Examples with OAuth2Options io.vertx.ext.auth.oauth2.OAuth2Options used on opensource projects

Search in sources :

Example 16 with OAuth2Options

use of io.vertx.ext.auth.oauth2.OAuth2Options in project vertx-web by vert-x3.

the class WebClientSessionOauth2Test method testWithAuthenticationWithoutSession2.

@Test
public void testWithAuthenticationWithoutSession2() throws Exception {
    final CountDownLatch latch = new CountDownLatch(1);
    // variation
    final AtomicInteger counter = new AtomicInteger(0);
    server = vertx.createHttpServer().requestHandler(req -> {
        if (req.method() == HttpMethod.POST && "/oauth/token".equals(req.path())) {
            if (counter.incrementAndGet() == 2) {
                fail("Should only request a token 1 time");
            } else {
                assertEquals("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=", req.getHeader("Authorization"));
                req.response().putHeader("Content-Type", "application/json").end(fixture.encode());
            }
        } else if (req.method() == HttpMethod.GET && "/protected/path".equals(req.path())) {
            assertEquals("Bearer " + fixture.getString("access_token"), req.getHeader("Authorization"));
            req.response().end();
        } else {
            req.response().setStatusCode(400).end();
        }
    }).listen(8080, ready -> {
        if (ready.failed()) {
            throw new RuntimeException(ready.cause());
        }
        // ready
        latch.countDown();
    });
    awaitLatch(latch);
    OAuth2Auth oauth2 = OAuth2Auth.create(vertx, new OAuth2Options().setFlow(OAuth2FlowType.CLIENT).setClientId("client-id").setClientSecret("client-secret").setSite("http://localhost:8080"));
    OAuth2WebClient oauth2WebClient = OAuth2WebClient.create(webClient, oauth2);
    final CountDownLatch latchClient1 = new CountDownLatch(1);
    oauth2WebClient.withCredentials(oauthConfig);
    oauth2WebClient.get(8080, "localhost", "/protected/path").send(result -> {
        if (result.failed()) {
            fail(result.cause());
        } else {
            assertEquals(200, result.result().statusCode());
            latchClient1.countDown();
        }
    });
    awaitLatch(latchClient1);
    final CountDownLatch latchClient2 = new CountDownLatch(1);
    // again, but this time we should not get a token
    oauth2WebClient.get(8080, "localhost", "/protected/path").send(result -> {
        if (result.failed()) {
            fail(result.cause());
        } else {
            assertEquals(200, result.result().statusCode());
            latchClient2.countDown();
        }
    });
    awaitLatch(latchClient2);
}
Also used : Oauth2Credentials(io.vertx.ext.auth.oauth2.Oauth2Credentials) Future.succeededFuture(io.vertx.core.Future.succeededFuture) AUTHORIZATION(io.vertx.core.http.HttpHeaders.AUTHORIZATION) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Test(org.junit.Test) Future.failedFuture(io.vertx.core.Future.failedFuture) OAuth2FlowType(io.vertx.ext.auth.oauth2.OAuth2FlowType) Future(io.vertx.core.Future) Supplier(java.util.function.Supplier) TimeUnit(java.util.concurrent.TimeUnit) CountDownLatch(java.util.concurrent.CountDownLatch) Buffer(io.vertx.core.buffer.Buffer) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HttpMethod(io.vertx.core.http.HttpMethod) JsonObject(io.vertx.core.json.JsonObject) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CountDownLatch(java.util.concurrent.CountDownLatch) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Test(org.junit.Test)

Example 17 with OAuth2Options

use of io.vertx.ext.auth.oauth2.OAuth2Options in project vertx-web by vert-x3.

the class WebClientSessionOauth2Test method testWithAuthenticationWithoutSessionExpiredWithLeeway.

