Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2CCE418154 for ; Tue, 26 Jan 2016 17:00:51 +0000 (UTC) Received: (qmail 57250 invoked by uid 500); 26 Jan 2016 17:00:51 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 57116 invoked by uid 500); 26 Jan 2016 17:00:51 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 57097 invoked by uid 99); 26 Jan 2016 17:00:50 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jan 2016 17:00:50 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B727EE020E; Tue, 26 Jan 2016 17:00:50 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Tue, 26 Jan 2016 17:00:50 -0000 Message-Id: <45552e6e81d146cab5e2c81bfa11efdb@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] cxf git commit: Adding some audience system tests Repository: cxf Updated Branches: refs/heads/master fdfb80cfe -> 8571a5a79 Adding some audience system tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0822e7f1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0822e7f1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0822e7f1 Branch: refs/heads/master Commit: 0822e7f16ad39c039df587e3cf36aee28636ed10 Parents: fdfb80c Author: Colm O hEigeartaigh Authored: Tue Jan 26 16:58:18 2016 +0000 Committer: Colm O hEigeartaigh Committed: Tue Jan 26 16:58:18 2016 +0000 ---------------------------------------------------------------------- .../oauth2/common/CallbackHandlerImpl.java | 3 +- .../security/oauth2/common/OAuth2TestUtils.java | 18 ++++- .../oauth2/common/OAuthDataProviderImpl.java | 27 ++++++- .../oauth2/filters/OAuth2FiltersTest.java | 80 ++++++++++++++++++++ .../grants/AuthorizationGrantNegativeTest.java | 35 +++++++++ .../oauth2/grants/AuthorizationGrantTest.java | 33 +++++++- .../security/oauth2/filters/oauth20-server.xml | 4 +- .../oauth2/grants/grants-negative-server.xml | 4 +- .../security/oauth2/grants/grants-server.xml | 4 +- .../jaxrs/security/oauth2/grants/server.xml | 4 +- 10 files changed, 203 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java index 159740c..c8ce14d 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java @@ -39,7 +39,8 @@ public class CallbackHandlerImpl implements CallbackHandler { } else if ("bob".equals(pc.getIdentifier())) { pc.setPassword("security"); break; - } else if ("consumer-id".equals(pc.getIdentifier())) { + } else if (pc.getIdentifier() != null + && pc.getIdentifier().startsWith("consumer-id")) { pc.setPassword("this-is-a-secret"); break; } else if ("service".equals(pc.getIdentifier())) { http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index 8982ee0..ff8862f 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -59,9 +59,13 @@ public final class OAuth2TestUtils { } public static String getAuthorizationCode(WebClient client, String scope) { + return getAuthorizationCode(client, scope, "consumer-id"); + } + + public static String getAuthorizationCode(WebClient client, String scope, String consumerId) { // Make initial authorization request client.type("application/json").accept("application/json"); - client.query("client_id", "consumer-id"); + client.query("client_id", consumerId); client.query("redirect_uri", "http://www.blah.apache.org"); client.query("response_type", "code"); if (scope != null) { @@ -91,13 +95,23 @@ public final class OAuth2TestUtils { } public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) { + return getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null); + } + + public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, + String code, + String consumerId, + String audience) { client.type("application/x-www-form-urlencoded").accept("application/json"); client.path("token"); Form form = new Form(); form.param("grant_type", "authorization_code"); form.param("code", code); - form.param("client_id", "consumer-id"); + form.param("client_id", consumerId); + if (audience != null) { + form.param("audience", audience); + } Response response = client.post(form); return response.readEntity(ClientAccessToken.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java index ae1b9db..28a3e70 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java @@ -37,7 +37,7 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; */ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { - public OAuthDataProviderImpl() throws Exception { + public OAuthDataProviderImpl(String servicePort) throws Exception { // filters/grants test client Client client = new Client("consumer-id", "this-is-a-secret", true); client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); @@ -59,6 +59,31 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { this.setClient(client); + // Audience test client + client = new Client("consumer-id-aud", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/secured/bookstore/books"); + client.getRegisteredAudiences().add("https://127.0.0.1/test"); + + this.setClient(client); + + // Audience test client 2 + client = new Client("consumer-id-aud2", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/securedxyz/bookstore/books"); + + this.setClient(client); + // JAXRSOAuth2Test clients client = new Client("alice", "alice", true); client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT); http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java index f79ba49..bae918e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java @@ -286,5 +286,85 @@ public class OAuth2FiltersTest extends