This is an automated email from the ASF dual-hosted git repository. liubao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit cb6d5b0b587a8a3bf36927fc604d580ac4fe468e Author: liubao <[email protected]> AuthorDate: Thu Jul 11 11:40:02 2019 +0800 [SCB-1365]demonstrates access token & id token authentication --- .../authentication/util/CommonConstants.java | 6 ++- .../authentication/edge/AuthHandler.java | 4 +- .../authentication/edge/AuthenticationFilter.java | 5 +-- .../authentication/AuthenticationTestCase.java | 44 ++++++++++++++-------- .../authentication/TokenExpireTestCase.java | 22 ++++++++--- 5 files changed, 53 insertions(+), 28 deletions(-) diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java index 03ee62e..dad8891 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java @@ -22,13 +22,15 @@ public final class CommonConstants { public static final String HTTP_HEADER_AUTHORIZATION = "Authorization"; + public static final String HTTP_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE"; + public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization"; public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE"; - public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN"; + public static final String AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN"; - public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN = "SESSION_TOKEN"; + public static final String AUTHORIZATION_TYPE_ACCESS_TOKEN = "ACCESS_TOKEN"; public static final String CONTEXT_HEADER_CLAIMS = "Claims"; diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java index e99e90c..b91d75f 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java @@ -41,7 +41,7 @@ public class AuthHandler implements Handler { OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE); - if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) { + if (CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) { JWTToken jwtToken = openIDTokenStore.createIDTokenByValue(token); if (jwtToken == null || jwtToken.isExpired()) { asyncResponse.consumerFail(new InvocationException(403, "forbidden", "token expired or not valid.")); @@ -51,7 +51,7 @@ public class AuthHandler implements Handler { // send id_token to services to apply state less validation invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue()); invocation.next(asyncResponse); - } else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) { + } else if (CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN.equals(tokenType)) { CompletableFuture<OpenIDToken> openIDTokenFuture = openIDTokenStore.readTokenByAccessToken(token); openIDTokenFuture.whenComplete((res, ex) -> { if (openIDTokenFuture.isCompletedExceptionally() || res == null || res.isExpired()) { diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java index 8a31649..56733c3 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java @@ -32,16 +32,15 @@ public class AuthenticationFilter implements HttpServerFilter { @Override public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) { - // Now support bearer id tokens authentication - // TODO : add support for Cookies session tokens. String authentication = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION); + String type = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION_TYPE); if (authentication != null) { String[] tokens = authentication.split(" "); if (tokens.length == 2) { if (tokens[0].equals(CommonConstants.TOKEN_TYPE_BEARER)) { invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]); invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE, - CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN); + type == null ? CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN : type); } } } diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java index 7acb34d..357e3c1 100644 --- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java +++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java @@ -31,16 +31,24 @@ import org.springframework.web.client.HttpClientErrorException; public class AuthenticationTestCase implements TestCase { @Override public void run() { - String idToken = idToken(); - testHanlderAuth(idToken); - testMethodAuth(idToken); - - idToken = idTokenByRefreshToken(); - testHanlderAuth(idToken); - testMethodAuth(idToken); + TokenResponse token = getTokenByPassword(); + testHanlderAuth(token.getAccess_token(), null); + testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN); + testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN); + testMethodAuth(token.getAccess_token(), null); + testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN); + testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN); + + token = getTokenByRefreshToken(); + testHanlderAuth(token.getAccess_token(), null); + testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN); + testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN); + testMethodAuth(token.getAccess_token(), null); + testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN); + testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN); } - private String idToken() { + private TokenResponse getTokenByPassword() { // get token MultiValueMap<String, Object> map = new LinkedMultiValueMap<>(); map.add("grant_type", "password"); @@ -56,10 +64,10 @@ public class AuthenticationTestCase implements TestCase { TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type()); TestMgr.check(true, token.getId_token().length() > 10); TestMgr.check(600, token.getExpires_in()); - return token.getId_token(); + return token; } - private String idTokenByRefreshToken() { + private TokenResponse getTokenByRefreshToken() { // get token MultiValueMap<String, Object> map = new LinkedMultiValueMap<>(); map.add("grant_type", "password"); @@ -89,14 +97,17 @@ public class AuthenticationTestCase implements TestCase { TestMgr.check(token.getAccess_token().equals(tokenNew.getAccess_token()), false); TestMgr.check(token.getId_token().equals(tokenNew.getId_token()), false); - return tokenNew.getId_token(); + return tokenNew; } - private void testHanlderAuth(String accessToken) { + private void testHanlderAuth(String token, String type) { // get resources HttpHeaders headers = new HttpHeaders(); headers = new HttpHeaders(); - headers.add("Authorization", "Bearer " + accessToken); + headers.add("Authorization", "Bearer " + token); + if (type != null) { + headers.add("Authorization-Type", type); + } headers.setContentType(MediaType.APPLICATION_JSON); String name; name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi", @@ -126,11 +137,14 @@ public class AuthenticationTestCase implements TestCase { TestMgr.check(null, name); } - private void testMethodAuth(String accessToken) { + private void testMethodAuth(String token, String type) { // get resources HttpHeaders headers = new HttpHeaders(); - headers.add("Authorization", "Bearer " + accessToken); + headers.add("Authorization", "Bearer " + token); headers.setContentType(MediaType.APPLICATION_JSON); + if (type != null) { + headers.add("Authorization-Type", type); + } String name; name = BootEventListener.resouceServerMethodAuthEndpoint.postForObject("/everyoneSayHello?name=Hi", new HttpEntity<>(headers), diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java index 766aba0..2a95b1e 100644 --- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java +++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java @@ -31,11 +31,18 @@ import org.springframework.web.client.HttpClientErrorException; public class TokenExpireTestCase implements TestCase { @Override public void run() { - String idToken = idToken(); - testHanlderAuth(idToken); + // This test case will wait expiration for 3 seconds per run. Do not give too much tests. + TokenResponse token = getTokenByPassword(); + testHanlderAuth(token.getAccess_token(), null); + // expired. create new for next test. + token = getTokenByPassword(); + testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN); + // expired. create new for next test. + token = getTokenByPassword(); + testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN); } - private String idToken() { + private TokenResponse getTokenByPassword() { // get token MultiValueMap<String, Object> map = new LinkedMultiValueMap<>(); map.add("grant_type", "password"); @@ -51,14 +58,17 @@ public class TokenExpireTestCase implements TestCase { TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type()); TestMgr.check(3, token.getExpires_in()); TestMgr.check(true, token.getId_token().length() > 10); - return token.getId_token(); + return token; } - private void testHanlderAuth(String accessToken) { + private void testHanlderAuth(String token, String type) { // get resources HttpHeaders headers = new HttpHeaders(); headers = new HttpHeaders(); - headers.add("Authorization", "Bearer " + accessToken); + headers.add("Authorization", "Bearer " + token); + if (type != null) { + headers.add("Authorization-Type", type); + } headers.setContentType(MediaType.APPLICATION_JSON); String name; name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",