@Test
public void testWithAuthenticationWithoutSessionExpiredWithLeeway() throws Exception {
    final CountDownLatch latch = new CountDownLatch(1);
    // variation
    final AtomicInteger counter = new AtomicInteger(0);
    server = vertx.createHttpServer().requestHandler(req -> {
        if (req.method() == HttpMethod.POST && "/oauth/token".equals(req.path())) {
            if (counter.incrementAndGet() == 2) {
                fail("Should only request a token 1 time");
            } else {
                assertEquals("Basic Y2xpZW50LWlkOmNsaWVudC1zZWNyZXQ=", req.getHeader("Authorization"));
                req.response().putHeader("Content-Type", "application/json").end(fixtureExpires.copy().put("calls", counter).encode());
            }
        } else if (req.method() == HttpMethod.GET && "/protected/path".equals(req.path())) {
            assertEquals("Bearer " + fixtureExpires.getString("access_token"), req.getHeader("Authorization"));
            req.response().end();
        } else {
            req.response().setStatusCode(400).end();
        }
    }).listen(8080, ready -> {
        if (ready.failed()) {
            throw new RuntimeException(ready.cause());
        }
        // ready
        latch.countDown();
    });
    awaitLatch(latch);
    OAuth2Auth oauth2 = OAuth2Auth.create(vertx, new OAuth2Options().setFlow(OAuth2FlowType.CLIENT).setClientId("client-id").setClientSecret("client-secret").setSite("http://localhost:8080"));
    OAuth2WebClient oauth2WebClient = OAuth2WebClient.create(webClient, oauth2, new OAuth2WebClientOptions().setLeeway(5));
    final CountDownLatch latchClient1 = new CountDownLatch(1);
    oauth2WebClient.withCredentials(oauthConfig);
    oauth2WebClient.get(8080, "localhost", "/protected/path").send(result -> {
        if (result.failed()) {
            fail(result.cause());
        } else {
            assertEquals(200, result.result().statusCode());
            latchClient1.countDown();
        }
    });
    // sleep so the user expires
    Thread.sleep(2000L);
    awaitLatch(latchClient1);
    final CountDownLatch latchClient2 = new CountDownLatch(1);
    // again, but this time we should not get a token
    oauth2WebClient.get(8080, "localhost", "/protected/path").send(result -> {
        if (result.failed()) {
            fail(result.cause());
        } else {
            assertEquals(200, result.result().statusCode());
            latchClient2.countDown();
        }
    });
    awaitLatch(latchClient2);
}
Also used : Oauth2Credentials(io.vertx.ext.auth.oauth2.Oauth2Credentials) Future.succeededFuture(io.vertx.core.Future.succeededFuture) AUTHORIZATION(io.vertx.core.http.HttpHeaders.AUTHORIZATION) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Test(org.junit.Test) Future.failedFuture(io.vertx.core.Future.failedFuture) OAuth2FlowType(io.vertx.ext.auth.oauth2.OAuth2FlowType) Future(io.vertx.core.Future) Supplier(java.util.function.Supplier) TimeUnit(java.util.concurrent.TimeUnit) CountDownLatch(java.util.concurrent.CountDownLatch) Buffer(io.vertx.core.buffer.Buffer) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HttpMethod(io.vertx.core.http.HttpMethod) JsonObject(io.vertx.core.json.JsonObject) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CountDownLatch(java.util.concurrent.CountDownLatch) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Test(org.junit.Test)

Example 18 with OAuth2Options

use of io.vertx.ext.auth.oauth2.OAuth2Options in project vertx-web by vert-x3.

the class OAuth2AuthHandlerTest method testBearerOnly.

@Test
public void testBearerOnly() throws Exception {
    // lets mock a oauth2 server using code auth code flow
    OAuth2Auth oauth2 = OAuth2Auth.create(vertx, new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientId("client-id"));
    OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(vertx, oauth2);
    // protect everything under /protected
    router.route("/protected/*").handler(oauth2Handler);
    // mount some handler under the protected zone
    router.route("/protected/somepage").handler(rc -> {
        assertNotNull(rc.user());
        rc.response().end("Welcome to the protected resource!");
    });
    testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized");
    // Now try again with fake credentials
    testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer 4adc339e0"), 401, "Unauthorized", "Unauthorized");
}
Also used : OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Test(org.junit.Test)

Example 19 with OAuth2Options

use of io.vertx.ext.auth.oauth2.OAuth2Options in project vertx-web by vert-x3.

the class OAuth2AuthHandlerTest method testAuthCodeFlow.

