You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/07/19 13:49:13 UTC
[cxf] branch 3.2.x-fixes updated (c9dd9d1 -> ba5706d)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from c9dd9d1 [CXF-7799] Extract queryString from AtmosphereRequest path (#430)
new df82763 CXF-7803 - JCache OAuthDataProvider implementation doesn't work with refresh tokens
new fa7f87f Abstract OauthDataProvider unit tests to share the test code
new ba5706d Adding parameterized JCache OAuthDataProvider tests to the systests
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../oauth2/provider/JCacheOAuthDataProvider.java | 6 +
...est.java => AbstractOAuthDataProviderTest.java} | 39 +--
.../provider/JCacheOAuthDataProviderTest.java | 194 +--------------
.../oauth2/provider/JPAOAuthDataProviderTest.java | 272 +--------------------
systests/rs-security/pom.xml | 12 +
...rImpl.java => JCacheOAuthDataProviderImpl.java} | 10 +-
.../grants/AuthorizationGrantNegativeTest.java | 95 ++++++-
.../oauth2/grants/AuthorizationGrantTest.java | 99 +++++++-
.../security/oauth2/grants/BookServerOAuth2.java | 57 -----
.../oauth2/grants/BookServerOAuth2Grants.java | 46 ----
.../oauth2/grants/BookServerOAuth2GrantsJWT.java | 46 ----
.../grants/BookServerOAuth2GrantsNegative.java | 46 ----
.../grants/BookServerOAuth2GrantsNegativeJWT.java | 46 ----
.../grants/BookServerOAuth2Introspection.java | 46 ----
.../grants/BookServerOAuth2IntrospectionJWT.java | 46 ----
.../oauth2/grants/BookServerOAuth2JWT.java | 58 -----
.../oauth2/grants/IntrospectionServiceTest.java | 99 +++++++-
.../security/oauth2/grants/JAXRSOAuth2Test.java | 94 ++++++-
.../systest/jaxrs/security/oidc/OIDCFlowTest.java | 102 +++++++-
.../systest/jaxrs/security/oidc/OIDCServer.java | 46 ----
.../systest/jaxrs/security/oidc/OIDCServerJWT.java | 46 ----
.../jaxrs/security/oidc/UserInfoServer.java | 46 ----
.../jaxrs/security/oidc/UserInfoServerJWT.java | 46 ----
.../systest/jaxrs/security/oidc/UserInfoTest.java | 103 +++++++-
...t.xml => grants-negative-server-jcache-jwt.xml} | 8 +-
...erver.xml => grants-negative-server-jcache.xml} | 8 +-
...server-jwt.xml => grants-server-jcache-jwt.xml} | 8 +-
...egative-server.xml => grants-server-jcache.xml} | 8 +-
...jwt.xml => introspection-server-jcache-jwt.xml} | 8 +-
...-server.xml => introspection-server-jcache.xml} | 8 +-
.../{server-jwt.xml => server-jcache-jwt.xml} | 14 +-
.../grants/{server.xml => server-jcache.xml} | 12 +-
...c-server-jwt.xml => oidc-server-jcache-jwt.xml} | 10 +-
.../{oidc-server.xml => oidc-server-jcache.xml} | 10 +-
...rver-jwt.xml => userinfo-server-jcache-jwt.xml} | 14 +-
...o-server-jwt.xml => userinfo-server-jcache.xml} | 15 +-
36 files changed, 687 insertions(+), 1136 deletions(-)
copy rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/{JPAOAuthDataProviderTest.java => AbstractOAuthDataProviderTest.java} (91%)
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/{OAuthDataProviderImpl.java => JCacheOAuthDataProviderImpl.java} (96%)
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Grants.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsJWT.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegative.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegativeJWT.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Introspection.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2IntrospectionJWT.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2JWT.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServer.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServerJWT.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServer.java
delete mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServerJWT.java
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server-jwt.xml => grants-negative-server-jcache-jwt.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server.xml => grants-negative-server-jcache.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server-jwt.xml => grants-server-jcache-jwt.xml} (98%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{grants-negative-server.xml => grants-server-jcache.xml} (98%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{introspection-server-jwt.xml => introspection-server-jcache-jwt.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{introspection-server.xml => introspection-server-jcache.xml} (97%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{server-jwt.xml => server-jcache-jwt.xml} (96%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/{server.xml => server-jcache.xml} (96%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-server-jwt.xml => oidc-server-jcache-jwt.xml} (94%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{oidc-server.xml => oidc-server-jcache.xml} (94%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{userinfo-server-jwt.xml => userinfo-server-jcache-jwt.xml} (96%)
copy systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/{userinfo-server-jwt.xml => userinfo-server-jcache.xml} (96%)
[cxf] 02/03: Abstract OauthDataProvider unit tests to share the
test code
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit fa7f87f85b11c917607fa41ffa56c9a172ffff32
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 19 10:47:44 2018 +0100
Abstract OauthDataProvider unit tests to share the test code
(cherry picked from commit 31a4a552b7e4430c3ff544d0cb5a834756642653)
---
...est.java => AbstractOAuthDataProviderTest.java} | 39 +--
.../provider/JCacheOAuthDataProviderTest.java | 192 +--------------
.../oauth2/provider/JPAOAuthDataProviderTest.java | 272 +--------------------
3 files changed, 17 insertions(+), 486 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
similarity index 91%
copy from rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
copy to rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
index b7a958e..ee002c1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
@@ -22,9 +22,6 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
-import javax.persistence.EntityManagerFactory;
-import javax.persistence.Persistence;
-
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -35,39 +32,24 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.junit.After;
