This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 1cbe0268c1c428717ad8215363ec06c08ee462b7 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Thu Sep 12 22:14:11 2019 +0100 Adding OAuth token revocation tests (cherry picked from commit 28d265696ec788fae048aa7ec49ef7938ad8c2ed) --- .../oauth2/grants/RevocationServiceTest.java | 266 +++++++++++++++++++++ .../oauth2/grants/revocation-server-jcache-jwt.xml | 139 +++++++++++ .../oauth2/grants/revocation-server-jcache.xml | 128 ++++++++++ .../oauth2/grants/revocation-server-jpa.xml | 141 +++++++++++ 4 files changed, 674 insertions(+) diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/RevocationServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/RevocationServiceTest.java new file mode 100644 index 0000000..057eda6 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/RevocationServiceTest.java @@ -0,0 +1,266 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jaxrs.security.oauth2.grants; + +import java.net.URL; +import java.util.Arrays; +import java.util.Collection; + +import javax.ws.rs.core.Form; +import javax.ws.rs.core.Response; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; +import org.apache.cxf.rs.security.oauth2.common.TokenIntrospection; +import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; +import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized.Parameters; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +/** + * Some unit tests for the token revocation service in CXF. The tests are run multiple times with different + * OAuthDataProvider implementations: + * a) JCACHE_PORT - JCache + * b) JWT_JCACHE_PORT - JCache with useJwtFormatForAccessTokens enabled + * c) JPA_PORT - JPA provider + */ +@RunWith(value = org.junit.runners.Parameterized.class) +public class RevocationServiceTest extends AbstractBusClientServerTestBase { + + public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-revocation-jcache"); + public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-revocation2-jcache"); + public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-revocation-jcache-jwt"); + public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-revocation2-jcache-jwt"); + public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-revocation-jpa"); + public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-revocation2-jpa"); + + final String port; + + public RevocationServiceTest(String port) { + this.port = port; + } + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2RevocationJCache.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2RevocationJCacheJWT.class, true)); + assertTrue("server did not launch correctly", + launchServer(BookServerOAuth2RevocationJPA.class, true)); + } + + @AfterClass + public static void cleanup() throws Exception { + SecurityTestUtil.cleanup(); + } + + @Parameters(name = "{0}") + public static Collection<String> data() { + + return Arrays.asList(JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT); + } + + @org.junit.Test + public void testAccessTokenRevocation() throws Exception { + URL busFile = RevocationServiceTest.class.getResource("client.xml"); + + String address = "https://localhost:"; + port + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code); + assertNotNull(accessToken.getTokenKey()); + + // Now query the token introspection service to make sure the token is valid + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + client.accept("application/json").type("application/x-www-form-urlencoded"); + Form form = new Form(); + form.param("token", accessToken.getTokenKey()); + client.path("introspect/"); + Response response = client.post(form); + + TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class); + assertTrue(tokenIntrospection.isActive()); + + // Now revoke the token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + client.accept("application/json").type("application/x-www-form-urlencoded"); + form = new Form(); + form.param("token", accessToken.getTokenKey()); + client.path("revoke/"); + response = client.post(form); + assertEquals(200, response.getStatus()); + + // Now check the token introspection service again to make sure the token is not valid + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + client.accept("application/json").type("application/x-www-form-urlencoded"); + form = new Form(); + form.param("token", accessToken.getTokenKey()); + client.path("introspect/"); + response = client.post(form); + + tokenIntrospection = response.readEntity(TokenIntrospection.class); + assertFalse(tokenIntrospection.isActive()); + } + + @org.junit.Test + public void testRefreshTokenRevocation() throws Exception { + URL busFile = RevocationServiceTest.class.getResource("client.xml"); + + String address = "https://localhost:"; + port + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code); + assertNotNull(accessToken.getTokenKey()); + assertNotNull(accessToken.getRefreshToken()); + + // Now revoke the refresh token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + client.accept("application/json").type("application/x-www-form-urlencoded"); + Form form = new Form(); + form.param("token", accessToken.getRefreshToken()); + client.path("revoke/"); + Response response = client.post(form); + assertEquals(200, response.getStatus()); + + // Now check we can't get an access token with the revoked refresh token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + client.type("application/x-www-form-urlencoded").accept("application/json"); + + form = new Form(); + form.param("grant_type", "refresh_token"); + form.param("refresh_token", accessToken.getRefreshToken()); + form.param("client_id", "consumer-id"); + client.path("token"); + response = client.post(form); + assertEquals(400, response.getStatus()); + } + + // + // Server implementations + // + + public static class BookServerOAuth2RevocationJCache extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2RevocationJCache.class.getResource("revocation-server-jcache.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2RevocationJCache(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + public static class BookServerOAuth2RevocationJCacheJWT extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2RevocationJCacheJWT.class.getResource("revocation-server-jcache-jwt.