Repository: cxf Updated Branches: refs/heads/master e00b84269 -> 60d257751
Prototyping a dedicated OAuth2 TLS test with much more to come later on Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/60d25775 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/60d25775 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/60d25775 Branch: refs/heads/master Commit: 60d257751e5867bee2866fede227ad2f0056ed36 Parents: e00b842 Author: Sergey Beryozkin <[email protected]> Authored: Wed Apr 5 17:48:00 2017 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Apr 5 17:48:00 2017 +0100 ---------------------------------------------------------------------- .../oauth2/common/OAuthDataProviderTlsImpl.java | 56 ++++++++++++ .../oauth2/grants/BookServerOAuth2Tls.java | 59 ++++++++++++ .../oauth2/grants/JAXRSOAuth2TlsTest.java | 95 ++++++++++++++++++++ .../jaxrs/security/oauth2/grants/serverTls.xml | 80 +++++++++++++++++ 4 files changed, 290 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/60d25775/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderTlsImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderTlsImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderTlsImpl.java new file mode 100644 index 0000000..e253110 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderTlsImpl.java @@ -0,0 +1,56 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jaxrs.security.oauth2.common; + +import java.io.InputStream; +import java.security.cert.Certificate; +import java.util.Collections; + +import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.xml.security.utils.ClassLoaderUtils; + +/** + * Extend the DefaultEHCacheCodeDataProvider to allow refreshing of tokens + */ +public class OAuthDataProviderTlsImpl extends DefaultEHCacheCodeDataProvider { + public OAuthDataProviderTlsImpl() throws Exception { + + Certificate cert = loadCert(); + String encodedCert = Base64Utility.encode(cert.getEncoded()); + + Client client = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US", + null, + true, + null, + null); + client.getAllowedGrantTypes().add("custom_grant"); + client.setApplicationCertificates(Collections.singletonList(encodedCert)); + this.setClient(client); + + } + + private Certificate loadCert() throws Exception { + try (InputStream is = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { + return CryptoUtils.loadCertificate(is, new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, "morpit", null); + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/60d25775/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Tls.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Tls.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Tls.java new file mode 100644 index 0000000..7244c76 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/BookServerOAuth2Tls.java @@ -0,0 +1,59 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.oauth2.grants; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerOAuth2Tls extends AbstractBusTestServerBase { + public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-tls"); + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2Tls.class.getResource("serverTls.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2Tls(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public static void main(String[] args) { + try { + BookServerOAuth2Tls s = new BookServerOAuth2Tls(); + s.start(); + } catch (Exception ex) { + ex.printStackTrace(); + System.exit(-1); + } finally { + System.out.println("done!"); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/60d25775/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2TlsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2TlsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2TlsTest.java new file mode 100644 index 0000000..9450ddf --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2TlsTest.java @@ -0,0 +1,95 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.oauth2.grants; + +import java.net.URL; + +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; + +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.jaxrs.impl.MetadataMap; +import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils; +import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; +import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; + +import org.junit.BeforeClass; +import org.junit.Test; + +public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { + public static final String PORT = BookServerOAuth2Tls.PORT; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2Tls.class, true)); + } + + + @Test + public void testTwoWayTLSAuthenticationCustomGrant() throws Exception { + String address = "https://localhost:"; + PORT + "/oauth2/token"; + WebClient wc = createWebClient(address); + + ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant()); + assertNotNull(at.getTokenKey()); + } + + + + private WebClient createWebClient(String address) { + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + bean.setAddress(address); + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSOAuth2TlsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + + WebClient wc = bean.createWebClient(); + wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); + return wc; + } + + + private static class CustomGrant implements AccessTokenGrant { + + private static final long serialVersionUID = -4007538779198315873L; + + @Override + public String getType() { + return "custom_grant"; + } + + @Override + public MultivaluedMap<String, String> toMap() { + MultivaluedMap<String, String> map = new MetadataMap<String, String>(); + map.putSingle(OAuthConstants.GRANT_TYPE, "custom_grant"); + return map; + } + + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/60d25775/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/serverTls.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/serverTls.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/serverTls.xml new file mode 100644 index 0000000..bcd3187 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/serverTls.xml @@ -0,0 +1,80 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <httpj:engine-factory id="port-9095-tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-tls}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderTlsImpl"/> + <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="dataProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="customGrantHandler"/> + </list> + </property> + </bean> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2";> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + </jaxrs:server> + +</beans>
