You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/20 17:21:28 UTC
[9/9] cxf git commit: Fixing merge
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e61467c8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e61467c8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e61467c8
Branch: refs/heads/3.0.x-fixes
Commit: e61467c87bff87046ddf9ce52f04623b790db3ca
Parents: 52e85d0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jan 20 16:21:04 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jan 20 16:21:04 2016 +0000
----------------------------------------------------------------------
.../security/oauth2/OAuthDataProviderImpl.java | 121 -------
.../security/oauth2/SamlCallbackHandler2.java | 156 ---------
.../security/oauth2/common/OAuth2TestUtils.java | 52 ---
.../oauth2/common/OAuthDataProviderImpl.java | 9 +-
.../oauth2/filters/OAuthDataProviderImpl.java | 97 ------
.../grants/AuthorizationGrantNegativeTest.java | 349 -------------------
.../oauth2/grants/AuthorizationGrantTest.java | 101 +-----
.../security/oauth2/grants/JAXRSOAuth2Test.java | 189 +---------
.../oauth2/grants/grants-negative-server.xml | 2 +-
.../jaxrs/security/oauth2/grants/server.xml | 4 +-
10 files changed, 12 insertions(+), 1068 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
deleted file mode 100644
index b1472e5..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.oauth2;
-
-import java.io.InputStream;
-import java.security.cert.Certificate;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.saml.Constants;
-import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-
-public class OAuthDataProviderImpl implements OAuthDataProvider {
-
- private Map<String, Client> clients = new HashMap<String, Client>();
-
- public OAuthDataProviderImpl() throws Exception {
- Client client = new Client("alice", "alice", true);
- client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
- client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
- client.getAllowedGrantTypes().add("custom_grant");
- clients.put(client.getClientId(), client);
-
-
- Certificate cert = loadCert();
- String encodedCert = Base64Utility.encode(cert.getEncoded());
-
- Client client2 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US",
- null,
- true,
- null,
- null);
- client2.getAllowedGrantTypes().add("custom_grant");
- client2.setApplicationCertificates(Collections.singletonList(encodedCert));
- clients.put(client2.getClientId(), client2);
- }
-
- private Certificate loadCert() throws Exception {
- InputStream is = this.getClass().getResourceAsStream("/org/apache/cxf/systest/http/resources/Truststore.jks");
- return CryptoUtils.loadCertificate(is, new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, "morpit", null);
- }
-
- @Override
- public Client getClient(String clientId) throws OAuthServiceException {
- return clients.get(clientId);
- }
-
- @Override
- public ServerAccessToken createAccessToken(AccessTokenRegistration accessToken)
- throws OAuthServiceException {
- return new BearerAccessToken(accessToken.getClient(), 3600);
- }
-
- @Override
- public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes,
- UserSubject subject, String grantType)
- throws OAuthServiceException {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public ServerAccessToken refreshAccessToken(Client client, String refreshToken,
- List<String> requestedScopes) throws OAuthServiceException {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public void revokeToken(Client client, String token, String tokenTypeHint) throws OAuthServiceException {
- // TODO Auto-generated method stub
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java
deleted file mode 100644
index 06f3043..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler2.java
+++ /dev/null
@@ -1,156 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.oauth2;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rt.security.claims.SAMLClaim;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.bean.ActionBean;
-import org.apache.wss4j.common.saml.bean.AttributeBean;
-import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
-import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
-import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
-import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean.Decision;
-import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.saml.bean.SubjectBean;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.joda.time.DateTime;
-
-/**
- * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion.
