cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf-fediz git commit: [FEDIZ-203] Adding Jan's test too
Date Wed, 12 Jul 2017 14:43:26 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master cc76fc310 -> b1787bfbc


[FEDIZ-203] Adding Jan's test too


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b1787bfb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b1787bfb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b1787bfb

Branch: refs/heads/master
Commit: b1787bfbcde3cd806f10d7c12488e3c29ce19c21
Parents: 71591cf
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jul 12 15:40:13 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jul 12 15:43:09 2017 +0100

----------------------------------------------------------------------
 .../main/webapp/WEB-INF/applicationContext.xml  |  8 +++-
 .../src/main/webapp/WEB-INF/data-manager.xml    |  1 +
 .../cxf/fediz/systests/oidc/OIDCTest.java       | 40 +++++++++++++++++++-
 .../test/resources/oidc/applicationContext.xml  |  8 +++-
 .../src/test/resources/oidc/data-manager.xml    |  1 +
 5 files changed, 53 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b1787bfb/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 6b308d3..b1eb250 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -41,10 +41,14 @@
     <import resource="data-manager.xml" />
     
     <!-- Supports OIDC Authorization Code flow -->
+    <util:list id="scopesRequiringNoConsent">
+        <value>openid</value>
+        <value>roles</value>
+    </util:list>
     <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
          <property name="dataProvider" ref="oauthProvider"/>
          <property name="subjectCreator" ref="subjectCreator"/>
-         <property name="skipAuthorizationWithOidcScope" value="true"/>
+         <property name="scopesRequiringNoConsent" ref="scopesRequiringNoConsent"/>
          <!--
          <property name="useAllClientScopes" value="true"/>
          -->
@@ -54,7 +58,7 @@
     <bean id="oidcHybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
          <property name="dataProvider" ref="oauthProvider"/>
          <property name="subjectCreator" ref="subjectCreator"/>
-         <property name="skipAuthorizationWithOidcScope" value="true"/>
+         <property name="scopesRequiringNoConsent" ref="scopesRequiringNoConsent"/>
          <property name="responseFilter" ref="idTokenFilter"/>
          <property name="codeService" ref="oidcAuthorizationService"/>
     </bean>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b1787bfb/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index dc9bd0e..57feaf0 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -34,6 +34,7 @@
         <entry key="openid" value="Access the authentication claims" />
         <entry key="email" value="Access the email address" />
         <entry key="profile" value="Access the profile claims" />
+        <entry key="roles" value="Access the user roles" />
         <entry key="refreshToken" value="Refresh access tokens" />
     </util:map>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b1787bfb/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index 56014d9..b9f9291 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -936,7 +936,45 @@ public class OIDCTest {
         webClient.close();
     }
 
+    @org.junit.Test
+    public void testOIDCLoginForClient1WithRolesScope() throws Exception {
+
+        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        url += "client_id=" + storedClientId;
+        url += "&response_type=code";
+        url += "&scope=openid%20roles";
+        String user = "alice";
+        String password = "ecila";
+
+        // Login to the OIDC token endpoint + get the authorization code
+        WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
+        String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
+        Assert.assertNotNull(authorizationCode);
+
+        // Now use the code to get an IdToken
+
+        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
+
+        request.setRequestParameters(new ArrayList<NameValuePair>());
+        request.getRequestParameters().add(new NameValuePair("client_id", storedClientId));
+        request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
+        request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final UnexpectedPage responsePage = webClient.getPage(request);
+        String response = responsePage.getWebResponse().getContentAsString();
+
+        // Check the IdToken
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClientId, "User");
+
+        webClient.close();
+    }
 
+    
+    
     private static WebClient setupWebClient(String user, String password, String idpPort)
{
         final WebClient webClient = new WebClient();
         webClient.getOptions().setUseInsecureSSL(true);
@@ -1041,7 +1079,7 @@ public class OIDCTest {
 
         // Check role
         if (role != null) {
-            List<?> roles = (List<?>)jwt.getClaim("roles");
+            List<String> roles = jwt.getClaims().getListStringProperty("roles");
             Assert.assertNotNull(roles);
             Assert.assertFalse(roles.isEmpty());
             Assert.assertEquals(role, roles.get(0));

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b1787bfb/systests/oidc/src/test/resources/oidc/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/oidc/applicationContext.xml b/systests/oidc/src/test/resources/oidc/applicationContext.xml
index b764704..234b493 100644
--- a/systests/oidc/src/test/resources/oidc/applicationContext.xml
+++ b/systests/oidc/src/test/resources/oidc/applicationContext.xml
@@ -47,10 +47,14 @@
     <import resource="data-manager.xml" />
     
     <!-- Supports OIDC Authorization Code flow -->
+    <util:list id="scopesRequiringNoConsent">
+        <value>openid</value>
+        <value>roles</value>
+    </util:list>
     <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
          <property name="dataProvider" ref="oauthProvider"/>
          <property name="subjectCreator" ref="subjectCreator"/>
-         <property name="skipAuthorizationWithOidcScope" value="true"/>
+         <property name="scopesRequiringNoConsent" ref="scopesRequiringNoConsent"/>
          <!--
          <property name="useAllClientScopes" value="true"/>
          -->
@@ -60,7 +64,7 @@
     <bean id="oidcHybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
          <property name="dataProvider" ref="oauthProvider"/>
          <property name="subjectCreator" ref="subjectCreator"/>
-         <property name="skipAuthorizationWithOidcScope" value="true"/>
+         <property name="scopesRequiringNoConsent" ref="scopesRequiringNoConsent"/>
          <property name="responseFilter" ref="idTokenFilter"/>
          <property name="codeService" ref="oidcAuthorizationService"/>
     </bean>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b1787bfb/systests/oidc/src/test/resources/oidc/data-manager.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/oidc/data-manager.xml b/systests/oidc/src/test/resources/oidc/data-manager.xml
index 7c2b7dc..e704818 100644
--- a/systests/oidc/src/test/resources/oidc/data-manager.xml
+++ b/systests/oidc/src/test/resources/oidc/data-manager.xml
@@ -32,6 +32,7 @@
     <!-- List of accepted scopes -->
     <util:map id="supportedScopes">
         <entry key="openid" value="Access the authentication claims" />
+        <entry key="roles" value="Access the user roles" />
         <entry key="refreshToken" value="Refresh access tokens" />
     </util:map>
 


Mime
View raw message