cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [5/7] cxf git commit: Adding JWT Grant + Authn tests
Date Tue, 08 Dec 2015 18:06:45 GMT
Adding JWT Grant + Authn tests

# Conflicts:
#	systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/efbb7f47
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/efbb7f47
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/efbb7f47

Branch: refs/heads/3.0.x-fixes
Commit: efbb7f47d0ee6f72db8c23b2781c577a33dea46c
Parents: d34ba6d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 8 15:21:52 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 8 15:38:11 2015 +0000

----------------------------------------------------------------------
 .../jaxrs/security/oauth2/JAXRSOAuth2Test.java  | 89 ++++++++++++++++++++
 .../security/oauth2/OAuthDataProviderImpl.java  |  1 +
 .../systest/jaxrs/security/oauth2/server.xml    | 33 ++++++++
 3 files changed, 123 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
index 04faa05..6558d87 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
@@ -20,8 +20,12 @@
 package org.apache.cxf.systest.jaxrs.security.oauth2;
 
 import java.net.URL;
+import java.util.Calendar;
+import java.util.Collections;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Properties;
 
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
@@ -33,10 +37,17 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant;
 import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
 import org.apache.cxf.rs.security.oauth2.saml.Constants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -140,6 +151,41 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase
{
         assertNotNull(at.getTokenKey());
     }
     
+    @Test
+    public void testJWTBearerGrant() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, true, true);
+        
+        JwtBearerGrant grant = new JwtBearerGrant(token);
+        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, 
+                                        new Consumer("alice", "alice"), 
+                                        grant,
+                                        false);
+        assertNotNull(at.getTokenKey());
+    }
+    
+    @Test
+    public void testJWTBearerAuthenticationDirect() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, true, true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, 
+                                                               new CustomGrant(),
+                                                               extraParams);
+        assertNotNull(at.getTokenKey());
+    }
+    
     private WebClient createWebClient(String address) {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         bean.setAddress(address);
@@ -191,6 +237,49 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase
{
         return wc;
     }
     
+    private String createToken(String issuer, String subject, String audience, 
+                               boolean expiry, boolean sign) {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject(subject);
+        if (issuer != null) {
+            claims.setIssuer(issuer);
+        }
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        if (expiry) {
+            Calendar cal = Calendar.getInstance();
+            cal.add(Calendar.SECOND, 60);
+            claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        }
+        if (audience != null) {
+            claims.setAudiences(Collections.singletonList(audience));
+        }
+        
+        if (sign) {
+            // Sign the JWT Token
+            Properties signingProperties = new Properties();
+            signingProperties.put("rs.security.keystore.type", "jks");
+            signingProperties.put("rs.security.keystore.password", "password");
+            signingProperties.put("rs.security.keystore.alias", "alice");
+            signingProperties.put("rs.security.keystore.file", 
+                                  "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+            signingProperties.put("rs.security.key.password", "password");
+            signingProperties.put("rs.security.signature.algorithm", "RS256");
+            
+            JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+            
+            JwsSignatureProvider sigProvider = 
+                JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
+            
+            return jws.signWith(sigProvider);
+        }
+        
+        JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+        return jws.getSignedEncodedJws();
+    }
+    
     private static class CustomGrant implements AccessTokenGrant {
 
         private static final long serialVersionUID = -4007538779198315873L;

http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
index ce89320..b1472e5 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
@@ -45,6 +45,7 @@ public class OAuthDataProviderImpl implements OAuthDataProvider {
     public OAuthDataProviderImpl() throws Exception {
         Client client = new Client("alice", "alice", true);
         client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+        client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
         client.getAllowedGrantTypes().add("custom_grant");
         clients.put(client.getClientId(), client);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
index f3f6fbe..fa196b9 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
@@ -62,7 +62,13 @@ under the License.
     <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
         <property name="dataProvider" ref="dataProvider"/>
     </bean>
+    <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+        <property name="dataProvider" ref="dataProvider"/>
+    </bean>
+   
     <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+    <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+    
     <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler">
         <property name="dataProvider" ref="dataProvider"/>
     </bean>
@@ -72,6 +78,7 @@ under the License.
         <property name="grantHandlers">
             <list>
                 <ref bean="samlGrantHandler"/>
+                <ref bean="jwtGrantHandler"/>
                 <ref bean="customGrantHandler"/>
             </list>
         </property>
@@ -81,7 +88,17 @@ under the License.
             <ref bean="serviceBean"/>
         </jaxrs:serviceBeans>
         <jaxrs:properties>
+<<<<<<< HEAD
             <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+=======
+            <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+            <entry key="rs.security.keystore.type" value="jks" />
+            <entry key="rs.security.keystore.alias" value="alice"/>
+            <entry key="rs.security.keystore.password" value="password"/>
+            <entry key="rs.security.keystore.file" 
+                   value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+            <entry key="rs.security.signature.algorithm" value="RS256" />
+>>>>>>> dfe90b6... Adding JWT Grant + Authn tests
         </jaxrs:properties>
     </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
@@ -95,4 +112,20 @@ under the License.
             <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth-jwt">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jwtAuthHandler"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.keystore.type" value="jks" />
+            <entry key="rs.security.keystore.alias" value="alice"/>
+            <entry key="rs.security.keystore.password" value="password"/>
+            <entry key="rs.security.keystore.file" 
+                   value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+            <entry key="rs.security.signature.algorithm" value="RS256" />
+        </jaxrs:properties>
+    </jaxrs:server>
 </beans>


Mime
View raw message