- */
-public class SamlCallbackHandler2 implements CallbackHandler {
- public static final String PORT = BookServerOAuth2.PORT;
- private String confirmationMethod = SAML2Constants.CONF_BEARER;
-
- public SamlCallbackHandler2() {
- }
-
- public void setConfirmationMethod(String confirmationMethod) {
- this.confirmationMethod = confirmationMethod;
- }
-
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- Message m = PhaseInterceptorChain.getCurrentMessage();
-
- for (int i = 0; i < callbacks.length; i++) {
- if (callbacks[i] instanceof SAMLCallback) {
- SAMLCallback callback = (SAMLCallback) callbacks[i];
- callback.setIssuer("alice");
-
- String subjectName = m != null ? (String)m.getContextualProperty("saml.subject.name") : null;
- if (subjectName == null) {
- subjectName = "alice";
- }
- String subjectQualifier = "www.mock-sts.com";
- SubjectBean subjectBean =
- new SubjectBean(
- subjectName, subjectQualifier, confirmationMethod
- );
- callback.setSubject(subjectBean);
-
- ConditionsBean conditions = new ConditionsBean();
- AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
- String audienceURI = "https://localhost:" + PORT + "/oauth2-auth/token";
- audienceRestriction.setAudienceURIs(Collections.singletonList(audienceURI));
- conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
-
- callback.setConditions(conditions);
-
- AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
- authDecBean.setDecision(Decision.INDETERMINATE);
- authDecBean.setResource("https://sp.example.com/SAML2");
- ActionBean actionBean = new ActionBean();
- actionBean.setContents("Read");
- authDecBean.setActions(Collections.singletonList(actionBean));
- callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
-
- AuthenticationStatementBean authBean = new AuthenticationStatementBean();
- authBean.setSubject(subjectBean);
- authBean.setAuthenticationInstant(new DateTime());
- authBean.setSessionIndex("123456");
- // AuthnContextClassRef is not set
- authBean.setAuthenticationMethod(
- "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
- callback.setAuthenticationStatementData(
- Collections.singletonList(authBean));
-
- AttributeStatementBean attrBean = new AttributeStatementBean();
- attrBean.setSubject(subjectBean);
-
- List<String> roles = m != null
- ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.roles")) : null;
- if (roles == null) {
- roles = Collections.singletonList("user");
- }
- List<AttributeBean> claims = new ArrayList<AttributeBean>();
- AttributeBean roleClaim = new AttributeBean();
- roleClaim.setSimpleName("subject-role");
- roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
- roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
- roleClaim.setAttributeValues(new ArrayList<Object>(roles));
- claims.add(roleClaim);
-
- List<String> authMethods =
- m != null ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.auth")) : null;
- if (authMethods == null) {
- authMethods = Collections.singletonList("password");
- }
-
- AttributeBean authClaim = new AttributeBean();
- authClaim.setSimpleName("http://claims/authentication");
- authClaim.setQualifiedName("http://claims/authentication");
- authClaim.setNameFormat("http://claims/authentication-format");
- authClaim.setAttributeValues(new ArrayList<Object>(authMethods));
- claims.add(authClaim);
-
- attrBean.setSamlAttributes(claims);
- callback.setAttributeStatementData(Collections.singletonList(attrBean));
-
- try {
- Crypto crypto =
- CryptoFactory.getInstance("org/apache/cxf/systest/jaxrs/security/alice.properties");
- callback.setIssuerCrypto(crypto);
- callback.setIssuerKeyName("alice");
- callback.setIssuerKeyPassword("password");
- callback.setSignAssertion(true);
- } catch (WSSecurityException e) {
- throw new IOException(e);
- }
- }
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 8982ee0..bef919e 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -19,23 +19,14 @@
package org.apache.cxf.systest.jaxrs.security.oauth2.common;
import java.util.ArrayList;
-import java.util.Calendar;
import java.util.Collections;
-import java.util.Date;
import java.util.List;
-import java.util.Properties;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JSONProvider;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
@@ -146,49 +137,6 @@ public final class OAuth2TestUtils {
return samlAssertion.assertionToString();
}
- public static String createToken(String issuer, String subject, String audience,
- boolean expiry, boolean sign) {
- // Create the JWT Token
- JwtClaims claims = new JwtClaims();
- claims.setSubject(subject);
- if (issuer != null) {
- claims.setIssuer(issuer);
- }
- claims.setIssuedAt(new Date().getTime() / 1000L);
- if (expiry) {
- Calendar cal = Calendar.getInstance();
- cal.add(Calendar.SECOND, 60);
- claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
- }
- if (audience != null) {
- claims.setAudiences(Collections.singletonList(audience));
- }
-
- if (sign) {
- // Sign the JWT Token
- Properties signingProperties = new Properties();
- signingProperties.put("rs.security.keystore.type", "jks");
- signingProperties.put("rs.security.keystore.password", "password");