import org.junit.Assert;
-import org.junit.Before;
import org.junit.Test;
-public class JPAOAuthDataProviderTest extends Assert {
- protected EntityManagerFactory emFactory;
- private JPAOAuthDataProvider provider;
-
- @Before
- public void setUp() throws Exception {
- try {
- emFactory = Persistence.createEntityManagerFactory(getPersistenceUnitName());
- provider = new JPAOAuthDataProvider();
- provider.setEntityManagerFactory(emFactory);
- initializeProvider(provider);
- } catch (Exception ex) {
- ex.printStackTrace();
- fail("Exception during JPA EntityManager creation.");
- }
- }
+abstract class AbstractOAuthDataProviderTest extends Assert {
+ private AbstractOAuthDataProvider provider;
- protected String getPersistenceUnitName() {
- return "testUnitHibernate";
- }
-
- protected void initializeProvider(JPAOAuthDataProvider dataProvider) {
+ protected void initializeProvider(AbstractOAuthDataProvider dataProvider) {
dataProvider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
dataProvider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
}
- protected JPAOAuthDataProvider getProvider() {
+ protected AbstractOAuthDataProvider getProvider() {
return provider;
}
+ protected void setProvider(AbstractOAuthDataProvider provider) {
+ this.provider = provider;
+ }
+
@Test
public void testAddGetDeleteClient() {
Client c = addClient("12345", "alice");
@@ -310,12 +292,9 @@ public class JPAOAuthDataProviderTest extends Assert {
public void tearDown() throws Exception {
try {
tearDownClients();
- if (provider != null) {
+ if (getProvider() != null) {
getProvider().close();
}
- if (emFactory != null) {
- emFactory.close();
- }
} catch (Throwable ex) {
ex.printStackTrace();
} finally {
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
index cdae693..a63d12f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
@@ -18,199 +18,15 @@
*/
package org.apache.cxf.rs.security.oauth2.provider;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-import org.junit.After;
-import org.junit.Assert;
import org.junit.Before;
-import org.junit.Test;
-public class JCacheOAuthDataProviderTest extends Assert {
- private JCacheOAuthDataProvider provider;
+public class JCacheOAuthDataProviderTest extends AbstractOAuthDataProviderTest {
@Before
public void setUp() throws Exception {
- provider = new JCacheOAuthDataProvider();
- provider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
- provider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
- }
-
- @Test
- public void testAddGetDeleteClient() {
- Client c = addClient("12345", "alice");
- Client c2 = provider.getClient(c.getClientId());
- compareClients(c, c2);
-
- c2.setClientSecret("567");
- provider.setClient(c2);
- Client c22 = provider.getClient(c.getClientId());
- compareClients(c2, c22);
-
- provider.removeClient(c.getClientId());
- Client c3 = provider.getClient(c.getClientId());
- assertNull(c3);
- }
-
- @Test
- public void testAddGetDeleteClients() {
- Client c = addClient("12345", "alice");
- Client c2 = addClient("56789", "alice");
- Client c3 = addClient("09876", "bob");
-
- List<Client> aliceClients = provider.getClients(new UserSubject("alice"));
- assertNotNull(aliceClients);
- assertEquals(2, aliceClients.size());
- compareClients(c, aliceClients.get(0).getClientId().equals("12345")
- ? aliceClients.get(0) : aliceClients.get(1));
- compareClients(c2, aliceClients.get(0).getClientId().equals("56789")
- ? aliceClients.get(0) : aliceClients.get(1));
-
- List<Client> bobClients = provider.getClients(new UserSubject("bob"));
- assertNotNull(bobClients);
- assertEquals(1, bobClients.size());
- Client bobClient = bobClients.get(0);
- compareClients(c3, bobClient);
-
- List<Client> allClients = provider.getClients(null);
- assertNotNull(allClients);
- assertEquals(3, allClients.size());
- provider.removeClient(c.getClientId());
- provider.removeClient(c2.getClientId());
- provider.removeClient(c3.getClientId());
- allClients = provider.getClients(null);
- assertNotNull(allClients);
- assertEquals(0, allClients.size());
- }
-
- @Test
- public void testAddGetDeleteAccessToken() {
- Client c = addClient("101", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- ServerAccessToken at = provider.createAccessToken(atr);
- ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
- assertEquals(at.getTokenKey(), at2.getTokenKey());
- List<OAuthPermission> scopes = at2.getScopes();
- assertNotNull(scopes);
- assertEquals(1, scopes.size());
- OAuthPermission perm = scopes.get(0);
- assertEquals("a", perm.getPermission());
-
- List<ServerAccessToken> tokens = provider.getAccessTokens(c, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = provider.getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = provider.getAccessTokens(null, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = provider.getAccessTokens(null, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- provider.revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
- assertNull(provider.getAccessToken(at.getTokenKey()));
- }
-
- @Test
- public void testAddGetDeleteAccessToken2() {
- Client c = addClient("102", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- provider.createAccessToken(atr);
- List<ServerAccessToken> tokens = provider.getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
-
- provider.removeClient(c.getClientId());
-
- tokens = provider.getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(0, tokens.size());
+ JCacheOAuthDataProvider provider = new JCacheOAuthDataProvider();
+ initializeProvider(provider);
+ setProvider(provider);
}
- @Test
- public void testAddGetDeleteRefreshToken() {
- Client c = addClient("101", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- ServerAccessToken at = provider.createAccessToken(atr);
- ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
- assertEquals(at.getTokenKey(), at2.getTokenKey());
- List<OAuthPermission> scopes = at2.getScopes();
- assertNotNull(scopes);
- assertEquals(2, scopes.size());
- OAuthPermission perm = scopes.get(0);
- assertEquals("a", perm.getPermission());
- OAuthPermission perm2 = scopes.get(1);
