This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 28d19eaa59b4cfe41069e66318b644c2fa00e404 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Fri Jul 20 13:27:18 2018 +0100 Added JPA systests for the OAuth Data Provider --- systests/rs-security/pom.xml | 32 +++ .../oauth2/common/JPAOAuthDataProviderImpl.java | 256 +++++++++++++++++++++ .../common/JPASaml2BearerGrantHandler.java} | 35 ++- .../grants/AuthorizationGrantNegativeTest.java | 26 ++- .../oauth2/grants/AuthorizationGrantTest.java | 28 ++- .../oauth2/grants/IntrospectionServiceTest.java | 28 ++- .../security/oauth2/grants/JAXRSOAuth2Test.java | 26 ++- .../systest/jaxrs/security/oidc/OIDCFlowTest.java | 29 ++- .../jaxrs/security/oidc/OIDCNegativeServerJWT.java | 46 ---- .../jaxrs/security/oidc/OIDCNegativeTest.java | 127 +++++++++- .../systest/jaxrs/security/oidc/UserInfoTest.java | 28 ++- .../src/test/resources/META-INF/persistence.xml | 33 +++ .../oauth2/grants/grants-negative-server-jpa.xml | 156 +++++++++++++ .../security/oauth2/grants/grants-server-jpa.xml | 156 +++++++++++++ .../oauth2/grants/introspection-server-jpa.xml | 137 +++++++++++ .../jaxrs/security/oauth2/grants/server-jpa.xml | 160 +++++++++++++ .../oidc/oidc-negative-server-jcache-jwt.xml | 184 +++++++++++++++ .../security/oidc/oidc-negative-server-jcache.xml | 183 +++++++++++++++ .../security/oidc/oidc-negative-server-jpa.xml | 196 ++++++++++++++++ .../jaxrs/security/oidc/oidc-server-jpa.xml | 171 ++++++++++++++ .../jaxrs/security/oidc/userinfo-server-jpa.xml | 205 +++++++++++++++++ 21 files changed, 2167 insertions(+), 75 deletions(-) diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml index efd437e..91eacb0 100644 --- a/systests/rs-security/pom.xml +++ b/systests/rs-security/pom.xml @@ -33,6 +33,8 @@ <properties> <oauth.version>20100527</oauth.version> <cxf.module.name>org.apache.cxf.systests.security</cxf.module.name> + <hibernate.em.version>4.1.0.Final</hibernate.em.version> + <hsqldb.version>2.3.4</hsqldb.version> </properties> <dependencies> <dependency> @@ -208,6 +210,36 @@ <version>${cxf.ehcache3.version}</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.hibernate.javax.persistence</groupId> + <artifactId>hibernate-jpa-2.1-api</artifactId> + <version>1.0.2.Final</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-orm</artifactId> + <version>${cxf.spring.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-entitymanager</artifactId> + <version>${hibernate.em.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-ehcache</artifactId> + <version>${hibernate.em.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hsqldb</groupId> + <artifactId>hsqldb</artifactId> + <version>${hsqldb.version}</version> + <scope>test</scope> + </dependency> </dependencies> <build> <plugins> diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java new file mode 100644 index 0000000..af65796 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPAOAuthDataProviderImpl.java @@ -0,0 +1,256 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jaxrs.security.oauth2.common; + +import java.io.InputStream; +import java.security.cert.Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.persistence.EntityManagerFactory; + +import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; +import org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rs.security.oauth2.saml.Constants; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.xml.security.utils.ClassLoaderUtils; + +/** + * Extend the JPACodeDataProvider to allow refreshing of tokens + */ +public class JPAOAuthDataProviderImpl extends JPACodeDataProvider { + private Set<String> externalClients = new HashSet<>(); + + public JPAOAuthDataProviderImpl(String servicePort, EntityManagerFactory emf) throws Exception { + this(servicePort, null, emf); + } + + public JPAOAuthDataProviderImpl(String servicePort, String partnerPort, EntityManagerFactory emf) throws Exception { + super(); + + super.setEntityManagerFactory(emf); + + // filters/grants test client + Client client = new Client("consumer-id", "this-is-a-secret", true); + List<String> redirectUris = new ArrayList<>(); + redirectUris.add("http://www.blah.apache.org"); + if (partnerPort != null) { + redirectUris.add("https://localhost:" + partnerPort + "/partnerservice/bookstore/books"); + } + client.setRedirectUris(redirectUris); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + client.getAllowedGrantTypes().add("implicit"); + client.getAllowedGrantTypes().add("hybrid"); + client.getAllowedGrantTypes().add("password"); + client.getAllowedGrantTypes().add("client_credentials"); + client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:saml2-bearer"); + client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer"); + + client.getRegisteredScopes().add("read_balance"); + client.getRegisteredScopes().add("create_balance"); + client.getRegisteredScopes().add("read_data"); + client.getRegisteredScopes().add("read_book"); + client.getRegisteredScopes().add("create_book"); + client.getRegisteredScopes().add("create_image"); + client.getRegisteredScopes().add("openid"); + + this.setClient(client); + + // OIDC filters test client + client = new Client("consumer-id-oidc", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("https://localhost:" + servicePort + + "/secured/bookstore/books")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredScopes().add("openid"); + + this.setClient(client); + + // Audience test client + client = new Client("consumer-id-aud", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/secured/bookstore/books"); + client.getRegisteredAudiences().add("https://127.0.0.1/test"); + client.getRegisteredScopes().add("openid"); + + this.setClient(client); + + // Audience