- signingProperties.put("rs.security.keystore.alias", "alice");
- signingProperties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- signingProperties.put("rs.security.key.password", "password");
- signingProperties.put("rs.security.signature.algorithm", "RS256");
-
- JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
-
- JwsSignatureProvider sigProvider =
- JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
-
- return jws.signWith(sigProvider);
- }
-
- JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
- return jws.getSignedEncodedJws();
- }
-
public static String getSubstring(String parentString, String substringName) {
String foundString =
parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length());
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
index 0214da9..67bcde6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
@@ -99,8 +99,9 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
for (String requestedScope : requestedScopes) {
if ("read_book".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission();
+ permission.setPermission("read_book");
permission.setHttpVerbs(Collections.singletonList("GET"));
- List<String> uris = new ArrayList<>();
+ List<String> uris = new ArrayList<String>();
String partnerAddress = "/secured/bookstore/books/*";
uris.add(partnerAddress);
permission.setUris(uris);
@@ -108,8 +109,9 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
permissions.add(permission);
} else if ("create_book".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission();
+ permission.setPermission("create_book");
permission.setHttpVerbs(Collections.singletonList("POST"));
- List<String> uris = new ArrayList<>();
+ List<String> uris = new ArrayList<String>();
String partnerAddress = "/secured/bookstore/books/*";
uris.add(partnerAddress);
permission.setUris(uris);
@@ -117,8 +119,9 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
permissions.add(permission);
} else if ("create_image".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission();
+ permission.setPermission("create_image");
permission.setHttpVerbs(Collections.singletonList("POST"));
- List<String> uris = new ArrayList<>();
+ List<String> uris = new ArrayList<String>();
String partnerAddress = "/secured/bookstore/image/*";
uris.add(partnerAddress);
permission.setUris(uris);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
deleted file mode 100644
index 9953821..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.oauth2.filters;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-
-/**
- * Extend the DefaultEHCacheCodeDataProvider to allow refreshing of tokens
- */
-public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
-
- public OAuthDataProviderImpl() {
- Client client = new Client("consumer-id", "this-is-a-secret", true);
- client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org"));
-
- client.getAllowedGrantTypes().add("authorization_code");
- client.getAllowedGrantTypes().add("refresh_token");
- client.getAllowedGrantTypes().add("implicit");
-
- client.getRegisteredScopes().add("read_book");
- client.getRegisteredScopes().add("create_book");
- client.getRegisteredScopes().add("create_image");
-
- this.setClient(client);
- }
-
- @Override
- protected boolean isRefreshTokenSupported(List<String> theScopes) {
- return true;
- }
-
- @Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
- if (requestedScopes.isEmpty()) {
- return Collections.emptyList();
- }
-
- List<OAuthPermission> permissions = new ArrayList<OAuthPermission>();
- for (String requestedScope : requestedScopes) {
- if ("read_book".equals(requestedScope)) {
- OAuthPermission permission = new OAuthPermission();
- permission.setHttpVerbs(Collections.singletonList("GET"));
- List<String> uris = new ArrayList<String>();
- String partnerAddress = "/secured/bookstore/books/*";
- uris.add(partnerAddress);
- permission.setUris(uris);
-
- permissions.add(permission);
- } else if ("create_book".equals(requestedScope)) {
- OAuthPermission permission = new OAuthPermission();
- permission.setHttpVerbs(Collections.singletonList("POST"));
- List<String> uris = new ArrayList<String>();
- String partnerAddress = "/secured/bookstore/books/*";
- uris.add(partnerAddress);
- permission.setUris(uris);
-
- permissions.add(permission);
- } else if ("create_image".equals(requestedScope)) {
- OAuthPermission permission = new OAuthPermission();
- permission.setHttpVerbs(Collections.singletonList("POST"));
- List<String> uris = new ArrayList<>();
- String partnerAddress = "/secured/bookstore/image/*";
- uris.add(partnerAddress);
- permission.setUris(uris);
-
- permissions.add(permission);
- } else {
- throw new OAuthServiceException("invalid_scope");
- }
- }
-
- return permissions;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index e397d10..1274a3f 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -20,16 +20,6 @@
package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
import java.net.URL;
-<<<<<<< HEAD
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-=======
-import java.util.Calendar;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Properties;
