Return-Path: <commits-return-43092-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D9C85200B5C
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 11 Aug 2016 18:52:43 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id D8368160A93; Thu, 11 Aug 2016 16:52:43 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D3075160A90
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 11 Aug 2016 18:52:42 +0200 (CEST)
Received: (qmail 46169 invoked by uid 500); 11 Aug 2016 16:52:42 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 46160 invoked by uid 99); 11 Aug 2016 16:52:42 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Aug 2016 16:52:42 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id E7EAAE0556; Thu, 11 Aug 2016 16:52:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <40334d40158744568fabc258c60e853d@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: [CXF-6692] Adding a test where the provider stores a
 key only
Date: Thu, 11 Aug 2016 16:52:41 +0000 (UTC)
archived-at: Thu, 11 Aug 2016 16:52:44 -0000

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 3dba055a4 -> 46017d9a2


[CXF-6692] Adding a test where the provider stores a key only


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/46017d9a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/46017d9a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/46017d9a

Branch: refs/heads/3.1.x-fixes
Commit: 46017d9a23bb46238c029fb21ca7a7ed4ea9e198
Parents: 3dba055
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Aug 11 17:46:41 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Aug 11 17:52:16 2016 +0100

----------------------------------------------------------------------
 .../oauth2/utils/JwtAccessTokenUtils.java       |  8 +++-
 .../oauth2/filters/OAuth2JwtFiltersTest.java    | 16 ++++++--
 .../oauth2/filters/filters-serverJwt.xml        | 42 +++++++++++++++++++-
 .../oauth2/filters/oauth20-serverJwt.xml        | 36 ++++++++++++++++-
 4 files changed, 93 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/46017d9a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java
index 746403b..c513ba3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java
@@ -92,11 +92,15 @@ public final class JwtAccessTokenUtils {
         if (grantType != null) {
             at.setGrantType(grantType);
         }
-        String grantCode = claims.getStringProperty("grant_code");
+        String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
         if (grantCode != null) {
             at.setGrantCode(grantCode);
         }
-       
+        String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
+        if (codeVerifier != null) {
+            at.setClientCodeVerifier(codeVerifier);
+        }
+        
         Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>)claims.getClaim("extra_propertirs"));
         if (extraProperties != null) {
             at.getExtraProperties().putAll(extraProperties);

http://git-wip-us.apache.org/repos/asf/cxf/blob/46017d9a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
index 02acacc..e2d1722 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
@@ -51,19 +51,27 @@ public class OAuth2JwtFiltersTest extends AbstractBusClientServerTestBase {
     }
     @org.junit.Test
     public void testServiceWithJwtToken() throws Exception {
+        String oauthServiceAddress = "https://localhost:" + OAUTH_PORT + "/services/";
         String rsAddress = "https://localhost:" + PORT + "/secured/bookstore/books";
-        doTestServiceWithJwtTokenAndScope(rsAddress);
+        doTestServiceWithJwtTokenAndScope(oauthServiceAddress, rsAddress);
+    }
+    @org.junit.Test
+    public void testServiceWithJwtTokenStoredAsJoseKey() throws Exception {
+        String oauthServiceAddress = "https://localhost:" + OAUTH_PORT + "/services2/";
+        String rsAddress = "https://localhost:" + PORT + "/secured2/bookstore/books";
+        doTestServiceWithJwtTokenAndScope(oauthServiceAddress, rsAddress);
     }
     @org.junit.Test
     public void testServiceWithJwtTokenAndLocalValidation() throws Exception {
+        String oauthServiceAddress = "https://localhost:" + OAUTH_PORT + "/services/";
         String rsAddress = "https://localhost:" + PORT + "/securedLocalValidation/bookstore/books";
-        doTestServiceWithJwtTokenAndScope(rsAddress);
+        doTestServiceWithJwtTokenAndScope(oauthServiceAddress, rsAddress);
     }
-    private void doTestServiceWithJwtTokenAndScope(String rsAddress) throws Exception {
+    private void doTestServiceWithJwtTokenAndScope(String oauthService, String rsAddress) throws Exception {
         URL busFile = OAuth2JwtFiltersTest.class.getResource("client.xml");
         
         // Get Authorization Code
-        String oauthService = "https://localhost:" + OAUTH_PORT + "/services/";
+        
 
         WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), 
                                                  "alice", "security", busFile.toString());

http://git-wip-us.apache.org/repos/asf/cxf/blob/46017d9a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt.xml
index c9dd49b..dc0e2aa 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt.xml
@@ -85,6 +85,25 @@ under the License.
       
