cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Adding some OAuth JWT tests
Date Mon, 14 Dec 2015 15:43:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/master c4a5b2925 -> 8498cbbcb


Adding some OAuth JWT tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8498cbbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8498cbbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8498cbbc

Branch: refs/heads/master
Commit: 8498cbbcb4553cea96f2452ece7475e20a09b64a
Parents: c4a5b29
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 14 15:43:33 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 14 15:43:33 2015 +0000

----------------------------------------------------------------------
 .../jaxrs/security/oauth2/JAXRSOAuth2Test.java  | 105 +++++++++++++++++++
 .../oauth2/grants/AuthorizationGrantTest.java   |  15 ++-
 2 files changed, 117 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8498cbbc/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
index 90c8cbb..97a24d1 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
@@ -342,6 +342,111 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase
{
         }
     }
     
+    @Test
+    public void testJWTBadSubjectName() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "bob", address, true, true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        try {
+            OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+            fail("Failure expected on a bad subject name");
+        } catch (OAuthServiceException ex) {
+            // expected
+        }
+    }
+    
+    @Test
+    public void testJWTUnsigned() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, true, false);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        try {
+            OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+            fail("Failure expected on an unsigned token");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @Test
+    public void testJWTNoIssuer() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken(null, "alice", address, true, true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        try {
+            OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+            fail("Failure expected on no issuer");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @Test
+    public void testJWTNoExpiry() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, false, true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        try {
+            OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+            fail("Failure expected on no expiry");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @Test
+    public void testJWTBadAudienceRestriction() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address + "/badtoken", true,
true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        try {
+            OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
+            fail("Failure expected on a bad audience restriction");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
     private WebClient createWebClient(String address) {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         bean.setAddress(address);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8498cbbc/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index 8ce2a30..ecdb2d2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -220,8 +220,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
         response = client.post(form);
 
         String location = response.getHeaderString("Location"); 
-        String accessToken = location.substring(location.indexOf("access_token=") + "access_token=".length());
-        accessToken = accessToken.substring(0, accessToken.indexOf('&'));
+        String accessToken = getSubstring(location, "access_token");
         assertNotNull(accessToken);
     }
 
@@ -353,7 +352,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
 
         response = client.post(form);
         String location = response.getHeaderString("Location"); 
-        return location.substring(location.indexOf("code=") + "code=".length());
+        return getSubstring(location, "code");
     }
 
     private ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String
code) {
@@ -445,4 +444,14 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
         JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
         return jws.getSignedEncodedJws();
     }
+    
+    private String getSubstring(String parentString, String substringName) {
+        String foundString = 
+            parentString.substring(parentString.indexOf(substringName + "=") + (substringName
+ "=").length());
+        int ampersandIndex = foundString.indexOf('&');
+        if (ampersandIndex < 1) {
+            ampersandIndex = foundString.length();
+        }
+        return foundString.substring(0, ampersandIndex);
+    }
 }


Mime
View raw message