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.core.Form;
@@ -37,15 +27,6 @@ import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
-<<<<<<< HEAD
-import org.apache.cxf.jaxrs.provider.json.JSONProvider;
-=======
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler;
@@ -656,335 +637,5 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
// expected
}
}
- /*
- @org.junit.Test
- public void testJWTAuthorizationGrant() throws Exception {
- URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
-
- String address = "https://localhost:" + PORT + "/services/";
- WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
-
- // Create the JWT Token
-<<<<<<< HEAD
- String token = createToken("DoubleItSTSIssuer", "consumer-id",
-=======
- String token = OAuth2TestUtils.createToken("DoubleItSTSIssuer", "consumer-id",
- "https://localhost:" + PORT + "/services/token", true, false);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
- form.param("assertion", token);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- try {
- response.readEntity(ClientAccessToken.class);
- fail("Failure expected on an unsigned token");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @org.junit.Test
- public void testJWTNoIssuer() throws Exception {
- URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
-
- String address = "https://localhost:" + PORT + "/services/";
- WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken(null, "consumer-id",
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
- "https://localhost:" + PORT + "/services/token", true, true);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
- form.param("assertion", token);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
-<<<<<<< HEAD
- ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
- assertNotNull(accessToken.getTokenKey());
- assertNotNull(accessToken.getRefreshToken());
-=======
- try {
- response.readEntity(ClientAccessToken.class);
- fail("Failure expected on no issuer");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @org.junit.Test
- public void testJWTNoExpiry() throws Exception {
- URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
-
- String address = "https://localhost:" + PORT + "/services/";
- WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("DoubleItSTSIssuer", "consumer-id",
- "https://localhost:" + PORT + "/services/token", false, true);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
- form.param("assertion", token);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- try {
- response.readEntity(ClientAccessToken.class);
- fail("Failure expected on no expiry");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @org.junit.Test
- public void testJWTBadAudienceRestriction() throws Exception {
- URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
-
- String address = "https://localhost:" + PORT + "/services/";
- WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("DoubleItSTSIssuer", "consumer-id",
- "https://localhost:" + PORT + "/services/badtoken", true, true);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
- form.param("assertion", token);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- try {
- response.readEntity(ClientAccessToken.class);
- fail("Failure expected on a bad audience restriction");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @org.junit.Test
- public void testJWTUnauthenticatedSignature() throws Exception {
- URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
-
- String address = "https://localhost:" + PORT + "/services/";
- WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", busFile.toString());
-
- // Create the JWT Token
- // Create the JWT Token
- JwtClaims claims = new JwtClaims();
- claims.setSubject("consumer-id");
- claims.setIssuer("DoubleItSTSIssuer");
- claims.setIssuedAt(new Date().getTime() / 1000L);
- Calendar cal = Calendar.getInstance();
- cal.add(Calendar.SECOND, 60);
- claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
- String audience = "https://localhost:" + PORT + "/services/token";
- claims.setAudiences(Collections.singletonList(audience));
-
- // Sign the JWT Token
- Properties signingProperties = new Properties();
- signingProperties.put("rs.security.keystore.type", "jks");
- signingProperties.put("rs.security.keystore.password", "security");
- signingProperties.put("rs.security.keystore.alias", "smallkey");
- signingProperties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
- signingProperties.put("rs.security.key.password", "security");
- signingProperties.put("rs.security.signature.algorithm", "RS256");
-
- JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
-
- JwsSignatureProvider sigProvider =
- JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
-
- String token = jws.signWith(sigProvider);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
- form.param("assertion", token);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- try {
- response.readEntity(ClientAccessToken.class);
- fail("Failure expected on an unauthenticated token");
- } catch (Exception ex) {