test client 2 + client = new Client("consumer-id-aud2", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/securedxyz/bookstore/books"); + client.getRegisteredScopes().add("openid"); + + this.setClient(client); + + // JAXRSOAuth2Test clients + client = new Client("alice", "alice", true); + client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT); + client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:jwt-bearer"); + client.getAllowedGrantTypes().add("custom_grant"); + this.setClient(client); + + client = new Client("fredNoPassword", null, true); + client.getAllowedGrantTypes().add("custom_grant"); + this.setClient(client); + + client = new Client("fredPublic", null, false); + client.getAllowedGrantTypes().add("custom_grant"); + this.setClient(client); + + client = new Client("fred", "password", true); + client.getAllowedGrantTypes().add("custom_grant"); + this.setClient(client); + + Certificate cert = loadCert(); + String encodedCert = Base64Utility.encode(cert.getEncoded()); + + Client client2 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US", + null, + true, + null, + null); + client2.getAllowedGrantTypes().add("custom_grant"); + client2.setApplicationCertificates(Collections.singletonList(encodedCert)); + this.setClient(client2); + + // external clients (in LDAP/etc) which can be used for client cred + externalClients.add("bob:bobPassword"); + + } + + private Certificate loadCert() throws Exception { + try (InputStream is = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { + return CryptoUtils.loadCertificate(is, "password".toCharArray(), "morpit", null); + } + } + + @Override + public Client getClient(String clientId) { + Client c = super.getClient(clientId); + if (c == null) { + String clientSecret = super.getCurrentClientSecret(); + if (externalClients.contains(clientId + ":" + clientSecret)) { + c = new Client(clientId, clientSecret, true); + c.setTokenEndpointAuthMethod(OAuthConstants.TOKEN_ENDPOINT_AUTH_BASIC); + } + } + return c; + + } + + @Override + protected boolean isRefreshTokenSupported(List<String> theScopes) { + return true; + } + + @Override + public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) { + if (requestedScopes.isEmpty()) { + return Collections.emptyList(); + } + + List<OAuthPermission> permissions = new ArrayList<>(); + for (String requestedScope : requestedScopes) { + if ("read_book".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("read_book"); + permission.setHttpVerbs(Collections.singletonList("GET")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/secured/bookstore/books/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("create_book".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("create_book"); + permission.setHttpVerbs(Collections.singletonList("POST")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/secured/bookstore/books/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("create_image".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("create_image"); + permission.setHttpVerbs(Collections.singletonList("POST")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/secured/bookstore/image/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("read_balance".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("read_balance"); + permission.setHttpVerbs(Collections.singletonList("GET")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/partners/balance/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("create_balance".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("create_balance"); + permission.setHttpVerbs(Collections.singletonList("POST")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/partners/balance/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("read_data".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("read_data"); + permission.setHttpVerbs(Collections.singletonList("GET")); + List<String> uris = new ArrayList<>(); + String partnerAddress = "/partners/data/*"; + uris.add(partnerAddress); + permission.setUris(uris); + + permissions.add(permission); + } else if ("openid".equals(requestedScope)) { + OAuthPermission permission = new OAuthPermission("openid", "Authenticate user"); + permissions.add(permission); + } else { + throw new OAuthServiceException("invalid_scope"); + } + } + + return permissions; + } +} \ No newline at end of file diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java similarity index 50% rename from systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java rename to systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java index 79a2367..ab609dc 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServer.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/JPASaml2BearerGrantHandler.java @@ -16,31 +16,22 @@ * specific language governing permissions and limitations * under the License. */ +package org.apache.cxf.systest.jaxrs.security.oauth2.common; -package org.apache.cxf.systest.jaxrs.security.oidc; +import org.apache.cxf.message.Message; +import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler; +import org.apache.wss4j.common.saml.SamlAssertionWrapper; -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class OIDCNegativeServer extends AbstractBusTestServerBase { - private static final URL SERVER_CONFIG_FILE = - OIDCNegativeServer.class.getResource("oidc-negative-server.xml"); - - protected void run() { - SpringBusFactory bf = new SpringBusFactory(); - Bus springBus = bf.createBus(SERVER_CONFIG_FILE); - BusFactory.setDefaultBus(springBus); - setBus(springBus); +/** + * Extend Saml2BearerGrantHandler not to use SamlUserSubject, which is not an entity and hence causes problems with JPA. + */ +public class