cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Starting with testing the client cert access token binding
Date Tue, 25 Apr 2017 15:40:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9cc3f37d1 -> aeba7ad5a


Starting with testing the client cert access token binding


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aeba7ad5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aeba7ad5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aeba7ad5

Branch: refs/heads/master
Commit: aeba7ad5a291db366abd65dc34c92ee8a21ee9be
Parents: 9cc3f37
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Apr 25 16:40:40 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Apr 25 16:40:40 2017 +0100

----------------------------------------------------------------------
 .../security/oauth2/tls/JAXRSOAuth2TlsTest.java | 28 ++++++++--
 .../oauth2/tls/OAuthDataProviderImpl.java       |  1 +
 .../jaxrs/security/oauth2/tls/serverTls.xml     | 56 ++++++++++++++++++--
 3 files changed, 77 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
index ad9f4bb..3824259 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java
@@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 
 import org.junit.BeforeClass;
@@ -53,16 +54,21 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase
{
     @Test
     public void testTwoWayTLSClientIdIsSubjectDn() throws Exception {
         String address = "https://localhost:" + PORT + "/oauth2/token";
-        WebClient wc = createWebClient(address);
+        WebClient wc = createOAuth2WebClient(address);
 
         ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant());
         assertNotNull(at.getTokenKey());
+        
+        String rsAddress = "https://localhost:" + PORT + "/rs/bookstore/books/123";
+        WebClient wcRs = createRsWebClient(rsAddress, at);
+        Book book = wcRs.get(Book.class);
+        assertEquals(123L, book.getId());
     }
     
     @Test
     public void testTwoWayTLSClientIdBound() throws Exception {
         String address = "https://localhost:" + PORT + "/oauth2/token";
-        WebClient wc = createWebClient(address);
+        WebClient wc = createOAuth2WebClient(address);
 
         ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                         new Consumer("bound"),
@@ -73,7 +79,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase
{
     @Test
     public void testTwoWayTLSClientUnbound() throws Exception {
         String address = "https://localhost:" + PORT + "/oauth2/token";
-        WebClient wc = createWebClient(address);
+        WebClient wc = createOAuth2WebClient(address);
         try {
             OAuthClientUtils.getAccessToken(wc,
                                             new Consumer("unbound"),
@@ -86,7 +92,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase
{
     }
     
 
-    private WebClient createWebClient(String address) {
+    private WebClient createOAuth2WebClient(String address) {
         JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
         bean.setAddress(address);
 
@@ -99,6 +105,20 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase
{
         wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
         return wc;
     }
+    private WebClient createRsWebClient(String address, ClientAccessToken at) {
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSOAuth2TlsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        WebClient wc = bean.createWebClient();
+        wc.accept(MediaType.APPLICATION_XML);
+        wc.authorization(at);
+        return wc;
+    }
 
 
     private static class CustomGrant implements AccessTokenGrant {

http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
index 47f1d71..55ff852 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java
@@ -42,6 +42,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider
{
                                     null);
         client1.getAllowedGrantTypes().add("custom_grant");
         registerCert(client1);
+        this.setClient(client1);
         
         Client client2 = new Client("bound",
                                    null,

http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
index 1901ba5..219bf45 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml
@@ -24,8 +24,10 @@ under the License.
     xmlns:sec="http://cxf.apache.org/configuration/security" 
     xmlns:cxf="http://cxf.apache.org/core" 
     xmlns:jaxrs="http://cxf.apache.org/jaxrs" 
+    xmlns:jaxrs-client="http://cxf.apache.org/jaxrs-client"
     xmlns:util="http://www.springframework.org/schema/util"
     xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+             http://cxf.apache.org/jaxrs-client http://cxf.apache.org/schemas/jaxrs-client.xsd
              http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
              http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
              http://www.springframework.org/schema/util  http://www.springframework.org/schema/util/spring-util-4.2.xsd
@@ -45,7 +47,7 @@ under the License.
 	<util:list id="busProviders"> 
 		<ref bean="oauthJson"/> 
 	</util:list> 
-    <httpj:engine-factory id="port-9095-tls-config">
+    <httpj:engine-factory id="client-server-tls-config">
         <httpj:engine port="${testutil.ports.jaxrs-oauth2-tls}">
             <httpj:tlsServerParameters>
                 <sec:keyManagers keyPassword="password">
@@ -61,9 +63,12 @@ under the License.
     <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler">
         <property name="dataProvider" ref="dataProvider"/>
     </bean>
+    
     <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
     <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.tls.OAuthDataProviderImpl"/>
-    <bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+    <bean id="rsService" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
+    
+    <bean id="accessTokenService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
         <property name="dataProvider" ref="dataProvider"/>
         <property name="grantHandlers">
             <list>
@@ -72,10 +77,53 @@ under the License.
         </property>
     </bean>
     
-    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2">
+    <bean id="tokenValidatorService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
+       <property name="dataProvider" ref="dataProvider"/>
+       <property name="blockUnauthorizedRequests" value="false"/>
+    </bean>
+    
+    <jaxrs:server id="tokenServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2">
+        <jaxrs:serviceBeans>
+            <ref bean="accessTokenService1"/>
+            <ref bean="tokenValidatorService1"/>
+        </jaxrs:serviceBeans>
+    </jaxrs:server>
+    
+    <jaxrs-client:client id="tokenValidatorClient1" 
+        address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2/validate" 
+        serviceClass="org.apache.cxf.jaxrs.client.WebClient">
+        <jaxrs-client:headers>
+            <entry key="Accept" value="application/xml"/>
+            <entry key="Content-Type" value="application/x-www-form-urlencoded"/>
+         </jaxrs-client:headers>
+    </jaxrs-client:client>
+    
+   <bean id="tokenValidator1" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient">
+       <property name="tokenValidatorClient" ref="tokenValidatorClient1"/>
+   </bean>
+    
+    <bean id="oauth2Filter1" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter">
+        <property name="tokenValidator" ref="tokenValidator1"/>
+    </bean>
+    <jaxrs:server id="rsServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rs">
         <jaxrs:serviceBeans>
-            <ref bean="accessTokenService"/>
+            <ref bean="rsService"/>
         </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="oauth2Filter1"/>
+        </jaxrs:providers>
     </jaxrs:server>
     
+    
+    <http:conduit name="https://localhost.*">
+        <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:keyManagers keyPassword="password">
+                <sec:keyStore type="JKS" password="password" resource="keys/Morpit.jks"/>
+            </sec:keyManagers>
+            <sec:trustManagers>
+                <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
 </beans>


Mime
View raw message