    <bean id="tvServiceClient" factory-bean="tvServiceClientFactory" factory-method="createWebClient"/>
  
+   <bean id="tvServiceClientFactory2" class="org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean">
+         <property name="address" value="https://localhost:${testutil.ports.jaxrs-oauth2-serviceJwt}/services2/validate"/>
+         <property name="headers">
+            <map>
+               <entry key="Accept" value="application/json"/>
+               <entry key="Content-Type" value="application/x-www-form-urlencoded"/>
+            </map>
+         </property>
+         <property name="providers">
+             <list>
+                 <ref bean="jackson"/>
+             </list>
+         </property>
+         <property name="username" value="service"/>
+         <property name="password" value="service-pass"/>
+   </bean>
+      
+   <bean id="tvServiceClient2" factory-bean="tvServiceClientFactory2" factory-method="createWebClient"/>
+ 
    <bean id="remoteTokenValidator" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient">
        <property name="tokenValidatorClient" ref="tvServiceClient"/>
    </bean>
@@ -93,6 +112,14 @@ under the License.
        <property name="tokenValidator" ref="remoteTokenValidator"/>
    </bean>
    
+   <bean id="remoteTokenValidator2" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient">
+       <property name="tokenValidatorClient" ref="tvServiceClient2"/>
+   </bean>
+     
+   <bean id="oAuthFilterRemoteValidation2" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+       <property name="tokenValidator" ref="remoteTokenValidator2"/>
+   </bean>
+   
    <jaxrs:server 
        depends-on="tls-config" 
        address="https://localhost:${testutil.ports.jaxrs-oauth2-filtersJwt}/secured">
@@ -104,10 +131,21 @@ under the License.
        </jaxrs:providers>
    </jaxrs:server>
    
-   <bean id="localTokenValidator" class="org.apache.cxf.rs.security.oauth2.filters.JwtAccessTokenValidator"/>
+   <jaxrs:server 
+       depends-on="tls-config" 
+       address="https://localhost:${testutil.ports.jaxrs-oauth2-filtersJwt}/secured2">
+       <jaxrs:serviceBeans>
+           <ref bean="serviceBean"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="oAuthFilterRemoteValidation2"/>
+       </jaxrs:providers>
+   </jaxrs:server>
+   
+   <bean id="jwtTokenValidator" class="org.apache.cxf.rs.security.oauth2.filters.JwtAccessTokenValidator"/>
      
    <bean id="oAuthFilterLocalValidation" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
-       <property name="tokenValidator" ref="localTokenValidator"/>
+       <property name="tokenValidator" ref="jwtTokenValidator"/>
    </bean>
    
    <jaxrs:server 

http://git-wip-us.apache.org/repos/asf/cxf/blob/46017d9a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt.xml
index 8e57631..c51da6f 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt.xml
@@ -79,12 +79,30 @@ under the License.
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    
+   <bean id="oauthProvider2" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl">
+       <constructor-arg><value>${testutil.ports.jaxrs-oauth2-filtersJwt}</value></constructor-arg>
+       <property name="useJwtFormatForAccessTokens" value="true"/>
+       <property name="storeJwtTokenKeyOnly" value="true"/>
+   </bean>
+   
+   <bean id="authorizationService2" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+      <property name="dataProvider" ref="oauthProvider2"/>
+   </bean>
+   
+   <bean id="tokenService2" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+      <property name="dataProvider" ref="oauthProvider2"/>
+   </bean>
+   
+   <bean id="tokenValidateService2" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
+       <property name="dataProvider" ref="oauthProvider2"/>
+   </bean>
+   
    <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
    <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
        <property name="callbackHandler" ref="callbackHandler"/>
    </bean>
    
-   <jaxrs:server 
+   <jaxrs:server id="oauthServer1"
        depends-on="tls-config" 
        address="https://localhost:${testutil.ports.jaxrs-oauth2-serviceJwt}/services">
        <jaxrs:serviceBeans>
@@ -100,6 +118,22 @@ under the License.
             <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
        </jaxrs:properties>
    </jaxrs:server>
+   <jaxrs:server id="oauthServer2"
+       depends-on="tls-config" 
+       address="https://localhost:${testutil.ports.jaxrs-oauth2-serviceJwt}/services2">
+       <jaxrs:serviceBeans>
+           <ref bean="authorizationService2"/>
+           <ref bean="tokenService2"/>
+           <ref bean="tokenValidateService2"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="basicAuthFilter"/>
+       </jaxrs:providers>
+       <jaxrs:properties>
+            <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+            <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+       </jaxrs:properties>
+   </jaxrs:server>
    <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.PrivateKeyPasswordProviderImpl"/>
 
 </beans>