Repository: cxf Updated Branches: refs/heads/master dc47b8e0d -> 7298cc60e
Testing the standard token introspection path Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7298cc60 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7298cc60 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7298cc60 Branch: refs/heads/master Commit: 7298cc60e9b217dcda22fadd43058002dea4852d Parents: dc47b8e Author: Sergey Beryozkin <[email protected]> Authored: Tue Apr 25 17:47:48 2017 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Apr 25 17:47:48 2017 +0100 ---------------------------------------------------------------------- .../oauth2/provider/OAuthJSONProvider.java | 2 +- .../security/oauth2/tls/JAXRSOAuth2TlsTest.java | 10 ++++-- .../jaxrs/security/oauth2/tls/serverTls.xml | 36 ++++++++++++++++++-- 3 files changed, 43 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7298cc60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java index ce083c1..486bda3 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java @@ -131,7 +131,7 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>, if (JoseConstants.HEADER_X509_THUMBPRINT_SHA256.equals(entry.getKey())) { StringBuilder cnfObj = new StringBuilder(); cnfObj.append("{"); - appendJsonPair(sb, entry.getKey(), entry.getValue()); + appendJsonPair(cnfObj, entry.getKey(), entry.getValue()); cnfObj.append("}"); appendJsonPair(sb, "cnf", cnfObj.toString(), false); } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/7298cc60/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java index 50bfea3..0820364 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.java @@ -64,6 +64,10 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { Book book = wcRs.get(Book.class); assertEquals(123L, book.getId()); + String protectedRsAddress2 = "https://localhost:"; + PORT + "/rs2/bookstore/books/123"; + WebClient wcRs2 = createRsWebClient(protectedRsAddress2, at, "client.xml"); + book = wcRs2.get(Book.class); + assertEquals(123L, book.getId()); String unprotectedRsAddress = "https://localhost:"; + PORT + "/rsUnprotected/bookstore/books/123"; WebClient wcRsDiffClientCert = createRsWebClient(unprotectedRsAddress, at, "client2.xml"); @@ -71,10 +75,12 @@ public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase { book = wcRsDiffClientCert.get(Book.class); assertEquals(123L, book.getId()); - // Protected resource, access token was created with Morphit key, RS is accessed with - // Bethal.key, thus 401 is expected + // Protected resource, access token was created with Morphit.jks key, RS is accessed with + // Bethal.jks key, thus 401 is expected wcRsDiffClientCert = createRsWebClient(protectedRsAddress, at, "client2.xml"); assertEquals(401, wcRsDiffClientCert.get().getStatus()); + wcRsDiffClientCert = createRsWebClient(protectedRsAddress2, at, "client2.xml"); + assertEquals(401, wcRsDiffClientCert.get().getStatus()); } @Test http://git-wip-us.apache.org/repos/asf/cxf/blob/7298cc60/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml index 40ade66..a0db728 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls.xml @@ -81,11 +81,16 @@ under the License. <property name="dataProvider" ref="dataProvider"/> <property name="blockUnauthorizedRequests" value="false"/> </bean> + <bean id="tokenIntrospectionService1" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService"> + <property name="dataProvider" ref="dataProvider"/> + <property name="blockUnauthorizedRequests" value="false"/> + </bean> <jaxrs:server id="tokenServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2";> <jaxrs:serviceBeans> <ref bean="accessTokenService1"/> <ref bean="tokenValidatorService1"/> + <ref bean="tokenIntrospectionService1"/> </jaxrs:serviceBeans> </jaxrs:server> @@ -98,13 +103,32 @@ under the License. </jaxrs-client:headers> </jaxrs-client:client> - <bean id="tokenValidator1" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"> + <bean id="tokenValidator1" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient"> <property name="tokenValidatorClient" ref="tokenValidatorClient1"/> - </bean> + </bean> <bean id="oauth2Filter1" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> <property name="tokenValidator" ref="tokenValidator1"/> </bean> + + <jaxrs-client:client id="tokenValidatorClient2" + address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/oauth2/introspect"; + serviceClass="org.apache.cxf.jaxrs.client.WebClient"> + <jaxrs-client:headers> + <entry key="Accept" value="application/json"/> + <entry key="Content-Type" value="application/x-www-form-urlencoded"/> + </jaxrs-client:headers> + </jaxrs-client:client> + + <bean id="tokenValidator2" class="org.apache.cxf.rs.security.oauth2.filters.AccessTokenIntrospectionClient"> + <property name="tokenValidatorClient" ref="tokenValidatorClient2"/> + </bean> + + <bean id="oauth2Filter2" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="tokenValidator" ref="tokenValidator2"/> + </bean> + + <jaxrs:server id="rsServer1" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rs";> <jaxrs:serviceBeans> <ref bean="rsService"/> @@ -113,6 +137,14 @@ under the License. <ref bean="oauth2Filter1"/> </jaxrs:providers> </jaxrs:server> + <jaxrs:server id="rsServer2" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rs2";> + <jaxrs:serviceBeans> + <ref bean="rsService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oauth2Filter2"/> + </jaxrs:providers> + </jaxrs:server> <jaxrs:server id="rsServerUnprotected" address="https://localhost:${testutil.ports.jaxrs-oauth2-tls}/rsUnprotected";> <jaxrs:serviceBeans> <ref bean="rsService"/>
