cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [5/5] cxf git commit: Adding JWT Grant + Authn tests
Date Tue, 08 Dec 2015 15:24:31 GMT
Adding JWT Grant + Authn tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/03f3fecb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/03f3fecb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/03f3fecb

Branch: refs/heads/master
Commit: 03f3fecbbe8c36811bddce991b98a59fd7fa80b7
Parents: 4a4fe37
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 8 15:21:52 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 8 15:22:09 2015 +0000

----------------------------------------------------------------------
 .../jaxrs/security/oauth2/JAXRSOAuth2Test.java  | 89 ++++++++++++++++++++
 .../security/oauth2/OAuthDataProviderImpl.java  |  1 +
 .../systest/jaxrs/security/oauth2/server.xml    | 29 +++++++
 3 files changed, 119 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
index 7901fc6..d20d3ff 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java
@@ -20,8 +20,12 @@
 package org.apache.cxf.systest.jaxrs.security.oauth2;
 
 import java.net.URL;
+import java.util.Calendar;
+import java.util.Collections;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Properties;
 
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
@@ -37,11 +41,18 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor;
 import org.apache.cxf.rs.security.oauth2.client.Consumer;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant;
 import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
 import org.apache.cxf.rs.security.oauth2.saml.Constants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -136,6 +147,41 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase
{
         assertNotNull(at.getTokenKey());
     }
     
+    @Test
+    public void testJWTBearerGrant() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, true, true);
+        
+        JwtBearerGrant grant = new JwtBearerGrant(token);
+        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, 
+                                        new Consumer("alice", "alice"), 
+                                        grant,
+                                        false);
+        assertNotNull(at.getTokenKey());
+    }
+    
+    @Test
+    public void testJWTBearerAuthenticationDirect() throws Exception {
+        String address = "https://localhost:" + PORT + "/oauth2-auth-jwt/token";
+        WebClient wc = createWebClient(address);
+        
+        // Create the JWT Token
+        String token = createToken("resourceOwner", "alice", address, true, true);
+        
+        Map<String, String> extraParams = new HashMap<String, String>();
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE,
+                        "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
+        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token);
+        
+        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, 
+                                                               new CustomGrant(),
+                                                               extraParams);
+        assertNotNull(at.getTokenKey());
+    }
+    
     private WebClient createWebClient(String address) {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         bean.setAddress(address);
@@ -180,6 +226,49 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase
{
         return wc;
     }
     
+    private String createToken(String issuer, String subject, String audience, 
+                               boolean expiry, boolean sign) {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject(subject);
+        if (issuer != null) {
+            claims.setIssuer(issuer);
+        }
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        if (expiry) {
+            Calendar cal = Calendar.getInstance();
+            cal.add(Calendar.SECOND, 60);
+            claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        }
+        if (audience != null) {
+            claims.setAudiences(Collections.singletonList(audience));
+        }
+        
+        if (sign) {
+            // Sign the JWT Token
+            Properties signingProperties = new Properties();
+            signingProperties.put("rs.security.keystore.type", "jks");
+            signingProperties.put("rs.security.keystore.password", "password");
+            signingProperties.put("rs.security.keystore.alias", "alice");
+            signingProperties.put("rs.security.keystore.file", 
+                                  "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+            signingProperties.put("rs.security.key.password", "password");
+            signingProperties.put("rs.security.signature.algorithm", "RS256");
+            
+            JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+            
+            JwsSignatureProvider sigProvider = 
+                JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
+            
+            return jws.signWith(sigProvider);
+        }
+        
+        JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+        return jws.getSignedEncodedJws();
+    }
+    
     private static class CustomGrant implements AccessTokenGrant {
 
         private static final long serialVersionUID = -4007538779198315873L;

http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
index ce89320..b1472e5 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
@@ -45,6 +45,7 @@ public class OAuthDataProviderImpl implements OAuthDataProvider {
     public OAuthDataProviderImpl() throws Exception {
         Client client = new Client("alice", "alice", true);
         client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+        client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer");
         client.getAllowedGrantTypes().add("custom_grant");
         clients.put(client.getClientId(), client);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/03f3fecb/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
index 260f4ba..75fb048 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
@@ -62,7 +62,13 @@ under the License.
     <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
         <property name="dataProvider" ref="dataProvider"/>
     </bean>
+    <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+        <property name="dataProvider" ref="dataProvider"/>
+    </bean>
+   
     <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+    <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+    
     <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler">
         <property name="dataProvider" ref="dataProvider"/>
     </bean>
@@ -72,6 +78,7 @@ under the License.
         <property name="grantHandlers">
             <list>
                 <ref bean="samlGrantHandler"/>
+                <ref bean="jwtGrantHandler"/>
                 <ref bean="customGrantHandler"/>
             </list>
         </property>
@@ -82,6 +89,12 @@ under the License.
         </jaxrs:serviceBeans>
         <jaxrs:properties>
             <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+            <entry key="rs.security.keystore.type" value="jks" />
+            <entry key="rs.security.keystore.alias" value="alice"/>
+            <entry key="rs.security.keystore.password" value="password"/>
+            <entry key="rs.security.keystore.file" 
+                   value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+            <entry key="rs.security.signature.algorithm" value="RS256" />
         </jaxrs:properties>
     </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
@@ -95,4 +108,20 @@ under the License.
             <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth-jwt">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jwtAuthHandler"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.keystore.type" value="jks" />
+            <entry key="rs.security.keystore.alias" value="alice"/>
+            <entry key="rs.security.keystore.password" value="password"/>
+            <entry key="rs.security.keystore.file" 
+                   value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+            <entry key="rs.security.signature.algorithm" value="RS256" />
+        </jaxrs:properties>
+    </jaxrs:server>
 </beans>


Mime
View raw message