- assertEquals("refreshToken", perm2.getPermission());
-
- RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
- assertNotNull(rt);
- assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
-
- List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
-
- provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
-
- assertNull(provider.getRefreshToken(rt.getTokenKey()));
- }
-
- private Client addClient(String clientId, String userLogin) {
- Client c = new Client();
- c.setRedirectUris(Collections.singletonList("http://client/redirect"));
- c.setClientId(clientId);
- c.setClientSecret("123");
- c.setResourceOwnerSubject(new UserSubject(userLogin));
- provider.setClient(c);
- return c;
- }
- private void compareClients(Client c, Client c2) {
- assertNotNull(c2);
- assertEquals(c.getClientId(), c2.getClientId());
- assertEquals(1, c.getRedirectUris().size());
- assertEquals(1, c2.getRedirectUris().size());
- assertEquals("http://client/redirect", c.getRedirectUris().get(0));
- assertEquals(c.getResourceOwnerSubject().getLogin(), c2.getResourceOwnerSubject().getLogin());
- }
-
- @After
- public void tearDown() throws Exception {
- if (provider != null) {
- provider.close();
- }
- }
}
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
index b7a958e..2087987 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProviderTest.java
@@ -18,37 +18,23 @@
*/
package org.apache.cxf.rs.security.oauth2.provider;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
import org.junit.After;
-import org.junit.Assert;
import org.junit.Before;
-import org.junit.Test;
-public class JPAOAuthDataProviderTest extends Assert {
+public class JPAOAuthDataProviderTest extends AbstractOAuthDataProviderTest {
protected EntityManagerFactory emFactory;
- private JPAOAuthDataProvider provider;
@Before
public void setUp() throws Exception {
try {
emFactory = Persistence.createEntityManagerFactory(getPersistenceUnitName());
- provider = new JPAOAuthDataProvider();
+ JPAOAuthDataProvider provider = new JPAOAuthDataProvider();
provider.setEntityManagerFactory(emFactory);
initializeProvider(provider);
+ setProvider(provider);
} catch (Exception ex) {
ex.printStackTrace();
fail("Exception during JPA EntityManager creation.");
@@ -59,260 +45,10 @@ public class JPAOAuthDataProviderTest extends Assert {
return "testUnitHibernate";
}
- protected void initializeProvider(JPAOAuthDataProvider dataProvider) {
- dataProvider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
- dataProvider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
- }
-
- protected JPAOAuthDataProvider getProvider() {
- return provider;
- }
-
- @Test
- public void testAddGetDeleteClient() {
- Client c = addClient("12345", "alice");
- Client c2 = getProvider().getClient(c.getClientId());
- compareClients(c, c2);
-
- c2.setClientSecret("567");
- getProvider().setClient(c2);
- Client c22 = getProvider().getClient(c.getClientId());
- compareClients(c2, c22);
-
- getProvider().removeClient(c.getClientId());
- Client c3 = getProvider().getClient(c.getClientId());
- assertNull(c3);
- }
-
- @Test
- public void testAddGetDeleteClients() {
- Client c = addClient("12345", "alice");
- Client c2 = addClient("56789", "alice");
- Client c3 = addClient("09876", "bob");
-
- List<Client> aliceClients = getProvider().getClients(new UserSubject("alice"));
- assertNotNull(aliceClients);
- assertEquals(2, aliceClients.size());
- compareClients(c, aliceClients.get(0).getClientId().equals("12345")
- ? aliceClients.get(0) : aliceClients.get(1));
- compareClients(c2, aliceClients.get(0).getClientId().equals("56789")
- ? aliceClients.get(0) : aliceClients.get(1));
-
- List<Client> bobClients = getProvider().getClients(new UserSubject("bob"));
- assertNotNull(bobClients);
- assertEquals(1, bobClients.size());
- Client bobClient = bobClients.get(0);
- compareClients(c3, bobClient);
-
- List<Client> allClients = getProvider().getClients(null);
- assertNotNull(allClients);
- assertEquals(3, allClients.size());
- getProvider().removeClient(c.getClientId());
- getProvider().removeClient(c2.getClientId());
- getProvider().removeClient(c3.getClientId());
- allClients = getProvider().getClients(null);
- assertNotNull(allClients);
- assertEquals(0, allClients.size());
- }
-
- @Test
- public void testAddGetDeleteAccessToken() {
- Client c = addClient("101", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- ServerAccessToken at = getProvider().createAccessToken(atr);
- ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
- assertEquals(at.getTokenKey(), at2.getTokenKey());
- List<OAuthPermission> scopes = at2.getScopes();
- assertNotNull(scopes);
- assertEquals(1, scopes.size());
- OAuthPermission perm = scopes.get(0);
- assertEquals("a", perm.getPermission());
-
- List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = getProvider().getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = getProvider().getAccessTokens(null, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- tokens = getProvider().getAccessTokens(null, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
-
- getProvider().revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
- assertNull(getProvider().getAccessToken(at.getTokenKey()));
- }
-
- @Test
- public void testAddGetDeleteAccessToken2() {
- Client c = addClient("102", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- getProvider().createAccessToken(atr);
- List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
-
- getProvider().removeClient(c.getClientId());
-
- tokens = getProvider().getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(0, tokens.size());
- }
-
- @Test
- public void testAddGetDeleteAccessTokenWithNullSubject() {
- Client c = addClient("102", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(null);
-
- getProvider().createAccessToken(atr);
- List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
-
- getProvider().removeClient(c.getClientId());
-
- tokens = getProvider().getAccessTokens(c, null);
- assertNotNull(tokens);
- assertEquals(0, tokens.size());
- }
-
- /**
- * Checks that having multiple token each with its own
- * userSubject (but having same login) works.
