use of org.apache.cxf.rs.security.oauth2.client.Consumer in project cxf by apache.
the class IntrospectionServiceTest method testTokenIntrospectionWithAudience.
@org.junit.Test
public void testTokenIntrospectionWithAudience() throws Exception {
URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud");
assertNotNull(code);
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id-aud", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
String audience = "https://localhost:" + PORT2 + "/secured/bookstore/books";
ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id-aud", audience);
assertNotNull(accessToken.getTokenKey());
// Now query the token introspection service
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
client.accept("application/json").type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("token", accessToken.getTokenKey());
client.path("introspect/");
Response response = client.post(form);
TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
assertEquals(tokenIntrospection.isActive(), true);
assertEquals(tokenIntrospection.getUsername(), "alice");
assertEquals(tokenIntrospection.getClientId(), "consumer-id-aud");
assertEquals(tokenIntrospection.getScope(), accessToken.getApprovedScope());
Long validity = tokenIntrospection.getExp() - tokenIntrospection.getIat();
assertTrue(validity == accessToken.getExpiresIn());
assertEquals(tokenIntrospection.getAud().get(0), audience);
}
use of org.apache.cxf.rs.security.oauth2.client.Consumer in project cxf by apache.
the class IntrospectionServiceTest method testInvalidToken.
@org.junit.Test
public void testInvalidToken() throws Exception {
URL busFile = IntrospectionServiceTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client);
assertNotNull(code);
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
// Now query the token introspection service
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
client.accept("application/json").type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("token", accessToken.getTokenKey() + "-xyz");
client.path("introspect/");
Response response = client.post(form);
TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
assertEquals(tokenIntrospection.isActive(), false);
}
use of org.apache.cxf.rs.security.oauth2.client.Consumer in project cxf by apache.
the class IntrospectionServiceTest method testTokenIntrospectionWithScope.
@org.junit.Test
public void testTokenIntrospectionWithScope() throws Exception {
URL busFile = IntrospectionServiceTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance");
assertNotNull(code);
// Now get the access token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
assertTrue(accessToken.getApprovedScope().contains("read_balance"));
// Now query the token introspection service
client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
client.accept("application/json").type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("token", accessToken.getTokenKey());
client.path("introspect/");
Response response = client.post(form);
TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
assertEquals(tokenIntrospection.isActive(), true);
assertEquals(tokenIntrospection.getUsername(), "alice");
assertEquals(tokenIntrospection.getClientId(), "consumer-id");
assertEquals(tokenIntrospection.getScope(), accessToken.getApprovedScope());
Long validity = tokenIntrospection.getExp() - tokenIntrospection.getIat();
assertTrue(validity == accessToken.getExpiresIn());
}
use of org.apache.cxf.rs.security.oauth2.client.Consumer in project cxf by apache.
the class JAXRSOAuth2Test method testConfidentialClientIdAndSecret.
@Test
public void testConfidentialClientIdAndSecret() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2/token";
WebClient wc = createWebClient(address);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("fred", "password"), new CustomGrant(), false);
assertNotNull(at.getTokenKey());
}
use of org.apache.cxf.rs.security.oauth2.client.Consumer in project cxf by apache.
the class JAXRSOAuth2Test method testPublicClientIdOnly.
@Test
public void testPublicClientIdOnly() throws Exception {
String address = "http://localhost:" + BookServerOAuth2.PORT_PUBLIC + "/oauth2Public/token";
WebClient wc = WebClient.create(address);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("fredPublic"), new CustomGrant(), false);
assertNotNull(at.getTokenKey());
}
Aggregations