JPASaml2BearerGrantHandler extends Saml2BearerGrantHandler { - try { - new OIDCNegativeServer(); - } catch (Exception e) { - throw new RuntimeException(e); - } + @Override + protected UserSubject getGrantSubject(Message message, SamlAssertionWrapper wrapper) { + UserSubject userSubject = super.getGrantSubject(message, wrapper); + return new UserSubject(userSubject.getLogin(), userSubject.getRoles()); } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java index 8c68fb6..2495cde 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java @@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestBase { @@ -75,6 +76,8 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache"); public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jcache-jwt"); public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jcache-jwt"); + public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-negative-jpa"); + public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative-jpa"); final String port; @@ -92,6 +95,8 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB launchServer(BookServerOAuth2GrantsNegativeJCache.class, true)); assertTrue("server did not launch correctly", launchServer(BookServerOAuth2GrantsNegativeJCacheJWT.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2GrantsNegativeJPA.class, true)); } @AfterClass @@ -102,7 +107,7 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); } // @@ -984,4 +989,23 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB } } + + public static class BookServerOAuth2GrantsNegativeJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2GrantsNegative.class.getResource("grants-negative-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2GrantsNegativeJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java index e52c96b..10c683a 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java @@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { @@ -75,6 +76,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache"); public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-jwt"); public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-jwt"); + public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jpa"); + public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jpa"); final String port; @@ -92,6 +95,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { launchServer(BookServerOAuth2GrantsJCache.class, true)); assertTrue("server did not launch correctly", launchServer(BookServerOAuth2GrantsJCacheJWT.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2GrantsJPA.class, true)); } @AfterClass @@ -102,7 +107,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); } @org.junit.Test @@ -358,6 +363,8 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { audPort = JCACHE_PORT2; } else if (JWT_JCACHE_PORT.equals(port)) { audPort = JWT_JCACHE_PORT2; + } else if (JPA_PORT.equals(port)) { + audPort = JPA_PORT2; } String audience = "https://localhost:" + audPort + "/secured/bookstore/books"; ClientAccessToken accessToken = @@ -633,4 +640,23 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { } } + + public static class BookServerOAuth2GrantsJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2Grants.class.getResource("grants-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2GrantsJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java index 737f2fa..5c831fe 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.java @@ -49,6 +49,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { @@ -61,6 +62,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache"); public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache-jwt"); public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache-jwt"); + public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jpa"); + public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jpa"); final String port; @@ -78,6 +81,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { launchServer(BookServerOAuth2IntrospectionJCache.class, true)); assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJCacheJWT.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2IntrospectionJPA.class, true)); } @AfterClass @@ -88,7 +93,7 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); // TODOJPA_PORT); } @org.junit.Test @@ -163,6 +168,8 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { audPort = JCACHE_PORT2; } else if (JWT_JCACHE_PORT.equals(port)) { audPort = JWT_JCACHE_PORT2; + } else if (JPA_PORT.equals(port)) { + audPort = JPA_PORT2; } String audience = "https://localhost:" + audPort + "/secured/bookstore/books"; ClientAccessToken accessToken = @@ -412,4 +419,23 @@ public class IntrospectionServiceTest extends AbstractBusClientServerTestBase { } } + + public static class BookServerOAuth2IntrospectionJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2Introspection.class.getResource("introspection-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2IntrospectionJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java index a1c6773..a098dbf 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/JAXRSOAuth2Test.java @@ -80,6 +80,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { @@ -91,6 +92,8 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { public static final String JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache"); public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jcache-jwt"); public static final String JWT_JCACHE_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jcache-jwt"); + public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-jpa"); + public static final String JPA_PORT_PUBLIC = TestUtil.getPortNumber("jaxrs-oauth2-public-jpa"); private static final String CRYPTO_RESOURCE_PROPERTIES = "org/apache/cxf/systest/jaxrs/security/alice.properties"; @@ -111,6 +114,8 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { launchServer(BookServerOAuth2JCache.class, true)); assertTrue("server did not launch correctly", launchServer(BookServerOAuth2JCacheJWT.