- */
- @Test
- public void testAddGetDeleteMultipleAccessToken() {
- Client c = addClient("101", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Collections.singletonList("a"));
- atr.setSubject(c.getResourceOwnerSubject());
- ServerAccessToken at = getProvider().createAccessToken(atr);
- at = getProvider().getAccessToken(at.getTokenKey());
-
- AccessTokenRegistration atr2 = new AccessTokenRegistration();
- atr2.setClient(c);
- atr2.setApprovedScope(Collections.singletonList("a"));
- atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
- ServerAccessToken at2 = getProvider().createAccessToken(atr2);
- at2 = getProvider().getAccessToken(at2.getTokenKey());
-
- assertNotNull(at.getSubject().getId());
- assertTrue(at.getSubject() instanceof UserSubject);
- assertNotNull(at2.getSubject().getId());
- assertTrue(at2.getSubject() instanceof TestingUserSubject);
- assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
- assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
- }
-
- @Test
- public void testAddGetDeleteRefreshToken() {
- Client c = addClient("101", "bob");
-
- AccessTokenRegistration atr = new AccessTokenRegistration();
- atr.setClient(c);
- atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
- atr.setSubject(c.getResourceOwnerSubject());
-
- ServerAccessToken at = getProvider().createAccessToken(atr);
- ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
- assertEquals(at.getTokenKey(), at2.getTokenKey());
- List<OAuthPermission> scopes = at2.getScopes();
- assertNotNull(scopes);
- assertEquals(2, scopes.size());
- OAuthPermission perm = scopes.get(0);
- assertEquals("a", perm.getPermission());
- OAuthPermission perm2 = scopes.get(1);
- assertEquals("refreshToken", perm2.getPermission());
-
- RefreshToken rt = getProvider().getRefreshToken(at2.getRefreshToken());
- assertNotNull(rt);
- assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
-
- List<RefreshToken> tokens = getProvider().getRefreshTokens(c, c.getResourceOwnerSubject());
- assertNotNull(tokens);
- assertEquals(1, tokens.size());
- assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
-
- getProvider().revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
-
- assertNull(getProvider().getRefreshToken(rt.getTokenKey()));
- }
-
- protected Client addClient(String clientId, String userLogin) {
- Client c = new Client();
- c.setRedirectUris(Collections.singletonList("http://client/redirect"));
- c.setClientId(clientId);
- c.setClientSecret("123");
- c.setResourceOwnerSubject(new UserSubject(userLogin));
- getProvider().setClient(c);
- return c;
- }
- private void compareClients(Client c, Client c2) {
- assertNotNull(c2);
- assertEquals(c.getClientId(), c2.getClientId());
- assertEquals(1, c.getRedirectUris().size());
- assertEquals(1, c2.getRedirectUris().size());
- assertEquals("http://client/redirect", c.getRedirectUris().get(0));
- assertEquals(c.getResourceOwnerSubject().getLogin(), c2.getResourceOwnerSubject().getLogin());
- }
-
- protected void tearDownClient(String clientId) {
- if (getProvider() == null) {
- return;
- }
- Client client = getProvider().getClient(clientId);
- if (client != null) {
- List<RefreshToken> refreshTokens = getProvider().getRefreshTokens(client, null);
- for (RefreshToken refreshToken : refreshTokens) {
- getProvider().revokeToken(client, refreshToken.getTokenKey(), refreshToken.getTokenType());
- }
- List<ServerAccessToken> accessTokens = getProvider().getAccessTokens(client, null);
- for (ServerAccessToken accessToken : accessTokens) {
- getProvider().revokeToken(client, accessToken.getTokenKey(), accessToken.getTokenType());
- }
- getProvider().removeClient(clientId);
- }
- }
-
- protected void tearDownClients() {
- tearDownClient("101");
- tearDownClient("12345");
- tearDownClient("56789");
- tearDownClient("09876");
- }
-
@After
public void tearDown() throws Exception {
try {
- tearDownClients();
- if (provider != null) {
- getProvider().close();
- }
+ super.tearDown();
if (emFactory != null) {
emFactory.close();
}
[cxf] 01/03: CXF-7803 - JCache OAuthDataProvider implementation
doesn't work with refresh tokens
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit df82763af06f5f9e8ef5939782ee3099093bb1a4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 19 10:38:49 2018 +0100
CXF-7803 - JCache OAuthDataProvider implementation doesn't work with refresh tokens
(cherry picked from commit 80e99a279d293958a39eb025af1701176b18c1ef)
---
.../cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java | 6 ++++++
.../rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java | 6 ++----
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
index d2be7d3..07fc204 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
@@ -180,6 +180,12 @@ public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider {
}
@Override
+ protected void linkRefreshTokenToAccessToken(RefreshToken rt, ServerAccessToken at) {
+ super.linkRefreshTokenToAccessToken(rt, at);
+ accessTokenCache.replace(at.getTokenKey(), at);
+ }
+
+ @Override
public void close() {
clientCache.close();
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
index 560223a..cdae693 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProviderTest.java
@@ -33,7 +33,6 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
public class JCacheOAuthDataProviderTest extends Assert {
@@ -42,6 +41,8 @@ public class JCacheOAuthDataProviderTest extends Assert {
@Before
public void setUp() throws Exception {
provider = new JCacheOAuthDataProvider();
+ provider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
+ provider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
}
@Test
@@ -91,7 +92,6 @@ public class JCacheOAuthDataProviderTest extends Assert {
assertEquals(0, allClients.size());
}
- @Ignore
@Test
public void testAddGetDeleteAccessToken() {
Client c = addClient("101", "bob");
@@ -134,7 +134,6 @@ public class JCacheOAuthDataProviderTest extends Assert {
assertNull(provider.getAccessToken(at.getTokenKey()));
}
- @Ignore
@Test
public void testAddGetDeleteAccessToken2() {
Client c = addClient("102", "bob");
@@ -156,7 +155,6 @@ public class JCacheOAuthDataProviderTest extends Assert {
assertEquals(0, tokens.size());
}
- @Ignore
@Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");
[cxf] 03/03: Adding parameterized JCache OAuthDataProvider tests to
the systests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ba5706de0b5d4e52adb48370159f4be1f1f8278d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 19 12:33:37 2018 +0100
Adding parameterized JCache OAuthDataProvider tests to the systests
(cherry picked from commit e8c7b338fc920473fe73a3a61a2606edbcdd2993)
---
systests/rs-security/pom.xml | 12 +
.../oauth2/common/JCacheOAuthDataProviderImpl.java | 258 +++++++++++++++++++++
.../grants/AuthorizationGrantNegativeTest.java | 95 +++++++-
.../oauth2/grants/AuthorizationGrantTest.java | 99 +++++++-
.../security/oauth2/grants/BookServerOAuth2.java | 57 -----
.../oauth2/grants/BookServerOAuth2Grants.java | 46 ----
.../oauth2/grants/BookServerOAuth2GrantsJWT.java | 46 ----
.../grants/BookServerOAuth2GrantsNegative.java | 46 ----
.../grants/BookServerOAuth2GrantsNegativeJWT.java | 46 ----
.../grants/BookServerOAuth2Introspection.java | 46 ----
.../grants/BookServerOAuth2IntrospectionJWT.java | 46 ----
.../oauth2/grants/BookServerOAuth2JWT.java | 58 -----
.../oauth2/grants/IntrospectionServiceTest.java | 99 +++++++-
.../security/oauth2/grants/JAXRSOAuth2Test.java | 94 +++++++-
.../systest/jaxrs/security/oidc/OIDCFlowTest.java | 102 +++++++-
.../systest/jaxrs/security/oidc/OIDCServer.java | 46 ----
.../systest/jaxrs/security/oidc/OIDCServerJWT.java | 46 ----
.../jaxrs/security/oidc/UserInfoServer.java | 46 ----
.../jaxrs/security/oidc/UserInfoServerJWT.java | 46 ----
.../systest/jaxrs/security/oidc/UserInfoTest.java | 103 +++++++-
.../grants/grants-negative-server-jcache-jwt.xml | 145 ++++++++++++
.../grants/grants-negative-server-jcache.xml | 143 ++++++++++++
.../oauth2/grants/grants-server-jcache-jwt.xml | 145 ++++++++++++
.../oauth2/grants/grants-server-jcache.xml | 143 ++++++++++++
.../grants/introspection-server-jcache-jwt.xml | 135 +++++++++++
.../oauth2/grants/introspection-server-jcache.xml | 124 ++++++++++
.../security/oauth2/grants/server-jcache-jwt.xml | 164 +++++++++++++
.../jaxrs/security/oauth2/grants/server-jcache.xml | 146 ++++++++++++
.../jaxrs/security/oidc/oidc-server-jcache-jwt.xml | 159 +++++++++++++
.../jaxrs/security/oidc/oidc-server-jcache.xml | 158 +++++++++++++
.../security/oidc/userinfo-server-jcache-jwt.xml | 193 +++++++++++++++
.../jaxrs/security/oidc/userinfo-server-jcache.xml | 192 +++++++++++++++
32 files changed, 2703 insertions(+), 581 deletions(-)
diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml
index 9b4bf5f..0fa73f7 100644
--- a/systests/rs-security/pom.xml
+++ b/systests/rs-security/pom.xml
@@ -196,6 +196,18 @@
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
</dependency>
+ <dependency>
+ <groupId>javax.cache</groupId>
+ <artifactId>cache-api</artifactId>
+ <version>${cxf.jcache.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${cxf.ehcache3.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JCacheOAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JCacheOAuthDataProviderImpl.java