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2RevocationJCacheJWT(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + public static class BookServerOAuth2RevocationJPA extends AbstractBusTestServerBase { + private static final URL SERVER_CONFIG_FILE = + BookServerOAuth2RevocationJPA.class.getResource("revocation-server-jpa.xml"); + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new BookServerOAuth2RevocationJPA(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + } + + +} diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache-jwt.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache-jwt.xml new file mode 100644 index 0000000..a846f9e --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache-jwt.xml @@ -0,0 +1,139 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-revocation-jcache-jwt}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-revocation2-jcache-jwt}</value></constructor-arg> + <property name="useJwtFormatForAccessTokens" value="true"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + </list> + </property> + </bean> + + <bean id="tokenRevocationService" class="org.apache.cxf.rs.security.oauth2.services.TokenRevocationService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-revocation-jcache-jwt}/services";> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="tokenService"/> + <ref bean="tokenRevocationService"/> + <ref bean="tokenIntrospectionService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + <jaxrs:properties> + <entry key="security.signature.properties" + value="org/apache/cxf/systest/jaxrs/security/bob.properties"/> + <entry key="rs.security.keystore.type" value="jks" /> + <entry key="rs.security.keystore.alias" value="alice"/> + <entry key="rs.security.keystore.password" value="password"/> + <entry key="rs.security.key.password" value="password"/> + <entry key="rs.security.keystore.file" value="keys/alice.jks" /> + <entry key="rs.security.signature.algorithm" value="RS256" /> + </jaxrs:properties> + </jaxrs:server> + + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache.xml new file mode 100644 index 0000000..9350e9a --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jcache.xml @@ -0,0 +1,128 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-revocation-jcache}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JCacheOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-revocation2-jcache}</value></constructor-arg> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + </list> + </property> + </bean> + + <bean id="tokenRevocationService" class="org.apache.cxf.rs.security.oauth2.services.TokenRevocationService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-revocation-jcache}/services";> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="tokenService"/> + <ref bean="tokenRevocationService"/> + <ref bean="tokenIntrospectionService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + </jaxrs:server> + + +</beans> diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jpa.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jpa.xml new file mode 100644 index 0000000..cb77014 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/revocation-server-jpa.xml @@ -0,0 +1,141 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd + http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd + http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + <cxf:properties> + <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/> + </cxf:properties> + </cxf:bus> + <!-- providers --> + <util:list id="busProviders"> + <ref bean="oauthJson"/> + </util:list> + <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/> + + <httpj:engine-factory id="tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-oauth2-revocation-jpa}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + <httpj:sessionSupport>true</httpj:sessionSupport> + </httpj:engine> + </httpj:engine-factory> + + <bean id="entityManagerFactory" + class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> + <property name="persistenceUnitName" + value="test-hibernate-cxf-systests-rs-security" /> + <property name="jpaPropertyMap"> + <map> + <entry key="hibernate.jdbc.fetch_size" value="400" /> + <entry key="hibernate.jdbc.batch_size" value="100" /> + </map> + </property> + </bean> + + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.JPAOAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-revocation2-jpa}</value></constructor-arg> + <constructor-arg ref="entityManagerFactory"/> + </bean> + + <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandlerLoginHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.grants.CallbackHandlerLoginHandler"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <bean id="passwordGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="loginHandler" ref="callbackHandlerLoginHandler"/> + </bean> + + <bean id="clientCredsGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> + <property name="dataProvider" ref="oauthProvider"/> + <property name="grantHandlers"> + <list> + <ref bean="refreshGrantHandler"/> + <ref bean="passwordGrantHandler"/> + <ref bean="clientCredsGrantHandler"/> + </list> + </property> + </bean> + + <bean id="tokenRevocationService" class="org.apache.cxf.rs.security.oauth2.services.TokenRevocationService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + <bean id="tokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService"> + <property name="dataProvider" ref="oauthProvider"/> + </bean> + + <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/> + <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter"> + <property name="callbackHandler" ref="callbackHandler"/> + </bean> + + <jaxrs:server + depends-on="tls-config" + address="https://localhost:${testutil.ports.jaxrs-oauth2-revocation-jpa}/services";> + <jaxrs:serviceBeans> + <ref bean="authorizationService"/> + <ref bean="tokenService"/> + <ref bean="tokenRevocationService"/> + <ref bean="tokenIntrospectionService"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="basicAuthFilter"/> + </jaxrs:providers> + </jaxrs:server> + + +</beans>