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2JPA.class, true)); } @AfterClass @@ -121,7 +126,7 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); } @Test @@ -705,4 +710,23 @@ public class JAXRSOAuth2Test extends AbstractBusClientServerTestBase { } } + + public static class BookServerOAuth2JPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2Grants.class.getResource("server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2JPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java index ab18d0a..eb98186 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java @@ -71,6 +71,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class OIDCFlowTest extends AbstractBusClientServerTestBase { @@ -79,6 +80,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oidc-jwt"); static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache"); static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oidc-jcache-jwt"); + static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oidc-jpa"); final String port; @@ -112,6 +114,12 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(OIDCServerJCacheJWT.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(OIDCServerJPA.class, true) + ); } @AfterClass @@ -122,7 +130,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); } @org.junit.Test @@ -1077,4 +1085,23 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { } } + + public static class OIDCServerJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCServer.class.getResource("oidc-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCServerJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java deleted file mode 100644 index f71756a..0000000 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeServerJWT.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.jaxrs.security.oidc; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class OIDCNegativeServerJWT extends AbstractBusTestServerBase { - private static final URL SERVER_CONFIG_FILE = - OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jwt.xml"); - - protected void run() { - SpringBusFactory bf = new SpringBusFactory(); - Bus springBus = bf.createBus(SERVER_CONFIG_FILE); - BusFactory.setDefaultBus(springBus); - setBus(springBus); - - try { - new OIDCNegativeServerJWT(); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - -} diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java index 001ac9b..781efe6 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java @@ -28,6 +28,9 @@ import javax.ws.rs.client.ResponseProcessingException; import javax.ws.rs.core.Form; import javax.ws.rs.core.Response; +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; @@ -42,6 +45,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; import org.junit.AfterClass; @@ -55,12 +59,18 @@ import org.junit.runners.Parameterized.Parameters; * implementations: * a) PORT - EhCache * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled + * c) JCACHE_PORT - JCache + * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class OIDCNegativeTest extends AbstractBusClientServerTestBase { static final String PORT = TestUtil.getPortNumber("jaxrs-negative-oidc"); static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jwt"); + static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jcache"); + static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jcache-jwt"); + static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-negative-oidc-jpa"); final String port; @@ -82,6 +92,24 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(OIDCNegativeServerJWT.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(OIDCNegativeServerJCache.class, true) + ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(OIDCNegativeServerJCacheJWT.class, true) + ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(OIDCNegativeServerJPA.class, true) + ); } @AfterClass @@ -92,7 +120,7 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); } @org.junit.Test @@ -423,5 +451,102 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase { assertEquals("consumer-id", userInfo.getAudience()); } + // + // Server implementations + // + + public static class OIDCNegativeServer extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCNegativeServer.class.getResource("oidc-negative-server.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCNegativeServer(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + } + + public static class OIDCNegativeServerJWT extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jwt.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCNegativeServerJWT(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + public static class OIDCNegativeServerJCache extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jcache.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCNegativeServerJCache(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + public static class OIDCNegativeServerJCacheJWT extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCNegativeServerJWT.class.getResource("oidc-negative-server-jcache-jwt.