice");
form.param("password", "security");
- Response response = client.post(form);
- ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+ ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
@@ -443,12 +405,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testClientCredentialsGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret",
- busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Get Access Token
client.type("application/x-www-form-urlencoded").accept("application/json");
@@ -456,35 +415,21 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
Form form = new Form();
form.param("grant_type", "client_credentials");
- Response response = client.post(form);
- ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+ ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
if (isAccessTokenInJWTFormat()) {
- // We don't have a Subject for the client credential grant,
- // so validate manually here as opposed to calling validateAccessToken
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken.getTokenKey());
-
- KeyStore keystore = KeyStore.getInstance("JKS");
- keystore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", this.getClass()),
- "password".toCharArray());
- Certificate cert = keystore.getCertificate("alice");
- assertNotNull(cert);
-
- assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
- SignatureAlgorithm.RS256));
+ validateAccessToken(accessToken.getTokenKey());
}
}
@org.junit.Test
public void testSAMLAuthorizationGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Create the SAML Assertion
String assertion = OAuth2TestUtils.createToken(address + "token");
@@ -497,9 +442,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
form.param("assertion", Base64UrlUtility.encode(assertion));
form.param("client_id", "consumer-id");
- Response response = client.post(form);
- ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+ ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
@@ -510,11 +454,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testJWTAuthorizationGrant() throws Exception {
- URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
-
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", busFile.toString());
+ "consumer-id", "this-is-a-secret", null);
// Create the JWT Token
String token = OAuth2TestUtils.createToken("DoubleItSTSIssuer", "consumer-id",
@@ -528,9 +470,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
form.param("assertion", token);
form.param("client_id", "consumer-id");
- Response response = client.post(form);
- ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+ ClientAccessToken accessToken = client.post(form, ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
@@ -539,19 +480,22 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
}
}
- private void validateAccessToken(String accessToken)
+ private static void validateAccessToken(String accessToken)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
+ JwtClaims jwtClaims = jwtConsumer.getJwtToken().getClaims();
// Validate claims
- assertNotNull(jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
- assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
- assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
- assertEquals("jwt-issuer", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
+ if (!OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(jwtClaims.getStringProperty(OAuthConstants.GRANT_TYPE))) {
+ // We don't have a Subject for the client credential grant
+ assertNotNull(jwtClaims.getSubject());
+ }
+ assertNotNull(jwtClaims.getIssuedAt());
+ assertNotNull(jwtClaims.getExpiryTime());
+ assertEquals(ISSUER, jwtClaims.getIssuer());
KeyStore keystore = KeyStore.getInstance("JKS");
- keystore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", this.getClass()),
+ keystore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", AuthorizationGrantTest.class),
"password".toCharArray());
Certificate cert = keystore.getCertificate("alice");
assertNotNull(cert);
@@ -561,86 +505,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
}
private boolean isAccessTokenInJWTFormat() {
- return JWT_JCACHE_PORT.equals(port) || JWT_NON_PERSIST_JCACHE_PORT.equals(port);
- }
-
- //
- // Server implementations
- //
-
- public static class BookServerOAuth2GrantsJCache extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsJCache.class.getResource("grants-server-jcache.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsJCache();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- }
-
- public static class BookServerOAuth2GrantsJCacheJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsJCacheJWT.class.getResource("grants-server-jcache-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsJCacheJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- }
-
- public static class BookServerOAuth2GrantsJPA extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsJPA.class.getResource("grants-server-jpa.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsJPA();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
+ return JWT_JCACHE_SERVER.getPort().equals(port) || JWT_NON_PERSIST_JCACHE_SERVER.getPort().equals(port);
}
- public static class BookServerOAuth2GrantsJCacheJWTNonPersist extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsJCacheJWT.class.getResource("grants-server-jcache-jwt-non-persist.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsJCacheJWTNonPersist();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- }
}
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt-non-persist.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt-non-persist.xml
index 8965d9b..c027432 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt-non-persist.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt-non-persist.xml
@@ -48,7 +48,7 @@ under the License.
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<httpj:engine-factory id="tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jcache-jwt-non-persist}">
+ <httpj:engine port="${testutil.ports.grants-server-jcache-jwt-non-persist}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
@@ -63,9 +63,10 @@ under the License.
</httpj:engine-factory>
<bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
- <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-jcache-jwt-non-persist}</value></constructor-arg>
+ <constructor-arg><value>${testutil.ports.grants-server-jcache-jwt-non-persist.2}</value></constructor-arg>
<property name="useJwtFormatForAccessTokens" value="true"/>
<property name="persistJwtEncoding" value="false"/>
+ <property name="issuer" value="${issuer}"/>
</bean>
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
@@ -121,7 +122,7 @@ under the License.
<jaxrs:server
depends-on="tls-config"
- address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jcache-jwt-non-persist}/services">
+ address="https://localhost:${testutil.ports.grants-server-jcache-jwt-non-persist}/services">
<jaxrs:serviceBeans>
<ref bean="authorizationService"/>
<ref bean="implicitService"/>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml
index 0739696..49d86ff 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml
@@ -48,7 +48,7 @@ under the License.
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<httpj:engine-factory id="tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jcache-jwt}">
+ <httpj:engine port="${testutil.ports.grants-server-jcache-jwt}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
@@ -63,8 +63,9 @@ under the License.
</httpj:engine-factory>
<bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
- <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-jcache-jwt}</value></constructor-arg>
+ <constructor-arg><value>${testutil.ports.grants-server-jcache-jwt.2}</value></constructor-arg>
<property name="useJwtFormatForAccessTokens" value="true"/>
+ <property name="issuer" value="${issuer}"/>
</bean>
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
@@ -120,7 +121,7 @@ under the License.
<jaxrs:server
depends-on="tls-config"
- address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jcache-jwt}/services">
+ address="https://localhost:${testutil.ports.grants-server-jcache-jwt}/services">
<jaxrs:serviceBeans>
<ref bean="authorizationService"/>
<ref bean="implicitService"/>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml
index 39f700c..745b4ad 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml
@@ -48,7 +48,7 @@ under the License.
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<httpj:engine-factory id="tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jcache}">
+ <httpj:engine port="${testutil.ports.grants-server-jcache}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
@@ -63,7 +63,7 @@ under the License.
</httpj:engine-factory>
<bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
- <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-jcache}</value></constructor-arg>
+ <constructor-arg><value>${testutil.ports.grants-server-jcache.2}</value></constructor-arg>
</bean>
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
@@ -119,7 +119,7 @@ under the License.
<jaxrs:server
depends-on="tls-config"
- address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jcache}/services">
+ address="https://localhost:${testutil.ports.grants-server-jcache}/services">
<jaxrs:serviceBeans>
<ref bean="authorizationService"/>
<ref bean="implicitService"/>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml
index 604b554..f3bbf53 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml
@@ -48,7 +48,7 @@ under the License.
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<httpj:engine-factory id="tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jpa}">
+ <httpj:engine port="${testutil.ports.grants-server-jpa}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
@@ -75,7 +75,7 @@ under the License.
</bean>
<bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl">
- <constructor-arg value="${testutil.ports.jaxrs-oauth2-grants2-jpa}"/>
+ <constructor-arg value="${testutil.ports.grants-server-jpa.2}"/>
<constructor-arg ref="entityManagerFactory"/>
</bean>
@@ -132,7 +132,7 @@ under the License.
<jaxrs:server
depends-on="tls-config"
- address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jpa}/services">
+ address="https://localhost:${testutil.ports.grants-server-jpa}/services">
<jaxrs:serviceBeans>
<ref bean="authorizationService"/>
<ref bean="implicitService"/>