Return-Path: <commits-return-43650-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 91F2F200B95
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 27 Sep 2016 12:27:30 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 9093D160AD3; Tue, 27 Sep 2016 10:27:30 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 7B720160AD2
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 27 Sep 2016 12:27:29 +0200 (CEST)
Received: (qmail 26275 invoked by uid 500); 27 Sep 2016 10:27:28 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 26261 invoked by uid 99); 27 Sep 2016 10:27:28 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2016 10:27:28 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 65F03DFD9F; Tue, 27 Sep 2016 10:27:28 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <d0dd74bd3195446faf725a252fcda7ad@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Continuing with the dynamic reg OAuth2 service work
Date: Tue, 27 Sep 2016 10:27:28 +0000 (UTC)
archived-at: Tue, 27 Sep 2016 10:27:30 -0000

Repository: cxf
Updated Branches:
  refs/heads/master eab841d54 -> 8e1b9741f


Continuing with the dynamic reg OAuth2 service work


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8e1b9741
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8e1b9741
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8e1b9741

Branch: refs/heads/master
Commit: 8e1b9741f13acae323ad3508b1f4a7214cbbe83f
Parents: eab841d
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Sep 27 11:27:03 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Sep 27 11:27:03 2016 +0100

----------------------------------------------------------------------
 .../services/ClientRegistrationResponse.java    |   2 +-
 .../services/DynamicRegistrationService.java    |  13 +--
 .../security/oidc/MemoryOAuthDataProvider.java  | 107 +++++++++++++++++++
 .../oidc/OIDCDynamicRegistrationTest.java       |  66 +++++++++++-
 .../jaxrs/security/oidc/oidc-server-dynreg.xml  |  18 +++-
 5 files changed, 196 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8e1b9741/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ClientRegistrationResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ClientRegistrationResponse.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ClientRegistrationResponse.java
index dfe43e1..42f2e9a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ClientRegistrationResponse.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ClientRegistrationResponse.java
@@ -61,7 +61,7 @@ public class ClientRegistrationResponse extends JsonMapObject {
         return getStringProperty(REG_ACCESS_TOKEN);
     }
     public void setRegistrationClientUri(String at) {
-        super.setProperty(REG_ACCESS_TOKEN, at);
+        super.setProperty(REG_CLIENT_URI, at);
     }
     public String getRegistrationClientUri() {
         return getStringProperty(REG_CLIENT_URI);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8e1b9741/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 78b971d..e4c252c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -160,8 +160,8 @@ public class DynamicRegistrationService extends AbstractOAuthService {
         return initialAccessToken;
     }
 
-    public void setRegistrationAccessToken(String registrationAccessToken) {
-        this.initialAccessToken = registrationAccessToken;
+    public void setInitialAccessToken(String initialAccessToken) {
+        this.initialAccessToken = initialAccessToken;
     }
     
     protected Client createNewClient(ClientRegistration request) {
@@ -175,6 +175,9 @@ public class DynamicRegistrationService extends AbstractOAuthService {
         }
         
         List<String> grantTypes = request.getGrantTypes();
+        if (grantTypes == null) {
+            grantTypes = Collections.singletonList("authorization_code");
+        }
         
         // Client Type
         // https://tools.ietf.org/html/rfc7591 has no this property but
@@ -184,7 +187,7 @@ public class DynamicRegistrationService extends AbstractOAuthService {
             appType = DEFAULT_APPLICATION_TYPE;
         }
         boolean isConfidential = DEFAULT_APPLICATION_TYPE.equals(appType) 
-            && grantTypes != null && grantTypes.contains(OAuthConstants.AUTHORIZATION_CODE_GRANT);
+            && grantTypes.contains(OAuthConstants.AUTHORIZATION_CODE_GRANT);
         
         // Client Secret
         String clientSecret = isConfidential
@@ -193,9 +196,7 @@ public class DynamicRegistrationService extends AbstractOAuthService {
 
         Client newClient = new Client(clientId, clientSecret, isConfidential, clientName);
         
-        if (grantTypes != null) {
-            newClient.setAllowedGrantTypes(grantTypes);
-        }    
+        newClient.setAllowedGrantTypes(grantTypes);
         