- // expected
- }
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
- }
- */
-
-<<<<<<< HEAD
- private List<Object> setupProviders() {
- List<Object> providers = new ArrayList<Object>();
- JSONProvider<OAuthAuthorizationData> jsonP = new JSONProvider<OAuthAuthorizationData>();
- jsonP.setNamespaceMap(Collections.singletonMap("http://org.apache.cxf.rs.security.oauth",
- "ns2"));
- providers.add(jsonP);
- OAuthJSONProvider oauthProvider = new OAuthJSONProvider();
- providers.add(oauthProvider);
-
- return providers;
- }
-
- private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
- SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(sign);
- samlCallbackHandler.setAudience(audRestr);
- if (!saml2) {
- samlCallbackHandler.setSaml2(false);
- samlCallbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
- }
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
-
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
- if (samlCallback.isSignAssertion()) {
- samlAssertion.signAssertion(
- samlCallback.getIssuerKeyName(),
- samlCallback.getIssuerKeyPassword(),
- samlCallback.getIssuerCrypto(),
- samlCallback.isSendKeyValue(),
- samlCallback.getCanonicalizationAlgorithm(),
- samlCallback.getSignatureAlgorithm()
- );
- }
-
- return samlAssertion.assertionToString();
- }
- /*
- private String createToken(String issuer, String subject, String audience,
- boolean expiry, boolean sign) {
- // Create the JWT Token
- JwtClaims claims = new JwtClaims();
- claims.setSubject(subject);
- if (issuer != null) {
- claims.setIssuer(issuer);
- }
- claims.setIssuedAt(new Date().getTime() / 1000L);
- if (expiry) {
- Calendar cal = Calendar.getInstance();
- cal.add(Calendar.SECOND, 60);
- claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
- }
- if (audience != null) {
- claims.setAudiences(Collections.singletonList(audience));
- }
-
- if (sign) {
- // Sign the JWT Token
- Properties signingProperties = new Properties();
- signingProperties.put("rs.security.keystore.type", "jks");
- signingProperties.put("rs.security.keystore.password", "password");
- signingProperties.put("rs.security.keystore.alias", "alice");
- signingProperties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- signingProperties.put("rs.security.key.password", "password");
- signingProperties.put("rs.security.signature.algorithm", "RS256");
-
- JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
-
- JwsSignatureProvider sigProvider =
- JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
-
- return jws.signWith(sigProvider);
- }
-
- JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
- return jws.getSignedEncodedJws();
- }
- */
-
- private String getAuthorizationCode(WebClient client) {
- return getAuthorizationCode(client, null);
- }
-
- private String getAuthorizationCode(WebClient client, String scope) {
- // Make initial authorization request
- client.type("application/json").accept("application/json");
- client.query("client_id", "consumer-id");
- client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("response_type", "code");
- if (scope != null) {
- client.query("scope", scope);
- }
- client.path("authorize/");
- Response response = client.get();
- OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
-
- // Now call "decision" to get the authorization code grant
- client.path("decision");
- client.type("application/x-www-form-urlencoded");
-
- Form form = new Form();
- form.param("session_authenticity_token", authzData.getAuthenticityToken());
- form.param("client_id", authzData.getClientId());
- form.param("redirect_uri", authzData.getRedirectUri());
- if (authzData.getProposedScope() != null) {
- form.param("scope", authzData.getProposedScope());
- }
- form.param("oauthDecision", "allow");
-
- response = client.post(form);
- String location = response.getHeaderString("Location");
- return getSubstring(location, "code");
- }
-
- private ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) {
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "authorization_code");
- form.param("code", code);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- return response.readEntity(ClientAccessToken.class);
- }
-
- private String getSubstring(String parentString, String substringName) {
- String foundString =
- parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length());
- int ampersandIndex = foundString.indexOf('&');
- if (ampersandIndex < 1) {
- ampersandIndex = foundString.length();
- }
- return foundString.substring(0, ampersandIndex);
- }
-=======
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index fda1294..fdc8937 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -20,22 +20,12 @@
package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
import java.net.URL;
-<<<<<<< HEAD
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-=======
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
-<<<<<<< HEAD
-import org.apache.cxf.jaxrs.provider.json.JSONProvider;
-=======
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
@@ -225,12 +215,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
response = client.post(form);