new file mode 100644
index 0000000..fd20944
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JCacheOAuthDataProviderImpl.java
@@ -0,0 +1,258 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.oauth2.common;
+
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Random;
+import java.util.Set;
+
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.grants.code.JCacheCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.saml.Constants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.xml.security.utils.ClassLoaderUtils;
+
+/**
+ * Extend the JCacheCodeDataProvider to allow refreshing of tokens
+ */
+public class JCacheOAuthDataProviderImpl extends JCacheCodeDataProvider {
+ private Set<String> externalClients = new HashSet<>();
+
+ public JCacheOAuthDataProviderImpl(String servicePort) throws Exception {
+ this(servicePort, null);
+ }
+
+ public JCacheOAuthDataProviderImpl(String servicePort, String partnerPort) throws Exception {
+ // Create random cache files, as this provider could be called by several test implementations
+ super(DEFAULT_CONFIG_URL, BusFactory.getThreadDefaultBus(true),
+ CLIENT_CACHE_KEY + "_" + Math.abs(new Random().nextInt()),
+ CODE_GRANT_CACHE_KEY + "_" + Math.abs(new Random().nextInt()),
+ ACCESS_TOKEN_CACHE_KEY + "_" + Math.abs(new Random().nextInt()),
+ REFRESH_TOKEN_CACHE_KEY + "_" + Math.abs(new Random().nextInt()));
+ // filters/grants test client
+ Client client = new Client("consumer-id", "this-is-a-secret", true);
+ List<String> redirectUris = new ArrayList<>();
+ redirectUris.add("http://www.blah.apache.org");
+ if (partnerPort != null) {
+ redirectUris.add("https://localhost:" + partnerPort + "/partnerservice/bookstore/books");
+ }
+ client.setRedirectUris(redirectUris);
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+ client.getAllowedGrantTypes().add("implicit");
+ client.getAllowedGrantTypes().add("hybrid");
+ client.getAllowedGrantTypes().add("password");
+ client.getAllowedGrantTypes().add("client_credentials");
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:saml2-bearer");
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
+
+ client.getRegisteredScopes().add("read_balance");
+ client.getRegisteredScopes().add("create_balance");
+ client.getRegisteredScopes().add("read_data");
+ client.getRegisteredScopes().add("read_book");
+ client.getRegisteredScopes().add("create_book");
+ client.getRegisteredScopes().add("create_image");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // OIDC filters test client
+ client = new Client("consumer-id-oidc", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("https://localhost:" + servicePort
+ + "/secured/bookstore/books"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // Audience test client
+ client = new Client("consumer-id-aud", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredAudiences().add("https://localhost:" + servicePort
+ + "/secured/bookstore/books");
+ client.getRegisteredAudiences().add("https://127.0.0.1/test");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // Audience test client 2
+ client = new Client("consumer-id-aud2", "this-is-a-secret", true);
+ client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org"));
+
+ client.getAllowedGrantTypes().add("authorization_code");
+ client.getAllowedGrantTypes().add("refresh_token");
+
+ client.getRegisteredAudiences().add("https://localhost:" + servicePort
+ + "/securedxyz/bookstore/books");
+ client.getRegisteredScopes().add("openid");
+
+ this.setClient(client);
+
+ // JAXRSOAuth2Test clients
+ client = new Client("alice", "alice", true);
+ client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+ client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fredNoPassword", null, true);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fredPublic", null, false);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ client = new Client("fred", "password", true);
+ client.getAllowedGrantTypes().add("custom_grant");
+ this.setClient(client);
+
+ Certificate cert = loadCert();
+ String encodedCert = Base64Utility.encode(cert.getEncoded());
+
+ Client client2 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US",
+ null,
+ true,
+ null,
+ null);
+ client2.getAllowedGrantTypes().add("custom_grant");
+ client2.setApplicationCertificates(Collections.singletonList(encodedCert));
+ this.setClient(client2);
+
+ // external clients (in LDAP/etc) which can be used for client cred
+ externalClients.add("bob:bobPassword");
+
+ }
+
+ private Certificate loadCert() throws Exception {
+ try (InputStream is = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) {
+ return CryptoUtils.loadCertificate(is, "password".toCharArray(), "morpit", null);
+ }
+ }
+
+ @Override
+ public Client getClient(String clientId) {
+ Client c = super.getClient(clientId);
+ if (c == null) {
+ String clientSecret = super.getCurrentClientSecret();
+ if (externalClients.contains(clientId + ":" + clientSecret)) {
+ c = new Client(clientId, clientSecret, true);
+ c.setTokenEndpointAuthMethod(OAuthConstants.TOKEN_ENDPOINT_AUTH_BASIC);
+ }
+ }
+ return c;
+
+ }
+
+ @Override
+ protected boolean isRefreshTokenSupported(List<String> theScopes) {
+ return true;
+ }
+
+ @Override
+ public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
+ if (requestedScopes.isEmpty()) {
+ return Collections.emptyList();
+ }
+
+ List<OAuthPermission> permissions = new ArrayList<>();
+ for (String requestedScope : requestedScopes) {
+ if ("read_book".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_book");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/books/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_book".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_book");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/books/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_image".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_image");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/secured/bookstore/image/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("read_balance".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_balance");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/balance/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("create_balance".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("create_balance");
+ permission.setHttpVerbs(Collections.singletonList("POST"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/balance/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("read_data".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("read_data");
+ permission.setHttpVerbs(Collections.singletonList("GET"));
+ List<String> uris = new ArrayList<>();
+ String partnerAddress = "/partners/data/*";
+ uris.add(partnerAddress);
+ permission.setUris(uris);
+
+ permissions.add(permission);
+ } else if ("openid".equals(requestedScope)) {
+ OAuthPermission permission = new OAuthPermission("openid", "Authenticate user");
+ permissions.add(permission);
+ } else {
+ throw new OAuthServiceException("invalid_scope");
+ }
+ }
+
+ return permissions;
+ }
+}
\ No newline at end of file
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index ded1736..8c68fb6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -30,6 +30,9 @@ import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
@@ -42,6 +45,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
@@ -58,6 +62,8 @@ import org.junit.runners.Parameterized.Parameters;
* OAuthDataProvider implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestBase {
@@ -65,6 +71,10 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative");
public static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jwt");
public static final String JWT_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jwt");
+ public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jcache");
+ public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache");
+ public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jcache-jwt");
+ public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache-jwt");
final String port;
@@ -78,6 +88,10 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
launchServer(BookServerOAuth2GrantsNegative.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2GrantsNegativeJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsNegativeJCache.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsNegativeJCacheJWT.class, true));
}
@AfterClass
@@ -88,7 +102,7 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
}
//
@@ -891,4 +905,83 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
}
}
+ //
+ // Server implementations
+ //
+
+ public static class BookServerOAuth2GrantsNegative extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsNegative.class.getResource("grants-negative-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsNegative();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsNegativeJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsNegativeJWT.class.getResource("grants-negative-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsNegativeJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsNegativeJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsNegative.class.getResource("grants-negative-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsNegativeJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsNegativeJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsNegativeJWT.class.getResource("grants-negative-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsNegativeJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 08bbbaa..e52c96b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -33,6 +33,9 @@ import java.util.Collection;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -44,6 +47,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.xml.security.utils.ClassLoaderUtils;