         // Client Registration Time
         newClient.setRegisteredAt(System.currentTimeMillis() / 1000);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8e1b9741/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/MemoryOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/MemoryOAuthDataProvider.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/MemoryOAuthDataProvider.java
new file mode 100644
index 0000000..01eef5f
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/MemoryOAuthDataProvider.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.oidc;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+public class MemoryOAuthDataProvider extends AbstractOAuthDataProvider {
+
+    private Map<String, Client> clients = new HashMap<String, Client>();
+    @Override
+    public Client getClient(String clientId) throws OAuthServiceException {
+        return clients.get(clientId);
+    }
+
+    @Override
+    public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject subject)
+        throws OAuthServiceException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public List<RefreshToken> getRefreshTokens(Client client, UserSubject subject)
+        throws OAuthServiceException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public void setClient(Client client) {
+        clients.put(client.getClientId(), client);
+    }
+
+    @Override
+    public List<Client> getClients(UserSubject resourceOwner) {
+        return new ArrayList<Client>(clients.values());
+    }
+
+    @Override
+    protected void saveAccessToken(ServerAccessToken serverToken) {
+        // TODO Auto-generated method stub
+        
+    }
+
+    @Override
+    protected void saveRefreshToken(RefreshToken refreshToken) {
+        // TODO Auto-generated method stub
+        
+    }
+
+    @Override
+    protected void doRevokeAccessToken(ServerAccessToken accessToken) {
+        // TODO Auto-generated method stub
+        
+    }
+
+    @Override
+    protected void doRevokeRefreshToken(RefreshToken refreshToken) {
+        // TODO Auto-generated method stub
+        
+    }
+
+    @Override
+    protected RefreshToken getRefreshToken(String refreshTokenKey) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    protected void doRemoveClient(Client c) {
+        clients.remove(c.getClientId());
+        
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8e1b9741/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.java
index 6d9dfa4..74c6f97 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.java
@@ -26,6 +26,9 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.services.ClientRegistration;
+import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 
 import org.junit.BeforeClass;
@@ -45,11 +48,72 @@ public class OIDCDynamicRegistrationTest extends AbstractBusClientServerTestBase
     @org.junit.Test
     public void testGetClientRegNotAvail() throws Exception {
         URL busFile = OIDCDynamicRegistrationTest.class.getResource("client.xml");
-        String address = "https://localhost:" + PORT + "/services/register";
+        String address = "https://localhost:" + PORT + "/services/dynamic/register";
         WebClient wc = WebClient.create(address, Collections.singletonList(new JsonMapObjectProvider()), 
                          busFile.toString());
         Response r = wc.accept("application/json").path("some-client-id").get();
         assertEquals(401, r.getStatus());
     }
+    @org.junit.Test
+    public void testRegisterClient() throws Exception {
+        doRestRegisterClient(null);
+    }
+    @org.junit.Test
+    public void testRegisterClientInitialAccessToken() throws Exception {
+        doRestRegisterClient("123456789");
+    }
+    
+    private void doRestRegisterClient(String initialAccessToken) throws Exception {
+        URL busFile = OIDCDynamicRegistrationTest.class.getResource("client.xml");
+        String address = "https://localhost:" + PORT + "/services";
+        if (initialAccessToken != null) {
+            address = address + "/dynamicWithAt/register";
+        } else {
+            address = address + "/dynamic/register";
+        }
+        WebClient wc = WebClient.create(address, Collections.singletonList(new JsonMapObjectProvider()), 
+                         busFile.toString());
+        
+        wc.accept("application/json").type("application/json");
+        ClientRegistration reg = new ClientRegistration();
+        reg.setApplicationType("web");
+        reg.setScope("openid");
+        reg.setClientName("dynamic_client");
+        reg.setGrantTypes(Collections.singletonList("authorization_code"));
+        reg.setRedirectUris(Collections.singletonList("https://a/b/c"));
+        
+        ClientRegistrationResponse resp = null;
+        Response r = wc.post(reg);
+        if (initialAccessToken == null) {
+            resp = r.readEntity(ClientRegistrationResponse.class);
+        } else {
+            assertEquals(401, wc.get().getStatus());
+            wc.authorization(new ClientAccessToken("Bearer", initialAccessToken));
+            resp = wc.post(reg, ClientRegistrationResponse.class);
+        }
+        assertNotNull(resp.getClientId());
+        assertNotNull(resp.getClientSecret());
+        assertEquals(address + "/" + resp.getClientId(), 
+                     resp.getRegistrationClientUri());
+        String regAccessToken = resp.getRegistrationAccessToken();
+        assertNotNull(regAccessToken);
+        
+        wc.reset();
+        wc.path(resp.getClientId());
+        assertEquals(401, wc.get().getStatus());
+        
+        wc.authorization(new ClientAccessToken("Bearer", regAccessToken));
+        ClientRegistration clientRegResp = wc.get(ClientRegistration.class);
+        assertNotNull(clientRegResp);
+//        assertEquals("web", clientRegResp.getApplicationType());
+//        assertEquals("dynamic_client", clientRegResp.getClientName());
+//        assertEquals("openid", clientRegResp.getScope());
+//        assertEquals(Collections.singletonList("authorization_code"), 
+//                     clientRegResp.getGrantTypes());
+//        assertEquals(Collections.singletonList("https://a/b/c"), 
+//                     clientRegResp.getRedirectUris());
+        
+        assertEquals(200, wc.delete().getStatus());
+    }
         
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8e1b9741/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-dynreg.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-dynreg.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-dynreg.xml
index da03158..55a6cb4 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-dynreg.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-dynreg.xml
@@ -62,17 +62,21 @@ under the License.
         </httpj:engine>
     </httpj:engine-factory>
     
-   <bean id="oauthProvider" class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider">
+   <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.MemoryOAuthDataProvider">
    </bean>
    
    <bean id="dynRegService" class="org.apache.cxf.rs.security.oidc.idp.OidcDynamicRegistrationService">
       <property name="clientProvider" ref="oauthProvider"/>
    </bean>
+   <bean id="dynRegServiceWithAt" class="org.apache.cxf.rs.security.oidc.idp.OidcDynamicRegistrationService">
+      <property name="clientProvider" ref="oauthProvider"/>
+      <property name="initialAccessToken" value="123456789"/>
+   </bean>
    
 
    <jaxrs:server 
        depends-on="tls-config" 
-       address="https://localhost:${testutil.ports.jaxrs-oidc-dynreg}/services">
+       address="https://localhost:${testutil.ports.jaxrs-oidc-dynreg}/services/dynamic">
        <jaxrs:serviceBeans>
            <ref bean="dynRegService"/>
        </jaxrs:serviceBeans>
@@ -80,5 +84,15 @@ under the License.
            <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
        </jaxrs:providers>
    </jaxrs:server>
+   <jaxrs:server 
+       depends-on="tls-config" 
+       address="https://localhost:${testutil.ports.jaxrs-oidc-dynreg}/services/dynamicWithAt">
+       <jaxrs:serviceBeans>
+           <ref bean="dynRegServiceWithAt"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+       </jaxrs:providers>
+   </jaxrs:server>
    
 </beans>