openwebbeans-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1851213 - in /openwebbeans/meecrowave/trunk/meecrowave-oauth2/src: main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
Date Sun, 13 Jan 2019 18:01:12 GMT
Author: rmannibucau
Date: Sun Jan 13 18:01:12 2019
New Revision: 1851213

URL: http://svn.apache.org/viewvc?rev=1851213&view=rev
Log:
MEECROWAVE-174 OAUTH-2 ensure JWT works even for access token endpoint

Modified:
    openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
    openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java

Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java?rev=1851213&r1=1851212&r2=1851213&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
Sun Jan 13 18:01:12 2019
@@ -104,6 +104,7 @@ public class OAuth2Configurer {
     private Consumer<RedirectionBasedGrantService> redirectionBasedGrantServiceConsumer;
     private Consumer<AbstractTokenService> abstractTokenServiceConsumer;
     private OAuth2Options configuration;
+    private Map<String, String> securityProperties;
 
     @PostConstruct // TODO: still some missing configuration for jwt etc to add/wire from
OAuth2Options
     private void preCompute() {
@@ -245,7 +246,7 @@ public class OAuth2Configurer {
                 .orElse(null);
 
         // we prefix them oauth2.cxf. but otherwise it is the plain cxf config
-        final Map<String, String> contextualProperties = ofNullable(builder.getProperties()).map(Properties::stringPropertyNames).orElse(emptySet()).stream()
+        securityProperties = ofNullable(builder.getProperties()).map(Properties::stringPropertyNames).orElse(emptySet()).stream()
                 .filter(s -> s.startsWith("oauth2.cxf.rs.security."))
                 .collect(toMap(s -> s.substring("oauth2.cxf.".length()), s -> builder.getProperties().getProperty(s)));
 
@@ -304,23 +305,27 @@ public class OAuth2Configurer {
             s.setMatchRedirectUriWithApplicationUri(configuration.isMatchRedirectUriWithApplicationUri());
             s.setScopesRequiringNoConsent(noConsentScopes);
             s.setSessionAuthenticityTokenProvider(sessionAuthenticityTokenProvider);
-
-            // TODO: make it even more contextual, client based?
-            final Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
-            contextualProperties.forEach(currentMessage::put);
         };
     }
 
+    private void forwardSecurityProperties() {
+        // TODO: make it even more contextual, client based?
+        final Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
+        securityProperties.forEach(currentMessage::put);
+    }
+
     public void accept(final AbstractTokenService service) {
         abstractTokenServiceConsumer.accept(service);
     }
 
     public void accept(final AccessTokenService service) {
         tokenServiceConsumer.accept(service);
+        forwardSecurityProperties();
     }
 
     public void accept(final RedirectionBasedGrantService service) {
         redirectionBasedGrantServiceConsumer.accept(service);
+        forwardSecurityProperties();
     }
 
     public OAuth2Options getConfiguration() {

Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java?rev=1851213&r1=1851212&r2=1851213&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
Sun Jan 13 18:01:12 2019
@@ -18,44 +18,50 @@
  */
 package org.apache.meecrowave.oauth2;
 
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.meecrowave.Meecrowave;
-import org.apache.meecrowave.junit.MeecrowaveRule;
-import org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Test;
+import static java.util.Collections.singletonList;
+import static javax.ws.rs.client.Entity.entity;
+import static javax.ws.rs.core.MediaType.APPLICATION_FORM_URLENCODED_TYPE;
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE;
+import static javax.xml.bind.DatatypeConverter.printBase64Binary;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.File;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.function.BiFunction;
 
 import javax.cache.Cache;
 import javax.cache.CacheManager;
 import javax.cache.Caching;
 import javax.cache.configuration.MutableConfiguration;
 import javax.cache.spi.CachingProvider;
+import javax.json.JsonObject;
+import javax.json.JsonString;
+import javax.json.bind.Jsonb;
+import javax.json.bind.JsonbBuilder;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.Response;
-import java.io.File;
-import java.net.URISyntaxException;
-import java.nio.charset.StandardCharsets;
 