@@ -58,6 +62,8 @@ import org.junit.runners.Parameterized.Parameters;
* implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@@ -65,6 +71,10 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2");
public static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jwt");
public static final String JWT_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jwt");
+ public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache");
+ public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache");
+ public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-jwt");
+ public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-jwt");
final String port;
@@ -78,6 +88,10 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2Grants.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2GrantsJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsJCache.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2GrantsJCacheJWT.class, true));
}
@AfterClass
@@ -88,7 +102,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
}
@org.junit.Test
@@ -340,6 +354,10 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
String audPort = PORT2;
if (JWT_PORT.equals(port)) {
audPort = JWT_PORT2;
+ } else if (JCACHE_PORT.equals(port)) {
+ audPort = JCACHE_PORT2;
+ } else if (JWT_JCACHE_PORT.equals(port)) {
+ audPort = JWT_JCACHE_PORT2;
}
String audience = "https://localhost:" + audPort + "/secured/bookstore/books";
ClientAccessToken accessToken =
@@ -536,4 +554,83 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
SignatureAlgorithm.RS256));
}
+ //
+ // Server implementations
+ //
+
+ public static class BookServerOAuth2Grants extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("grants-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2Grants();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsJWT.class.getResource("grants-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsJCache.class.getResource("grants-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2GrantsJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2GrantsJCacheJWT.class.getResource("grants-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2GrantsJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2.java
deleted file mode 100644
index e1aec4d..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2 extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2.class.getResource("server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerOAuth2 s = new BookServerOAuth2();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Grants.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Grants.java
deleted file mode 100644
index 6eb4be2..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Grants.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2Grants extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2Grants.class.getResource("grants-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2Grants();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsJWT.java
deleted file mode 100644
index 7f53f8f..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2GrantsJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsJWT.class.getResource("grants-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegative.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegative.java
deleted file mode 100644
index 7079537..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegative.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2GrantsNegative extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsNegative.class.getResource("grants-negative-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsNegative();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegativeJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegativeJWT.java
deleted file mode 100644
index 0b99413..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2GrantsNegativeJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2GrantsNegativeJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2GrantsNegativeJWT.class.getResource("grants-negative-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2GrantsNegativeJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Introspection.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Introspection.java
deleted file mode 100644
index f64e3c5..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Introspection.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2Introspection extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2Introspection.class.getResource("introspection-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2Introspection();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2IntrospectionJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2IntrospectionJWT.java
deleted file mode 100644
index 43ad28f..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2IntrospectionJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2IntrospectionJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2IntrospectionJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2JWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2JWT.java
deleted file mode 100644
index 01293b7..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2JWT.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class BookServerOAuth2JWT extends AbstractBusTestServerBase {
-
- private static final URL SERVER_CONFIG_FILE =
- BookServerOAuth2JWT.class.getResource("server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerOAuth2JWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerOAuth2JWT s = new BookServerOAuth2JWT();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
index af3275f..737f2fa 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
@@ -25,12 +25,16 @@ import java.util.Collection;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.TokenIntrospection;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.junit.AfterClass;
@@ -43,6 +47,8 @@ import org.junit.runners.Parameterized.Parameters;
* OAuthDataProvider implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
@@ -51,6 +57,10 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2");
public static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jwt");
public static final String JWT_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jwt");
+ public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache");
+ public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache");
+ public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache-jwt");
+ public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache-jwt");
final String port;
@@ -64,6 +74,10 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2Introspection.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2IntrospectionJWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2IntrospectionJCache.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2IntrospectionJCacheJWT.class, true));
}
@AfterClass
@@ -74,7 +88,7 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
}
@org.junit.Test
@@ -145,6 +159,10 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
String audPort = PORT2;
if (JWT_PORT.equals(port)) {
audPort = JWT_PORT2;
+ } else if (JCACHE_PORT.equals(port)) {
+ audPort = JCACHE_PORT2;
+ } else if (JWT_JCACHE_PORT.equals(port)) {
+ audPort = JWT_JCACHE_PORT2;
}
String audience = "https://localhost:" + audPort + "/secured/bookstore/books";
ClientAccessToken accessToken =
@@ -315,4 +333,83 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
assertTrue(validity == accessToken.getExpiresIn());
}
+ //
+ // Server implementations
+ //
+
+ public static class BookServerOAuth2Introspection extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Introspection.class.getResource("introspection-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2Introspection();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2IntrospectionJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2IntrospectionJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2IntrospectionJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Introspection.class.getResource("introspection-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2IntrospectionJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2IntrospectionJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2IntrospectionJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
index fc89cf5..a1c6773 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
@@ -32,6 +32,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.helpers.DOMUtils;
@@ -56,7 +57,9 @@ import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler;
+import org.apache.cxf.systest.jaxrs.security.oauth2.grants.AuthorizationGrantTest.BookServerOAuth2Grants;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.saml.SAMLCallback;