String location = response.getHeaderString("Location");
-<<<<<<< HEAD
- String accessToken = location.substring(location.indexOf("access_token=") + "access_token=".length());
- accessToken = accessToken.substring(0, accessToken.indexOf('&'));
-=======
String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
assertNotNull(accessToken);
}
@@ -306,89 +291,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
assertNotNull(accessToken.getRefreshToken());
}
-<<<<<<< HEAD
- private String getAuthorizationCode(WebClient client) {
- return getAuthorizationCode(client, null);
- }
-
- private String getAuthorizationCode(WebClient client, String scope) {
- // Make initial authorization request
- client.type("application/json").accept("application/json");
- client.query("client_id", "consumer-id");
- client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("response_type", "code");
- if (scope != null) {
- client.query("scope", scope);
- }
- client.path("authorize/");
- Response response = client.get();
-
- OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
-
- // Now call "decision" to get the authorization code grant
- client.path("decision");
- client.type("application/x-www-form-urlencoded");
-
- Form form = new Form();
- form.param("session_authenticity_token", authzData.getAuthenticityToken());
- form.param("client_id", authzData.getClientId());
- form.param("redirect_uri", authzData.getRedirectUri());
- if (authzData.getProposedScope() != null) {
- form.param("scope", authzData.getProposedScope());
- }
- form.param("oauthDecision", "allow");
-
- response = client.post(form);
- String location = response.getHeaderString("Location");
- return location.substring(location.indexOf("code=") + "code=".length());
- }
-
- private ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) {
- client.type("application/x-www-form-urlencoded").accept("application/json");
- client.path("token");
-
- Form form = new Form();
- form.param("grant_type", "authorization_code");
- form.param("code", code);
- form.param("client_id", "consumer-id");
- Response response = client.post(form);
-
- return response.readEntity(ClientAccessToken.class);
- }
-
- private List<Object> setupProviders() {
- List<Object> providers = new ArrayList<Object>();
- JSONProvider<OAuthAuthorizationData> jsonP = new JSONProvider<OAuthAuthorizationData>();
- jsonP.setNamespaceMap(Collections.singletonMap("http://org.apache.cxf.rs.security.oauth",
- "ns2"));
- providers.add(jsonP);
- OAuthJSONProvider oauthProvider = new OAuthJSONProvider();
- providers.add(oauthProvider);
-
- return providers;
- }
-
- private String createToken(String audRestr) throws WSSecurityException {
- SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
- samlCallbackHandler.setAudience(audRestr);
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
-
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
- if (samlCallback.isSignAssertion()) {
- samlAssertion.signAssertion(
- samlCallback.getIssuerKeyName(),
- samlCallback.getIssuerKeyPassword(),
- samlCallback.getIssuerCrypto(),
- samlCallback.isSendKeyValue(),
- samlCallback.getCanonicalizationAlgorithm(),
- samlCallback.getSignatureAlgorithm()
- );
- }
-
- return samlAssertion.assertionToString();
-=======
+ /*
@org.junit.Test
public void testJWTAuthorizationGrant() throws Exception {
URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
@@ -414,7 +317,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase {
ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
assertNotNull(accessToken.getTokenKey());
assertNotNull(accessToken.getRefreshToken());
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code
}
+ */
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
index 3264120..5827b97 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
@@ -73,20 +73,11 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
-<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
- String assertion = SAMLUtils.createAssertion(new SamlCallbackHandler(false),
- signInfo).assertionToString();
-=======
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
String audienceURI = "https://localhost:" + PORT + "/oauth2/token";
samlCallbackHandler.setAudience(audienceURI);
- SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler,
- signInfo);
- Document doc = DOMUtils.newDocument();
- Element assertionElement = assertionWrapper.toDOM(doc);
- String assertion = DOM2Writer.nodeToString(assertionElement);
+ String assertion = SAMLUtils.createAssertion(samlCallbackHandler, signInfo).assertionToString();
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
new OAuthClientUtils.Consumer("alice", "alice"),
@@ -141,44 +132,6 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
assertNotNull(at.getTokenKey());
}
-<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
-=======
- @Test
- public void testJWTBearerGrant() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "alice", address, true, true);
-
- JwtBearerGrant grant = new JwtBearerGrant(token);
- ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
- new Consumer("alice", "alice"),
- grant,
- false);
- assertNotNull(at.getTokenKey());