@Test
public void testAuthCodeFlow() throws Exception {
    // lets mock a oauth2 server using code auth code flow
    OAuth2Auth oauth2 = OAuth2Auth.create(vertx, new OAuth2Options().setClientId("client-id").setFlow(OAuth2FlowType.AUTH_CODE).setClientSecret("client-secret").setSite("http://localhost:10000"));
    final CountDownLatch latch = new CountDownLatch(1);
    HttpServer server = vertx.createHttpServer().requestHandler(req -> {
        if (req.method() == HttpMethod.POST && "/oauth/token".equals(req.path())) {
            req.setExpectMultipart(true).bodyHandler(buffer -> req.response().putHeader("Content-Type", "application/json").end(fixture.encode()));
        } else if (req.method() == HttpMethod.POST && "/oauth/revoke".equals(req.path())) {
            req.setExpectMultipart(true).bodyHandler(buffer -> req.response().end());
        } else {
            req.response().setStatusCode(400).end();
        }
    }).listen(10000, ready -> {
        if (ready.failed()) {
            throw new RuntimeException(ready.cause());
        }
        // ready
        latch.countDown();
    });
    latch.await();
    // create a oauth2 handler on our domain to the callback: "http://localhost:8080/callback"
    OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(vertx, oauth2, "http://localhost:8080/callback");
    // setup the callback handler for receiving the callback
    oauth2Handler.setupCallback(router.route("/callback"));
    // protect everything under /protected
    router.route("/protected/*").handler(oauth2Handler);
    // mount some handler under the protected zone
    router.route("/protected/somepage").handler(rc -> {
        assertNotNull(rc.user());
        rc.response().end("Welcome to the protected resource!");
    });
    testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> {
        // in this case we should get a redirect
        redirectURL = resp.getHeader("Location");
        assertNotNull(redirectURL);
    }, 302, "Found", null);
    // fake the redirect
    testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", null, resp -> {
    }, 200, "OK", "Welcome to the protected resource!");
    server.close();
}
Also used : JWK(io.vertx.ext.auth.impl.jose.JWK) MessageDigest(java.security.MessageDigest) HttpServer(io.vertx.core.http.HttpServer) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Router(io.vertx.ext.web.Router) Test(org.junit.Test) OAuth2FlowType(io.vertx.ext.auth.oauth2.OAuth2FlowType) AtomicReference(java.util.concurrent.atomic.AtomicReference) StandardCharsets(java.nio.charset.StandardCharsets) PubSecKeyOptions(io.vertx.ext.auth.PubSecKeyOptions) JWTOptions(io.vertx.ext.auth.JWTOptions) CountDownLatch(java.util.concurrent.CountDownLatch) Base64(java.util.Base64) SessionStore(io.vertx.ext.web.sstore.SessionStore) HttpMethod(io.vertx.core.http.HttpMethod) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JsonObject(io.vertx.core.json.JsonObject) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) JWT(io.vertx.ext.auth.impl.jose.JWT) WebTestBase(io.vertx.ext.web.WebTestBase) HttpServer(io.vertx.core.http.HttpServer) CountDownLatch(java.util.concurrent.CountDownLatch) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Test(org.junit.Test)

Example 20 with OAuth2Options

use of io.vertx.ext.auth.oauth2.OAuth2Options in project vertx-web by vert-x3.

the class OAuth2AuthHandlerTest method testAuthCodeFlowBypass.