@@ -75,6 +78,8 @@ import org.junit.runners.Parameterized.Parameters;
* Some tests for OAuth 2.0. The tests are run multiple times with different OAuthDataProvider implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
@@ -82,6 +87,10 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
public static final String PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public");
public static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jwt");
public static final String JWT_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jwt");
+ public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jcache");
+ public static final String JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache");
+ public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jcache-jwt");
+ public static final String JWT_JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache-jwt");
private static final String CRYPTO_RESOURCE_PROPERTIES =
"org/apache/cxf/systest/jaxrs/security/alice.properties";
@@ -98,6 +107,10 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
launchServer(BookServerOAuth2.class, true));
assertTrue("server did not launch correctly",
launchServer(BookServerOAuth2JWT.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2JCache.class, true));
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerOAuth2JCacheJWT.class, true));
}
@AfterClass
@@ -108,7 +121,7 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
}
@Test
@@ -613,4 +626,83 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
}
+ //
+ // Server implementations
+ //
+
+ public static class BookServerOAuth2 extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2JWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2JWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2JCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2JCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class BookServerOAuth2JCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2Grants.class.getResource("server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerOAuth2JCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index dca7f12..ab18d0a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -34,6 +34,9 @@ import java.util.Collections;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -51,6 +54,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.xml.security.utils.ClassLoaderUtils;
@@ -65,12 +69,16 @@ import org.junit.runners.Parameterized.Parameters;
* with different OAuthDataProvider implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class OIDCFlowTest extends AbstractBusClientServerTestBase {
static final String PORT = TestUtil.getPortNumber("jaxrs-oidc");
static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oidc-jwt");
+ static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache");
+ static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache-jwt");
final String port;
@@ -92,6 +100,18 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
// set this to false to fork
launchServer(OIDCServerJWT.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCServerJCache.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(OIDCServerJCacheJWT.class, true)
+ );
}
@AfterClass
@@ -102,7 +122,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT);
}
@org.junit.Test
@@ -977,4 +997,84 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
+
+ //
+ // Server implementations
+ //
+
+ public static class OIDCServer extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCServer.class.getResource("oidc-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCServer();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCServerJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCServerJWT.class.getResource("oidc-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCServerJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCServerJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCServer.class.getResource("oidc-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCServerJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class OIDCServerJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ OIDCServerJWT.class.getResource("oidc-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new OIDCServerJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServer.java
deleted file mode 100644
index 58fa860..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServer.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oidc;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class OIDCServer extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- OIDCServer.class.getResource("oidc-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new OIDCServer();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServerJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServerJWT.java
deleted file mode 100644
index 58f3989..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCServerJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oidc;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class OIDCServerJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- OIDCServerJWT.class.getResource("oidc-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new OIDCServerJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServer.java
deleted file mode 100644
index 034c745..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServer.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oidc;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class UserInfoServer extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- UserInfoServer.class.getResource("userinfo-server.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new UserInfoServer();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServerJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServerJWT.java
deleted file mode 100644
index 80ca82a..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoServerJWT.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oidc;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class UserInfoServerJWT extends AbstractBusTestServerBase {
- private static final URL SERVER_CONFIG_FILE =
- UserInfoServerJWT.class.getResource("userinfo-server-jwt.xml");
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new UserInfoServerJWT();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
-}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
index 38c26ef..5ff0e80 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java
@@ -32,6 +32,9 @@ import java.util.Collection;
import javax.ws.rs.core.Response;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -45,6 +48,7 @@ import org.apache.cxf.rs.security.oidc.common.UserInfo;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.junit.AfterClass;
@@ -58,12 +62,16 @@ import org.junit.runners.Parameterized.Parameters;
* an access token. The tests are run multiple times with different OAuthDataProvider implementations:
* a) PORT - EhCache
* b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled
+ * c) JCACHE_PORT - JCache
+ * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled
*/
@RunWith(value = org.junit.runners.Parameterized.class)
public class UserInfoTest extends AbstractBusClientServerTestBase {
static final String PORT = TestUtil.getPortNumber("jaxrs-userinfo");
static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jwt");
+ static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache");
+ static final String JCACHE_JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache-jwt");
final String port;
@@ -85,6 +93,18 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
// set this to false to fork
launchServer(UserInfoServerJWT.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(UserInfoServerJCache.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(UserInfoServerJCacheJWT.class, true)
+ );
}
@AfterClass
@@ -95,7 +115,7 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT);
}
@org.junit.Test
@@ -289,4 +309,85 @@ public class UserInfoTest extends AbstractBusClientServerTestBase {
Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
+
+ //
+ // Server implementations
+ //
+
+ public static class UserInfoServer extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ UserInfoServer.class.getResource("userinfo-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new UserInfoServer();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class UserInfoServerJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ UserInfoServerJWT.class.getResource("userinfo-server-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new UserInfoServerJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class UserInfoServerJCache extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ UserInfoServer.class.getResource("userinfo-server-jcache.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new UserInfoServerJCache();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
+ public static class UserInfoServerJCacheJWT extends AbstractBusTestServerBase {
+ private static final URL SERVER_CONFIG_FILE =
+ UserInfoServerJWT.class.getResource("userinfo-server-jcache-jwt.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new UserInfoServerJCacheJWT();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ }
