You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/09/18 16:07:35 UTC
[cxf] branch master updated: Add some tests for the RolesAllowed
annotation with JWT tokens
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 01559f2 Add some tests for the RolesAllowed annotation with JWT tokens
01559f2 is described below
commit 01559f20020110407ceb142e4ec53eaddcaeb9d4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Sep 18 17:07:10 2018 +0100
Add some tests for the RolesAllowed annotation with JWT tokens
---
.../jaxrs/security/jose/jwt/BookStoreAuthn.java | 11 +++
.../jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java | 80 ++++++++++++++++++++++
.../jaxrs/security/jose/jwt/authn-authz-server.xml | 21 ++++++
3 files changed, 112 insertions(+)
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookStoreAuthn.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookStoreAuthn.java
index 6954c5c..d1ca2e2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookStoreAuthn.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookStoreAuthn.java
@@ -20,6 +20,7 @@
package org.apache.cxf.systest.jaxrs.security.jose.jwt;
+import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
@@ -82,6 +83,16 @@ public class BookStoreAuthn {
return book;
}
+ @POST
+ @Path("/booksrolesallowed")
+ @Produces("application/json")
+ @Consumes("application/json")
+ @RolesAllowed({"boss" })
+ public Book echoBook4(Book book) {
+ checkAuthentication();
+ return book;
+ }
+
private void checkAuthentication() {
// Check that we have an authenticated principal
Assert.assertNotNull(jaxrsContext.getSecurityContext().getUserPrincipal());
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
index 3a2531f..5d95323 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
@@ -246,6 +246,86 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testAuthorizationRolesAllowedAnnotation() throws Exception {
+
+ URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwtAuthenticationClientFilter());
+
+ String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ // Create the JWT Token
+ JwtClaims claims = new JwtClaims();
+ claims.setSubject("alice");
+ claims.setIssuer("DoubleItSTSIssuer");
+ claims.setIssuedAt(Instant.now().getEpochSecond());
+ claims.setAudiences(toList(address));
+ // The endpoint requires a role of "boss"
+ claims.setProperty("role", "boss");
+
+ JwtToken token = new JwtToken(claims);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ properties.put(JwtConstants.JWT_TOKEN, token);
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testAuthorizationWrongRolesAllowedAnnotation() throws Exception {
+
+ URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwtAuthenticationClientFilter());
+
+ String address = "https://localhost:" + PORT + "/signedjwtauthzannotations/bookstore/booksrolesallowed";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ // Create the JWT Token
+ JwtClaims claims = new JwtClaims();
+ claims.setSubject("alice");
+ claims.setIssuer("DoubleItSTSIssuer");
+ claims.setIssuedAt(Instant.now().getEpochSecond());
+ claims.setAudiences(toList(address));
+ // The endpoint requires a role of "boss"
+ claims.setProperty("role", "manager");
+
+ JwtToken token = new JwtToken(claims);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ properties.put(JwtConstants.JWT_TOKEN, token);
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
public void testClaimsAuthorization() throws Exception {
URL busFile = JWTAuthnAuthzTest.class.getResource("client.xml");
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server.xml
index 85508b4..a83abde 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server.xml
@@ -92,4 +92,25 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
+ <bean id="annotationsInterceptor" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+ <property name="securedObject" ref="serviceBean"/>
+ </bean>
+ <bean id="rolesHandler" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
+ <property name="interceptor" ref="annotationsInterceptor"/>
+ </bean>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt-authn-authz}/signedjwtauthzannotations">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwtAuthzFilter"/>
+ <ref bean="rolesHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.in.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
</beans>