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCNegativeServerJCacheJWT(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + public static class OIDCNegativeServerJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + OIDCNegativeServer.class.getResource("oidc-negative-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new OIDCNegativeServerJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java index 5ff0e80..059a8a6 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.java @@ -64,6 +64,7 @@ import org.junit.runners.Parameterized.Parameters; * b) JWT_PORT - EhCache with useJwtFormatForAccessTokens enabled * c) JCACHE_PORT - JCache * d) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * e) JPA_PORT - JPA provider */ @RunWith(value = org.junit.runners.Parameterized.class) public class UserInfoTest extends AbstractBusClientServerTestBase { @@ -72,6 +73,7 @@ public class UserInfoTest extends AbstractBusClientServerTestBase { static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jwt"); static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache"); static final String JCACHE_JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache-jwt"); + static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jpa"); final String port; @@ -105,6 +107,12 @@ public class UserInfoTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(UserInfoServerJCacheJWT.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(UserInfoServerJPA.class, true) + ); } @AfterClass @@ -115,7 +123,7 @@ public class UserInfoTest extends AbstractBusClientServerTestBase { @Parameters(name = "{0}") public static Collection<String> data() { - return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT); + return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT, JPA_PORT); } @org.junit.Test @@ -390,4 +398,22 @@ public class UserInfoTest extends AbstractBusClientServerTestBase { } + public static class UserInfoServerJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + UserInfoServer.class.getResource("userinfo-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new UserInfoServerJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } } diff --git a/systests/rs-security/src/test/resources/META-INF/persistence.xml b/systests/rs-security/src/test/resources/META-INF/persistence.xml new file mode 100644 index 0000000..e954d3b --- /dev/null +++ b/systests/rs-security/src/test/resources/META-INF/persistence.xml @@ -0,0 +1,33 @@ +<persistence xmlns="http://java.sun.com/xml/ns/persistence" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" + version="2.0"> + + <persistence-unit name="testUnitHibernate" transaction-type="RESOURCE_LOCAL"> + <provider>org.hibernate.ejb.HibernatePersistence</provider> + <class>org.apache.cxf.rs.security.oauth2.common.Client</class> + <class>org.apache.cxf.rs.security.oauth2.common.UserSubject</class> + <class>org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant</class> + <class>org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken</class> + <class>org.apache.cxf.rs.security.oauth2.common.ServerAccessToken</class> + <class>org.apache.cxf.rs.security.oauth2.common.AccessToken</class> + <class>org.apache.cxf.rs.security.oauth2.common.OAuthPermission</class> + <class>org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken</class> + <exclude-unlisted-classes>true</exclude-unlisted-classes> + <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode> + <properties> + <property name="hibernate.connection.url" value="jdbc:hsqldb:mem:oauth-jpa"/> + <property name="hibernate.connection.driver_class" value="org.hsqldb.jdbcDriver"/> + <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect"/> + <property name="hibernate.hbm2ddl.auto" value="create-drop"/> + <property name="hibernate.connection.username" value="sa"/> + <property name="hibernate.connection.password" value=""/> + <property name="javax.persistence.validation.mode" value="none"/> + <property name="hibernate.cache.region.factory_class" + value="org.hibernate.cache.ehcache.SingletonEhCacheRegionFactory"/> + <property name="hibernate.max_fetch_depth" value="3"/> + </properties> + </persistence-unit> + +</persistence> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml new file mode 100644 index 0000000..b75be09 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server-jpa.xml @@ -0,0 +1,156 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-negative-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="${testutil.ports.jaxrs-oauth2-grants2-negative-jpa}"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + <ref bean="samlGrantHandler"/> + <ref bean="jwtGrantHandler"/> + </list> + </property> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-negative-jpa}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="security.signature.properties" + value="org/apache/cxf/systest/jaxrs/security/bob.properties"/> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml new file mode 100644 index 0000000..13d709a --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jpa.xml @@ -0,0 +1,156 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-grants-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="${testutil.ports.jaxrs-oauth2-grants2-jpa}"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="samlGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPASaml2BearerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + <ref bean="samlGrantHandler"/> + <ref bean="jwtGrantHandler"/> + </list> + </property> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-grants-jpa}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="security.signature.properties" + value="org/apache/cxf/systest/jaxrs/security/bob.properties"/> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml new file mode 100644 index 0000000..928964c --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/introspection-server-jpa.xml @@ -0,0 +1,137 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-introspection-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-introspection2-jpa}</value></constructor-arg> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + </list> + </property> + </bean> + + <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-introspection-jpa}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="tokenService"/> + <ref bean="tokenIntrospectionService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + </jaxrs:server> + + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml new file mode 100644 index 0000000..72636e2 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server-jpa.xml @@ -0,0 +1,160 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <httpj:engine-factory id="port-9095-tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="12345"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + <bean id="samlGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPASaml2BearerGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + + <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/> + <bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/> + + <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CustomGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + <bean id="clientCredGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="dataProvider"/> + </bean> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="dataProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="samlGrantHandler"/> + <ref bean="jwtGrantHandler"/> + <ref bean="customGrantHandler"/> + <ref bean="clientCredGrantHandler"/> + </list> + </property> + <property name="canSupportPublicClients" value="true"/> + </bean> + <bean id="serviceBeanPublic" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="dataProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="customGrantHandler"/> + </list> + </property> + <property name="canSupportPublicClients" value="true"/> + </bean> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:properties> + <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-oauth2-public-jpa}/oauth2Public"> + <jaxrs:serviceBeans> + <ref bean="serviceBeanPublic"/> + </jaxrs:serviceBeans> + </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2-auth"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="samlAuthHandler"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> + </jaxrs:properties> + </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2-jpa}/oauth2-auth-jwt"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jwtAuthHandler"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml new file mode 100644 index 0000000..ef885db --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache-jwt.xml @@ -0,0 +1,184 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jcache-jwt}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-negative-oidc-jcache-jwt}</value></constructor-arg> + <property name="useJwtFormatForAccessTokens" value="true"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/> + + <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + </list> + </property> + <property name="responseFilter" ref="idTokenFilter"/> + </bean> + + <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + <property name="codeService" ref="authorizationService"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="hybridService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + <ref bean="oidcKeysService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/> + + <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="authorizationFilter" ref="jwtRequestFilter"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/unsignedjwtservices"> + <jaxrs:serviceBeans> + <ref bean="jwtAuthorizationService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.signature.algorithm" value="none" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" /> + + <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + <property name="jwsRequired" value="false"/> + </bean> + + <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache-jwt}/ui/plain"> + <jaxrs:serviceBeans> + <ref bean="userInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + <ref bean="jsonProvider"/> + </jaxrs:providers> + </jaxrs:server> + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml new file mode 100644 index 0000000..cfec724 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jcache.xml @@ -0,0 +1,183 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jcache}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-negative-oidc-jcache}</value></constructor-arg> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/> + + <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + </list> + </property> + <property name="responseFilter" ref="idTokenFilter"/> + </bean> + + <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + <property name="codeService" ref="authorizationService"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="hybridService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + <ref bean="oidcKeysService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/> + + <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="authorizationFilter" ref="jwtRequestFilter"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/unsignedjwtservices"> + <jaxrs:serviceBeans> + <ref bean="jwtAuthorizationService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.signature.algorithm" value="none" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" /> + + <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + <property name="jwsRequired" value="false"/> + </bean> + + <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jcache}/ui/plain"> + <jaxrs:serviceBeans> + <ref bean="userInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + <ref bean="jsonProvider"/> + </jaxrs:providers> + </jaxrs:server> + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml