Repository: cxf Updated Branches: refs/heads/master 9cc3f37d1 -> aeba7ad5a
Starting with testing the client cert access token binding Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aeba7ad5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aeba7ad5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aeba7ad5 Branch: refs/heads/master Commit: aeba7ad5a291db366abd65dc34c92ee8a21ee9be Parents: 9cc3f37 Author: Sergey Beryozkin <[email protected]> Authored: Tue Apr 25 16:40:40 2017 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Apr 25 16:40:40 2017 +0100 ---------------------------------------------------------------------- .../security/oauth2/tls/JAXRSOAuth2TlsTest.java | 28 ++++++++-- .../oauth2/tls/OAuthDataProviderImpl.java | 1 + .../jaxrs/security/oauth2/tls/serverTls.xml | 56 ++++++++++++++++++-- 3 files changed, 77 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java index ad9f4bb..3824259 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java @@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.systest.jaxrs.security.Book; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.junit.BeforeClass; @@ -53,16 +54,21 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { @Test public void testTwoWayTLSClientIdIsSubjectDn() throws Exception { String address = "https://localhost:"; + PORT + "/oauth2/token"; - WebClient wc = createWebClient(address); + WebClient wc = createOAuth2WebClient(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant()); assertNotNull(at.getTokenKey()); + + String rsAddress = "https://localhost:"; + PORT + "/rs/bookstore/books/123"; + WebClient wcRs = createRsWebClient(rsAddress, at); + Book book = wcRs.get(Book.class); + assertEquals(123L, book.getId()); } @Test public void testTwoWayTLSClientIdBound() throws Exception { String address = "https://localhost:"; + PORT + "/oauth2/token"; - WebClient wc = createWebClient(address); + WebClient wc = createOAuth2WebClient(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("bound"), @@ -73,7 +79,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { @Test public void testTwoWayTLSClientUnbound() throws Exception { String address = "https://localhost:"; + PORT + "/oauth2/token"; - WebClient wc = createWebClient(address); + WebClient wc = createOAuth2WebClient(address); try { OAuthClientUtils.getAccessToken(wc, new Consumer("unbound"), @@ -86,7 +92,7 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { } - private WebClient createWebClient(String address) { + private WebClient createOAuth2WebClient(String address) { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); bean.setAddress(address); @@ -99,6 +105,20 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); return wc; } + private WebClient createRsWebClient(String address, ClientAccessToken at) { + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + bean.setAddress(address); + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSOAuth2TlsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + + WebClient wc = bean.createWebClient(); + wc.accept(MediaType.APPLICATION_XML); + wc.authorization(at); + return wc; + } private static class CustomGrant implements AccessTokenGrant { http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java index 47f1d71..55ff852 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/OAuthDataProviderImpl.java @@ -42,6 +42,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { null); client1.getAllowedGrantTypes().add("custom_grant"); registerCert(client1); + this.setClient(client1); Client client2 = new Client("bound", null, http://git-wip-us.apache.org/repos/asf/cxf/blob/aeba7ad5/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml index 1901ba5..219bf45 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml @@ -24,8 +24,10 @@ under the License. xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xmlns:jaxrs-client="http://cxf.apache.org/jaxrs-client"; xmlns:util="http://www.springframework.org/schema/util"; xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/jaxrs-client http://cxf.apache.org/schemas/jaxrs-client.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd @@ -45,7 +47,7 @@ under the License. <util:list id="busProviders"> <ref bean="oauthJson"/> </util:list> - <httpj:engine-factory id="port-9095-tls-config"> + <httpj:engine-factory id="client-server-tls-config"> <httpj:engine port="${testutil.ports.jaxrs-oauth2-tls}"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="password"> @@ -61,9 +63,12 @@ under the License. <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler"> <property name="dataProvider" ref="dataProvider"/> </bean> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.tls.OAuthDataProviderImpl"/> - <bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <bean id="rsService" class="org.apache.cxf.systest.jaxrs.security.BookStore"/> + + <bean id="accessTokenService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> <property name="dataProvider" ref="dataProvider"/> <property name="grantHandlers"> <list> @@ -72,10 +77,53 @@ under the License. </property> </bean> - <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2";> + <bean id="tokenValidatorService1" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService"> + <property name="dataProvider" ref="dataProvider"/> + <property name="blockUnauthorizedRequests" value="false"/> + </bean> + + <jaxrs:server id="tokenServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2";> + <jaxrs:serviceBeans> + <ref bean="accessTokenService1"/> + <ref bean="tokenValidatorService1"/> + </jaxrs:serviceBeans> + </jaxrs:server> + + <jaxrs-client:client id="tokenValidatorClient1" + address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2/validate"; + serviceClass="org.apache.cxf.jaxrs.client.WebClient"> + <jaxrs-client:headers> + <entry key="Accept" value="application/xml"/> + <entry key="Content-Type" value="application/x-www-form-urlencoded"/> + </jaxrs-client:headers> + </jaxrs-client:client> + + <bean id="tokenValidator1" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"> + <property name="tokenValidatorClient" ref="tokenValidatorClient1"/> + </bean> + + <bean id="oauth2Filter1" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="tokenValidator" ref="tokenValidator1"/> + </bean> + <jaxrs:server id="rsServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rs";> <jaxrs:serviceBeans> - <ref bean="accessTokenService"/> + <ref bean="rsService"/> </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oauth2Filter1"/> + </jaxrs:providers> </jaxrs:server> + + <http:conduit name="https://localhost.*";> + <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/> + <http:tlsClientParameters disableCNCheck="true"> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Morpit.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> </beans>