-import static java.util.Collections.singletonList;
-import static javax.ws.rs.client.Entity.entity;
-import static javax.ws.rs.core.MediaType.APPLICATION_FORM_URLENCODED_TYPE;
-import static javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE;
-import static javax.xml.bind.DatatypeConverter.printBase64Binary;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.meecrowave.Meecrowave;
+import org.apache.meecrowave.junit.MeecrowaveRule;
+import org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
 
 public class OAuth2Test {
     private static final File KEYSTORE = new File("target/OAuth2Test/keystore.jceks");
@@ -64,6 +70,8 @@ public class OAuth2Test {
     public static final MeecrowaveRule MEECROWAVE = new MeecrowaveRule(
             new Meecrowave.Builder().randomHttpPort()
                     .user("test", "pwd").role("test", "admin")
+                    // jwt requires more config
+                    .property("oauth2-use-jwt-format-for-access-token", "true")
                     // auth code support is optional so activate it
                     .property("oauth2-authorization-code-support", "true")
                     // auth code jose setup to store the tokens
@@ -100,6 +108,7 @@ public class OAuth2Test {
             assertNotNull(token);
             assertEquals("Bearer", token.getTokenType());
             assertNotNull(token.getTokenKey());
+            assertIsJwt(token.getTokenKey(), "__default");
             assertEquals(3600, token.getExpiresIn());
             assertNotEquals(0, token.getIssuedAt());
             assertNotNull(token.getRefreshToken());
@@ -132,7 +141,7 @@ public class OAuth2Test {
                                     .param("refresh_token", primary.getRefreshToken()), APPLICATION_FORM_URLENCODED_TYPE),
ClientAccessToken.class);
             assertNotNull(token);
             assertEquals("Bearer", token.getTokenType());
-            assertNotNull(token.getTokenKey());
+            assertIsJwt(token.getTokenKey(), "__default");
             assertEquals(3600, token.getExpiresIn());
             assertNotEquals(0, token.getIssuedAt());
             assertNotNull(token.getRefreshToken());
@@ -193,7 +202,7 @@ public class OAuth2Test {
                                     .param(OAuthConstants.CLIENT_SECRET, "cpwd"), APPLICATION_FORM_URLENCODED_TYPE),
ClientAccessToken.class);
             assertNotNull(token);
             assertEquals("Bearer", token.getTokenType());
-            assertNotNull(token.getTokenKey());
+            assertIsJwt(token.getTokenKey(), "c1");
             assertEquals(3600, token.getExpiresIn());
             assertNotEquals(0, token.getIssuedAt());
             assertNotNull(token.getRefreshToken());
@@ -220,4 +229,20 @@ public class OAuth2Test {
         value.setRedirectUris(singletonList("http://localhost:" + httpPort + "/redirected"));
         cache.put("c1", value);
     }
+
+    private void assertIsJwt(final String tokenKey, final String client) {
+        final String[] split = tokenKey.split("\\.");
+        assertEquals(3, split.length);
+        final BiFunction<Jsonb, String, JsonObject> read = (jsonb, value) ->
+                jsonb.fromJson(new String(Base64.getUrlDecoder().decode(value), StandardCharsets.UTF_8),
JsonObject.class);
+        try (final Jsonb jsonb = JsonbBuilder.create()) {
+            final JsonObject header = read.apply(jsonb, split[0]);
+            final JsonObject payload = read.apply(jsonb, split[1]);
+            assertEquals("RS256", header.getString("alg"));
+            assertEquals("test", payload.getString("username"));
+            assertEquals(client, payload.getString("client_id"));
+        } catch (final Exception e) {
+            fail(e.getMessage());
+        }
+    }
 }



Mime
View raw message