Adding JWT Grant + Authn tests # Conflicts: # systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/efbb7f47 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/efbb7f47 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/efbb7f47 Branch: refs/heads/3.0.x-fixes Commit: efbb7f47d0ee6f72db8c23b2781c577a33dea46c Parents: d34ba6d Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Dec 8 15:21:52 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Dec 8 15:38:11 2015 +0000 ---------------------------------------------------------------------- .../jaxrs/security/oauth2/JAXRSOAuth2Test.java | 89 ++++++++++++++++++++ .../security/oauth2/OAuthDataProviderImpl.java | 1 + .../systest/jaxrs/security/oauth2/server.xml | 33 ++++++++ 3 files changed, 123 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java index 04faa05..6558d87 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/JAXRSOAuth2Test.java @@ -20,8 +20,12 @@ package org.apache.cxf.systest.jaxrs.security.oauth2; import java.net.URL; +import java.util.Calendar; +import java.util.Collections; +import java.util.Date; import java.util.HashMap; import java.util.Map; +import java.util.Properties; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; @@ -33,10 +37,17 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.common.CryptoLoader; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; +import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; +import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor; import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; +import org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant; import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant; import org.apache.cxf.rs.security.oauth2.saml.Constants; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; @@ -140,6 +151,41 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { assertNotNull(at.getTokenKey()); } + @Test + public void testJWTBearerGrant() throws Exception { + String address = "https://localhost:"; + PORT + "/oauth2/token"; + WebClient wc = createWebClient(address); + + // Create the JWT Token + String token = createToken("resourceOwner", "alice", address, true, true); + + JwtBearerGrant grant = new JwtBearerGrant(token); + ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, + new Consumer("alice", "alice"), + grant, + false); + assertNotNull(at.getTokenKey()); + } + + @Test + public void testJWTBearerAuthenticationDirect() throws Exception { + String address = "https://localhost:"; + PORT + "/oauth2-auth-jwt/token"; + WebClient wc = createWebClient(address); + + // Create the JWT Token + String token = createToken("resourceOwner", "alice", address, true, true); + + Map<String, String> extraParams = new HashMap<String, String>(); + extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, + "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); + extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token); + + ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, + new CustomGrant(), + extraParams); + assertNotNull(at.getTokenKey()); + } + private WebClient createWebClient(String address) { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); bean.setAddress(address); @@ -191,6 +237,49 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { return wc; } + private String createToken(String issuer, String subject, String audience, + boolean expiry, boolean sign) { + // Create the JWT Token + JwtClaims claims = new JwtClaims(); + claims.setSubject(subject); + if (issuer != null) { + claims.setIssuer(issuer); + } + claims.setIssuedAt(new Date().getTime() / 1000L); + if (expiry) { + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.SECOND, 60); + claims.setExpiryTime(cal.getTimeInMillis() / 1000L); + } + if (audience != null) { + claims.setAudiences(Collections.singletonList(audience)); + } + + if (sign) { + // Sign the JWT Token + Properties signingProperties = new Properties(); + signingProperties.put("rs.security.keystore.type", "jks"); + signingProperties.put("rs.security.keystore.password", "password"); + signingProperties.put("rs.security.keystore.alias", "alice"); + signingProperties.put("rs.security.keystore.file", + "org/apache/cxf/systest/jaxrs/security/certs/alice.jks"); + signingProperties.put("rs.security.key.password", "password"); + signingProperties.put("rs.security.signature.algorithm", "RS256"); + + JwsHeaders jwsHeaders = new JwsHeaders(signingProperties); + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims); + + JwsSignatureProvider sigProvider = + JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders); + + return jws.signWith(sigProvider); + } + + JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE); + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims); + return jws.getSignedEncodedJws(); + } + private static class CustomGrant implements AccessTokenGrant { private static final long serialVersionUID = -4007538779198315873L; http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java index ce89320..b1472e5 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java @@ -45,6 +45,7 @@ public class OAuthDataProviderImpl implements OAuthDataProvider { public OAuthDataProviderImpl() throws Exception { Client client = new Client("alice", "alice", true); client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT); + client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer"); client.getAllowedGrantTypes().add("custom_grant"); clients.put(client.getClientId(), client); http://git-wip-us.apache.org/repos/asf/cxf/blob/efbb7f47/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml index f3f6fbe..fa196b9 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml @@ -62,7 +62,13 @@ under the License. <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"> <property name="dataProvider" ref="dataProvider"/> </bean> + <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/> + <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/> + <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler"> <property name="dataProvider" ref="dataProvider"/> </bean> @@ -72,6 +78,7 @@ under the License. <property name="grantHandlers"> <list> <ref bean="samlGrantHandler"/> + <ref bean="jwtGrantHandler"/> <ref bean="customGrantHandler"/> </list> </property> @@ -81,7 +88,17 @@ under the License. <ref bean="serviceBean"/> </jaxrs:serviceBeans> <jaxrs:properties> +<<<<<<< HEAD <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> +======= + <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" + value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> +>>>>>>> dfe90b6... Adding JWT Grant + Authn tests </jaxrs:properties> </jaxrs:server> <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth";> @@ -95,4 +112,20 @@ under the License. <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> </jaxrs:properties> </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth-jwt";> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jwtAuthHandler"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" + value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> </beans>