AbstractBusClientServerTestBase { assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); } + + @org.junit.Test + public void testServiceWithTokenUsingAudience() throws Exception { + URL busFile = OAuth2FiltersTest.class.getResource("client.xml"); + + // Get Authorization Code + String oauthService = "https://localhost:" + OAUTH_PORT + "/services/"; + + WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String address = "https://localhost:" + PORT + "/secured/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code, + "consumer-id-aud", address); + assertNotNull(accessToken.getTokenKey()); + + // Now invoke on the service with the access token + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + busFile.toString()); + client.header("Authorization", "Bearer " + accessToken.getTokenKey()); + + Response response = client.post(new Book("book", 123L)); + assertEquals(response.getStatus(), 200); + + Book returnedBook = response.readEntity(Book.class); + assertEquals(returnedBook.getName(), "book"); + assertEquals(returnedBook.getId(), 123L); + } + + @org.junit.Test + public void testServiceWithTokenUsingIncorrectAudience() throws Exception { + URL busFile = OAuth2FiltersTest.class.getResource("client.xml"); + + // Get Authorization Code + String oauthService = "https://localhost:" + OAUTH_PORT + "/services/"; + + WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, null, "consumer-id-aud2"); + assertNotNull(code); + + // Now get the access token + oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "consumer-id-aud2", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String address = "https://localhost:" + PORT + "/securedxyz/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code, + "consumer-id-aud2", address); + assertNotNull(accessToken.getTokenKey()); + + // Now invoke on the service with the access token + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + busFile.toString()); + client.header("Authorization", "Bearer " + accessToken.getTokenKey()); + + Response response = client.post(new Book("book", 123L)); + assertNotEquals(response.getStatus(), 200); + } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java index 59a66bd..3e7df28 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java @@ -40,6 +40,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.TestUtil; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.SAMLUtil; import org.apache.wss4j.common.saml.SamlAssertionWrapper; @@ -51,6 +52,7 @@ import org.junit.BeforeClass; */ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerOAuth2GrantsNegative.PORT; + public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative"); @BeforeClass public static void startServers() throws Exception { @@ -463,6 +465,39 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB } } + @org.junit.Test + public void testAuthorizationCodeGrantWithUnknownAudience() throws Exception { + URL busFile = AuthorizationGrantTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Unknown audience (missing port number) + String audience = "https://localhost:/secured/bookstore/books"; + try { + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, + "consumer-id-aud", audience); + fail("Failure expected on an unknown audience"); + } catch (Exception ex) { + // expected + } + } + // // SAML Authorization grants // http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java index 3fe9a76..acdc61b 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.TestUtil; import org.junit.BeforeClass; /** @@ -37,6 +38,7 @@ import org.junit.BeforeClass; */ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerOAuth2Grants.PORT; + public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2"); @BeforeClass public static void startServers() throws Exception { @@ -180,6 +182,35 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code); assertNotNull(accessToken.getTokenKey()); } + + @org.junit.Test + public void testAuthorizationCodeGrantWithAudience() throws Exception { + URL busFile = AuthorizationGrantTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String audience = "https://localhost:" + PORT2 + "/secured/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, + "consumer-id-aud", audience); + assertNotNull(accessToken.getTokenKey()); + } @org.junit.Test public void testImplicitGrant() throws Exception { @@ -317,5 +348,5 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { assertNotNull(accessToken.getTokenKey()); assertNotNull(accessToken.getRefreshToken()); } - + } http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml index ce7a8d9..2697208 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml @@ -62,7 +62,9 @@ under the License. - + + ${testutil.ports.jaxrs-oauth2-filters} + http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml index 75aa22f..15eb598 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml @@ -62,7 +62,9 @@ under the License. - + + ${testutil.ports.jaxrs-oauth2-grants2-negative} + http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml index ccfa370..676942d 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml @@ -62,7 +62,9 @@ under the License. - + + ${testutil.ports.jaxrs-oauth2-grants2} + http://git-wip-us.apache.org/repos/asf/cxf/blob/0822e7f1/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml index 2b3d821..d22ee61 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml @@ -58,7 +58,9 @@ under the License. - + + 12345 +