You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/07/26 14:29:24 UTC
[cxf] branch master updated (336c91f -> c1fb9e9)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 336c91f CXF-7805 - Transform feature outDropElements has no effect
new 6fdd44d Fixing failing JPA TokenIntrospection tests
new c1fb9e9 Adding unit tests for JCache + JWT OAuth 2.0 data provider
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../rs/security/oauth2/common/OAuthPermission.java | 4 ++
.../oauth2/provider/JPAOAuthDataProvider.java | 8 ++-
.../provider/AbstractOAuthDataProviderTest.java | 62 +++++++++++++++++++++-
...st.java => JCacheJWTOAuthDataProviderTest.java} | 3 +-
.../oauth2/grants/IntrospectionServiceTest.java | 2 +-
5 files changed, 75 insertions(+), 4 deletions(-)
copy rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/{JCacheOAuthDataProviderTest.java => JCacheJWTOAuthDataProviderTest.java} (88%)
[cxf] 01/02: Fixing failing JPA TokenIntrospection tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 6fdd44d05c660d51ce792e7f9b69d2d67d9c0303
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jul 25 16:15:54 2018 +0100
Fixing failing JPA TokenIntrospection tests
---
.../org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java | 4 ++++
.../cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java | 8 +++++++-
.../jaxrs/security/oauth2/grants/IntrospectionServiceTest.java | 2 +-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
index e164930..61095ce 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
@@ -177,6 +177,10 @@ public class OAuthPermission implements Serializable {
return false;
}
+ if (object == this) {
+ return true;
+ }
+
OAuthPermission that = (OAuthPermission)object;
if (getHttpVerbs() != null && that.getHttpVerbs() == null
|| getHttpVerbs() == null && that.getHttpVerbs() != null
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
index 3ab720b..0a252af 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
@@ -174,7 +174,13 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider {
return execute(new EntityManagerOperation<ServerAccessToken>() {
@Override
public ServerAccessToken execute(EntityManager em) {
- return em.find(BearerAccessToken.class, accessToken);
+ TypedQuery<BearerAccessToken> query = em.createQuery("SELECT t FROM BearerAccessToken t"
+ + " WHERE t.tokenKey = :tokenKey", BearerAccessToken.class)
+ .setParameter("tokenKey", accessToken);
+ if (query.getResultList().isEmpty()) {
+ return null;
+ }
+ return query.getSingleResult();
}
});
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
index 5c831fe..c8e30b6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java
@@ -93,7 +93,7 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
@Parameters(name = "{0}")
public static Collection<String> data() {
- return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); // TODOJPA_PORT);
+ return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT);
}
@org.junit.Test
[cxf] 02/02: Adding unit tests for JCache + JWT OAuth 2.0 data
provider
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit c1fb9e95a92df3c828be8c467558503bfc40da80
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 26 10:20:19 2018 +0100
Adding unit tests for JCache + JWT OAuth 2.0 data provider
---
.../provider/AbstractOAuthDataProviderTest.java | 62 +++++++++++++++++++++-
.../provider/JCacheJWTOAuthDataProviderTest.java | 33 ++++++++++++
2 files changed, 94 insertions(+), 1 deletion(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
index ee002c1..b7d4bdc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProviderTest.java
@@ -18,10 +18,20 @@
*/
package org.apache.cxf.rs.security.oauth2.provider;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.PrivateKeyJwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -35,11 +45,34 @@ import org.junit.Assert;
import org.junit.Test;
abstract class AbstractOAuthDataProviderTest extends Assert {
+ private static KeyPair keyPair;
private AbstractOAuthDataProvider provider;
- protected void initializeProvider(AbstractOAuthDataProvider dataProvider) {
+ static {
+ try {
+ keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ }
+
+ protected static void initializeProvider(AbstractOAuthDataProvider dataProvider) {
dataProvider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
dataProvider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
+
+ // Configure the means of signing the issued JWT tokens
+ if (dataProvider.isUseJwtFormatForAccessTokens()) {
+ final JwsSignatureProvider signatureProvider =
+ new PrivateKeyJwsSignatureProvider(keyPair.getPrivate(), SignatureAlgorithm.RS256);
+
+ OAuthJoseJwtProducer jwtAccessTokenProducer = new OAuthJoseJwtProducer() {
+ @Override
+ protected JwsSignatureProvider getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
+ return signatureProvider;
+ }
+ };
+ dataProvider.setJwtAccessTokenProducer(jwtAccessTokenProducer);
+ }
}
protected AbstractOAuthDataProvider getProvider() {
@@ -107,7 +140,9 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
@@ -119,21 +154,25 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
+ validateAccessToken(tokens.get(0));
getProvider().revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
assertNull(getProvider().getAccessToken(at.getTokenKey()));
@@ -152,6 +191,7 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
+ validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
@@ -173,6 +213,7 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
+ validateAccessToken(tokens.get(0));
getProvider().removeClient(c.getClientId());
@@ -194,14 +235,18 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
at = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at);
AccessTokenRegistration atr2 = new AccessTokenRegistration();
atr2.setClient(c);
atr2.setApprovedScope(Collections.singletonList("a"));
atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
ServerAccessToken at2 = getProvider().createAccessToken(atr2);
+ validateAccessToken(at2);
at2 = getProvider().getAccessToken(at2.getTokenKey());
+ validateAccessToken(at2);
assertNotNull(at.getSubject().getId());
assertTrue(at.getSubject() instanceof UserSubject);
@@ -221,7 +266,9 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
+ validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
+ validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
@@ -306,4 +353,17 @@ abstract class AbstractOAuthDataProviderTest extends Assert {
}
}
+ private void validateAccessToken(ServerAccessToken accessToken) {
+ if (getProvider().isUseJwtFormatForAccessTokens()) {
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken.getTokenKey());
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
+ // Validate claims
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+
+ Assert.assertTrue(jwtConsumer.verifySignatureWith(keyPair.getPublic(), SignatureAlgorithm.RS256));
+ }
+ }
+
}
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java
new file mode 100644
index 0000000..53b7741
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/JCacheJWTOAuthDataProviderTest.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import org.junit.Before;
+
+public class JCacheJWTOAuthDataProviderTest extends AbstractOAuthDataProviderTest {
+
+ @Before
+ public void setUp() throws Exception {
+ JCacheOAuthDataProvider provider = new JCacheOAuthDataProvider();
+ provider.setUseJwtFormatForAccessTokens(true);
+ initializeProvider(provider);
+ setProvider(provider);
+ }
+
+}