You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/14 16:43:46 UTC
cxf git commit: Adding some OAuth JWT tests
Repository: cxf
Updated Branches:
refs/heads/master c4a5b2925 -> 8498cbbcb
Adding some OAuth JWT tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8498cbbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8498cbbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8498cbbc
Branch: refs/heads/master
Commit: 8498cbbcb4553cea96f2452ece7475e20a09b64a
Parents: c4a5b29
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Dec 14 15:43:33 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Dec 14 15:43:33 2015 +0000
----------------------------------------------------------------------
.../jaxrs/security/oauth2/JAXRSOAuth2Test.java | 105 +++++++++++++++++++
.../oauth2/grants/AuthorizationGrantTest.java | 15 ++-
2 files changed, 117 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8498cbbc/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
index 90c8cbb..97a24d1 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
@@ -342,6 +342,111 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
}
}
+ @Test
+ public void testJWTBadSubjectName() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "bob", address, true, true);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ try {
+ OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+ fail("Failure expected on a bad subject name");
+ } catch (OAuthServiceException ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testJWTUnsigned() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "alice", address, true, false);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ try {
+ OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+ fail("Failure expected on an unsigned token");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testJWTNoIssuer() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken(null, "alice", address, true, true);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ try {
+ OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+ fail("Failure expected on no issuer");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testJWTNoExpiry() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "alice", address, false, true);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ try {
+ OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+ fail("Failure expected on no expiry");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testJWTBadAudienceRestriction() throws Exception {
+ String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+ WebClient wc = createWebClient(address);
+
+ // Create the JWT Token
+ String token = createToken("resourceOwner", "alice", address + "/badtoken", true, true);
+
+ Map<String, String> extraParams = new HashMap<String, String>();
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+ "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+ extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+
+ try {
+ OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+ fail("Failure expected on a bad audience restriction");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
private WebClient createWebClient(String address) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
http://git-wip-us.apache.org/repos/asf/cxf/blob/8498cbbc/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 8ce2a30..ecdb2d2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -220,8 +220,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
response = client.post(form);
String location = response.getHeaderString("Location");
- String accessToken = location.substring(location.indexOf("access_token=") + "access_token=".length());
- accessToken = accessToken.substring(0, accessToken.indexOf('&'));
+ String accessToken = getSubstring(location, "access_token");
assertNotNull(accessToken);
}
@@ -353,7 +352,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
response = client.post(form);
String location = response.getHeaderString("Location");
- return location.substring(location.indexOf("code=") + "code=".length());
+ return getSubstring(location, "code");
}
private ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) {
@@ -445,4 +444,14 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
return jws.getSignedEncodedJws();
}
+
+ private String getSubstring(String parentString, String substringName) {
+ String foundString =
+ parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length());
+ int ampersandIndex = foundString.indexOf('&');
+ if (ampersandIndex < 1) {
+ ampersandIndex = foundString.length();
+ }
+ return foundString.substring(0, ampersandIndex);
+ }
}