new file mode 100644 index 0000000..ada2fc0 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-negative-server-jpa.xml @@ -0,0 +1,196 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-negative-oidc-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="${testutil.ports.jaxrs-negative-oidc-jpa}"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/> + + <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + </list> + </property> + <property name="responseFilter" ref="idTokenFilter"/> + </bean> + + <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + <property name="codeService" ref="authorizationService"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="hybridService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + <ref bean="oidcKeysService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/> + + <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="authorizationFilter" ref="jwtRequestFilter"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/unsignedjwtservices"> + <jaxrs:serviceBeans> + <ref bean="jwtAuthorizationService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.signature.algorithm" value="none" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" /> + + <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + <property name="jwsRequired" value="false"/> + </bean> + + <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-negative-oidc-jpa}/ui/plain"> + <jaxrs:serviceBeans> + <ref bean="userInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + <ref bean="jsonProvider"/> + </jaxrs:providers> + </jaxrs:server> + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml new file mode 100644 index 0000000..28808aa --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server-jpa.xml @@ -0,0 +1,171 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oidc-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="${testutil.ports.jaxrs-oidc-jpa}"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/> + + <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + </list> + </property> + <property name="responseFilter" ref="idTokenFilter"/> + </bean> + + <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + <property name="codeService" ref="authorizationService"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oidc-jpa}/services"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="hybridService"/> + <ref bean="implicitService"/> + <ref bean="tokenService"/> + <ref bean="oidcKeysService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/> + + <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="authorizationFilter" ref="jwtRequestFilter"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oidc-jpa}/unsignedjwtservices"> + <jaxrs:serviceBeans> + <ref bean="jwtAuthorizationService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.signature.algorithm" value="none" /> + </jaxrs:properties> + </jaxrs:server> + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml new file mode 100644 index 0000000..387f2f8 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/userinfo-server-jpa.xml @@ -0,0 +1,205 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:http="http://cxf.apache.org/transports/http/configuration" + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" + xmlns:sec="http://cxf.apache.org/configuration/security" + xmlns:cxf="http://cxf.apache.org/core" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-userinfo-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="testUnitHibernate" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg value="${testutil.ports.jaxrs-userinfo-jpa}"/> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="idTokenProviderImpl" class="org.apache.cxf.systest.jaxrs.security.oidc.IdTokenProviderImpl"/> + + <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> + <property name="idTokenProvider" ref="idTokenProviderImpl"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="responseFilter" ref="idTokenFilter"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/oidc"> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="tokenService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="oAuthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="userInfoProvider" class="org.apache.cxf.systest.jaxrs.security.oidc.UserInfoProviderImpl" /> + <bean id="userInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + <property name="jwsRequired" value="false"/> + </bean> + + <bean id="jsonProvider" class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/plain"> + <jaxrs:serviceBeans> + <ref bean="userInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + <ref bean="jsonProvider"/> + </jaxrs:providers> + </jaxrs:server> + + <bean id="signedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/signed"> + <jaxrs:serviceBeans> + <ref bean="signedUserInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + <ref bean="jsonProvider"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + <bean id="encryptedUserInfoService" class="org.apache.cxf.rs.security.oidc.idp.UserInfoService"> + <property name="userInfoProvider" ref="userInfoProvider"/> + <property name="jwsRequired" value="false"/> + <property name="jweRequired" value="true"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-userinfo-jpa}/services/encrypted"> + <jaxrs:serviceBeans> + <ref bean="encryptedUserInfoService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="oAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="bob"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/bob.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + + </jaxrs:server> + + <http:conduit name="https://localhost.*"> + <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> + + +</beans>