+
}
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache-jwt.xml
new file mode 100644
index 0000000..d6c00c3
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache-jwt.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-negative-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-negative-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-negative-jcache-jwt}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache.xml
new file mode 100644
index 0000000..b0bba24
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jcache.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-negative-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-negative-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-negative-jcache}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml
new file mode 100644
index 0000000..0739696
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-jwt.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jcache-jwt}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml
new file mode 100644
index 0000000..39f700c
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jcache}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache-jwt.xml
new file mode 100644
index 0000000..09be199
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache-jwt.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-introspection-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-introspection2-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-introspection-jcache-jwt}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ <ref bean="tokenIntrospectionService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache.xml
new file mode 100644
index 0000000..b1b548d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jcache.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-introspection-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oauth2-introspection2-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="loginHandler" ref="callbackHandlerLoginHandler"/>
+ </bean>
+
+ <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ <ref bean="passwordGrantHandler"/>
+ <ref bean="clientCredsGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oauth2-introspection-jcache}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ <ref bean="tokenIntrospectionService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache-jwt.xml
new file mode 100644
index 0000000..8e975d6
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache-jwt.xml
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>12345</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+
+ <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+ <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+
+ <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="clientCredGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+ <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ <ref bean="customGrantHandler"/>
+ <ref bean="clientCredGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <bean id="serviceBeanPublic" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="customGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache-jwt}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-oauth2-public-jcache-jwt}/oauth2Public">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBeanPublic"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache-jwt}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache-jwt}/oauth2-auth-jwt">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwtAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache.xml
new file mode 100644
index 0000000..14ece1b
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jcache.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>12345</value></constructor-arg>
+ </bean>
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+
+ <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+ <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+
+ <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="clientCredGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+ <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="jwtGrantHandler"/>
+ <ref bean="customGrantHandler"/>
+ <ref bean="clientCredGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <bean id="serviceBeanPublic" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="customGrantHandler"/>
+ </list>
+ </property>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-oauth2-public-jcache}/oauth2Public">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBeanPublic"/>
+ </jaxrs:serviceBeans>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jcache}/oauth2-auth-jwt">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwtAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache-jwt.xml
new file mode 100644
index 0000000..e8294fc
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache-jwt.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oidc-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oidc-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jcache-jwt}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jcache-jwt}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache.xml
new file mode 100644
index 0000000..cf92fa0
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jcache.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oidc-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-oidc-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="refreshGrantHandler"/>
+ </list>
+ </property>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ <property name="codeService" ref="authorizationService"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jcache}/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="hybridService"/>
+ <ref bean="implicitService"/>
+ <ref bean="tokenService"/>
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc-jcache}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache-jwt.xml
new file mode 100644
index 0000000..295eb9e
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache-jwt.xml
@@ -0,0 +1,193 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-userinfo-jcache-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-userinfo-jcache-jwt}</value></constructor-arg>
+ <property name="useJwtFormatForAccessTokens" value="true"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache-jwt}/services/oidc">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache-jwt}/services/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+ <bean id="signedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache-jwt}/services/signed">
+ <jaxrs:serviceBeans>
+ <ref bean="signedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="encryptedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ <property name="jweRequired" value="true"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache-jwt}/services/encrypted">
+ <jaxrs:serviceBeans>
+ <ref bean="encryptedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="bob"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/bob.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+
+ </jaxrs:server>
+
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+
+</beans>
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache.xml
new file mode 100644
index 0000000..912b7bf
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jcache.xml
@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <httpj:engine-factory id="tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-userinfo-jcache}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="false" required="false"/>
+ </httpj:tlsServerParameters>
+ <httpj:sessionSupport>true</httpj:sessionSupport>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl">
+ <constructor-arg><value>${testutil.ports.jaxrs-userinfo-jcache}</value></constructor-arg>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache}/services/oidc">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" />
+ <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ </bean>
+
+ <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache}/services/plain">
+ <jaxrs:serviceBeans>
+ <ref bean="userInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+
+ <bean id="signedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache}/services/signed">
+ <jaxrs:serviceBeans>
+ <ref bean="signedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ <ref bean="jsonProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="alice"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.key.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/alice.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="encryptedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
+ <property name="userInfoProvider" ref="userInfoProvider"/>
+ <property name="jwsRequired" value="false"/>
+ <property name="jweRequired" value="true"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-userinfo-jcache}/services/encrypted">
+ <jaxrs:serviceBeans>
+ <ref bean="encryptedUserInfoService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="bob"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.keystore.file" value="keys/bob.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+
+ </jaxrs:server>
+
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+
+</beans>