- }
-
- @Test
- public void testJWTBearerAuthenticationDirect() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "alice", address, true, true);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
- new CustomGrant(),
- extraParams);
- assertNotNull(at.getTokenKey());
- }
-
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
//
// Some negative tests for authentication
//
@@ -333,117 +286,6 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
}
}
-<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
-=======
- @Test
- public void testJWTBadSubjectName() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "bob", address, true, true);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- try {
- OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
- fail("Failure expected on a bad subject name");
- } catch (OAuthServiceException ex) {
- // expected
- }
- }
-
- @Test
- public void testJWTUnsigned() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "alice", address,
- true, false);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- try {
- OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
- fail("Failure expected on an unsigned token");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @Test
- public void testJWTNoIssuer() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken(null, "alice", address, true, true);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- try {
- OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
- fail("Failure expected on no issuer");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @Test
- public void testJWTNoExpiry() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "alice",
- address, false, true);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- try {
- OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
- fail("Failure expected on no expiry");
- } catch (Exception ex) {
- // expected
- }
- }
-
- @Test
- public void testJWTBadAudienceRestriction() throws Exception {
- String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
- WebClient wc = createWebClient(address);
-
- // Create the JWT Token
- String token = OAuth2TestUtils.createToken("resourceOwner", "alice",
- address + "/badtoken", true, true);
-
- Map<String, String> extraParams = new HashMap<String, String>();
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
- "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
- extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
-
- try {
- OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
- fail("Failure expected on a bad audience restriction");
- } catch (Exception ex) {
- // expected
- }
- }
-
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
private WebClient createWebClient(String address) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -488,35 +330,6 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase {
return wc;
}
-<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
- private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
- SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(sign);
- samlCallbackHandler.setAudience(audRestr);
- if (!saml2) {
- samlCallbackHandler.setSaml2(false);
- samlCallbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
- }
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
-
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
- if (samlCallback.isSignAssertion()) {
- samlAssertion.signAssertion(
- samlCallback.getIssuerKeyName(),
- samlCallback.getIssuerKeyPassword(),
- samlCallback.getIssuerCrypto(),
- samlCallback.isSendKeyValue(),
- samlCallback.getCanonicalizationAlgorithm(),
- samlCallback.getSignatureAlgorithm()
- );
- }
-
- return samlAssertion.assertionToString();
- }
-
-=======
->>>>>>> 49b2b81... Reshuffle of the tests to share some common code:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java
private static class CustomGrant implements AccessTokenGrant {
private static final long serialVersionUID = -4007538779198315873L;
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
index 75aa22f..4fffc8a 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml
@@ -127,7 +127,7 @@ under the License.
<ref bean="basicAuthFilter"/>
</jaxrs:providers>
<jaxrs:properties>
- <entry key="security.signature.properties"
+ <entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
<entry key="rs.security.keystore.type" value="jks" />
<entry key="rs.security.keystore.alias" value="alice"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/e61467c8/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml
index 2b3d821..21e09b1 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml
@@ -88,7 +88,7 @@ under the License.
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:properties>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
<entry key="rs.security.keystore.type" value="jks" />
<entry key="rs.security.keystore.alias" value="alice"/>
<entry key="rs.security.keystore.password" value="password"/>
@@ -105,7 +105,7 @@ under the License.
<ref bean="samlAuthHandler"/>
</jaxrs:providers>
<jaxrs:properties>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth-jwt">