@Test
public void testAuthCodeFlowBypass() throws Exception {
    // lets mock a oauth2 server using code auth code flow
    OAuth2Auth oauth2 = OAuth2Auth.create(vertx, new OAuth2Options().setClientId("client-id").setFlow(OAuth2FlowType.AUTH_CODE).setClientSecret("client-secret").setSite("http://localhost:10000"));
    final CountDownLatch latch = new CountDownLatch(1);
    HttpServer server = vertx.createHttpServer().requestHandler(req -> {
        if (req.method() == HttpMethod.POST && "/oauth/token".equals(req.path())) {
            req.setExpectMultipart(true).bodyHandler(buffer -> req.response().setStatusCode(400).putHeader("Content-Type", "application/json").end(new JsonObject().put("error", 400).put("error_description", "invalid code").encode()));
        } else if (req.method() == HttpMethod.POST && "/oauth/revoke".equals(req.path())) {
            req.setExpectMultipart(true).bodyHandler(buffer -> req.response().end());
        } else {
            req.response().setStatusCode(400).end();
        }
    }).listen(10000, ready -> {
        if (ready.failed()) {
            throw new RuntimeException(ready.cause());
        }
        // ready
        latch.countDown();
    });
    latch.await();
    // create a oauth2 handler on our domain to the callback: "http://localhost:8080/callback"
    OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(vertx, oauth2, "http://localhost:8080/callback");
    // setup the callback handler for receiving the callback
    oauth2Handler.setupCallback(router.route("/callback"));
    // protect everything under /protected
    router.route("/protected/*").handler(oauth2Handler);
    // mount some handler under the protected zone
    router.route("/protected/somepage").handler(rc -> {
        assertNotNull(rc.user());
        rc.response().end("Welcome to the protected resource!");
    });
    // fake the redirect
    testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", 500, "Internal Server Error");
    server.close();
}
Also used : JWK(io.vertx.ext.auth.impl.jose.JWK) MessageDigest(java.security.MessageDigest) HttpServer(io.vertx.core.http.HttpServer) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Router(io.vertx.ext.web.Router) Test(org.junit.Test) OAuth2FlowType(io.vertx.ext.auth.oauth2.OAuth2FlowType) AtomicReference(java.util.concurrent.atomic.AtomicReference) StandardCharsets(java.nio.charset.StandardCharsets) PubSecKeyOptions(io.vertx.ext.auth.PubSecKeyOptions) JWTOptions(io.vertx.ext.auth.JWTOptions) CountDownLatch(java.util.concurrent.CountDownLatch) Base64(java.util.Base64) SessionStore(io.vertx.ext.web.sstore.SessionStore) HttpMethod(io.vertx.core.http.HttpMethod) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JsonObject(io.vertx.core.json.JsonObject) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) JWT(io.vertx.ext.auth.impl.jose.JWT) WebTestBase(io.vertx.ext.web.WebTestBase) HttpServer(io.vertx.core.http.HttpServer) JsonObject(io.vertx.core.json.JsonObject) CountDownLatch(java.util.concurrent.CountDownLatch) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) Test(org.junit.Test)

Aggregations

OAuth2Options (io.vertx.ext.auth.oauth2.OAuth2Options)22 OAuth2Auth (io.vertx.ext.auth.oauth2.OAuth2Auth)21 Test (org.junit.Test)19 JsonObject (io.vertx.core.json.JsonObject)18 OAuth2FlowType (io.vertx.ext.auth.oauth2.OAuth2FlowType)17 CountDownLatch (java.util.concurrent.CountDownLatch)17 HttpMethod (io.vertx.core.http.HttpMethod)16 JWTOptions (io.vertx.ext.auth.JWTOptions)10 Future (io.vertx.core.Future)9 Buffer (io.vertx.core.buffer.Buffer)9 PubSecKeyOptions (io.vertx.ext.auth.PubSecKeyOptions)9 JWK (io.vertx.ext.auth.impl.jose.JWK)9 JWT (io.vertx.ext.auth.impl.jose.JWT)9 SessionStore (io.vertx.ext.web.sstore.SessionStore)9 Future.failedFuture (io.vertx.core.Future.failedFuture)8 Future.succeededFuture (io.vertx.core.Future.succeededFuture)8 AUTHORIZATION (io.vertx.core.http.HttpHeaders.AUTHORIZATION)8 HttpServer (io.vertx.core.http.HttpServer)8 Oauth2Credentials (io.vertx.ext.auth.oauth2.Oauth2Credentials)8 Router (io.vertx.ext.web.Router)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial