Search in sources :

Example 6 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JCacheOAuthDataProviderTest method testAddGetDeleteRefreshToken.

@Ignore
@Test
public void testAddGetDeleteRefreshToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = provider.createAccessToken(atr);
    ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(2, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    OAuthPermission perm2 = scopes.get(1);
    assertEquals("refreshToken", perm2.getPermission());
    RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
    assertNotNull(rt);
    assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
    List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
    provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
    assertNull(provider.getRefreshToken(rt.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 7 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken2.

@Test
public void testAddGetDeleteAccessToken2() {
    Client c = addClient("102", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    getProvider().createAccessToken(atr);
    List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    getProvider().removeClient(c.getClientId());
    tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(0, tokens.size());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 8 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class CryptoUtilsTest method testBearerTokenJSON.

@Test
public void testBearerTokenJSON() throws Exception {
    AccessTokenRegistration atr = prepareTokenRegistration();
    BearerAccessToken token = p.createAccessTokenInternal(atr);
    JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
    jsonp.setMarshallAsJaxbElement(true);
    jsonp.setUnmarshallAsJaxbElement(true);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    jsonp.writeTo(token, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
    String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
    String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
    ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes()));
    // compare tokens
    compareAccessTokens(token, token2);
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) ByteArrayInputStream(java.io.ByteArrayInputStream) JSONProvider(org.apache.cxf.jaxrs.provider.json.JSONProvider) BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken) ByteArrayOutputStream(java.io.ByteArrayOutputStream) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 9 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class CustomGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(client);
    return dataProvider.createAccessToken(atr);
}
Also used : AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)

Example 10 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPACMTOAuthDataProviderTest method testRefreshAccessTokenConcurrently.

@Test
public void testRefreshAccessTokenConcurrently() throws Exception {
    getProvider().setRecycleRefreshTokens(false);
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
    atr.setSubject(null);
    final ServerAccessToken at = getProvider().createAccessToken(atr);
    Runnable task = new Runnable() {

        @Override
        public void run() {
            getProvider().refreshAccessToken(c, at.getRefreshToken(), Collections.emptyList());
        }
    };
    Thread th1 = new Thread(task);
    Thread th2 = new Thread(task);
    Thread th3 = new Thread(task);
    th1.start();
    th2.start();
    th3.start();
    th1.join();
    th2.join();
    th3.join();
    assertNotNull(getProvider().getAccessToken(at.getTokenKey()));
    List<RefreshToken> rtl = getProvider().getRefreshTokens(c, null);
    assertNotNull(rtl);
    assertEquals(1, rtl.size());
    List<String> atl = rtl.get(0).getAccessTokens();
    assertNotNull(atl);
    assertEquals(4, atl.size());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test) JPAOAuthDataProviderTest(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProviderTest)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)22 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)21 Test (org.junit.Test)14 Client (org.apache.cxf.rs.security.oauth2.common.Client)12 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)6 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)5 Ignore (org.junit.Ignore)4 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)3 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 JSONProvider (org.apache.cxf.jaxrs.provider.json.JSONProvider)2 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2 SecretKey (javax.crypto.SecretKey)1 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1