Example 6 with AccessTokenRegistration
use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.
the class JCacheOAuthDataProviderTest method testAddGetDeleteRefreshToken.
@Ignore
@Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = provider.createAccessToken(atr);
ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(2, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
OAuthPermission perm2 = scopes.get(1);
assertEquals("refreshToken", perm2.getPermission());
RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
assertNotNull(rt);
assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
assertNull(provider.getRefreshToken(rt.getTokenKey()));
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 7 with AccessTokenRegistration
use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken2.
@Test
public void testAddGetDeleteAccessToken2() {
Client c = addClient("102", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
getProvider().createAccessToken(atr);
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
getProvider().removeClient(c.getClientId());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(0, tokens.size());
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 8 with AccessTokenRegistration
use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.
the class CryptoUtilsTest method testBearerTokenJSON.
@Test
public void testBearerTokenJSON() throws Exception {
AccessTokenRegistration atr = prepareTokenRegistration();
BearerAccessToken token = p.createAccessTokenInternal(atr);
JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
jsonp.setMarshallAsJaxbElement(true);
jsonp.setUnmarshallAsJaxbElement(true);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
jsonp.writeTo(token, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes()));
// compare tokens
compareAccessTokens(token, token2);
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JSONProvider(org.apache.cxf.jaxrs.provider.json.JSONProvider)
BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 9 with AccessTokenRegistration
use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.
the class CustomGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(client);
return dataProvider.createAccessToken(atr);
}
Also used :
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Example 10 with AccessTokenRegistration
use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.
the class JPACMTOAuthDataProviderTest method testRefreshAccessTokenConcurrently.
@Test
public void testRefreshAccessTokenConcurrently() throws Exception {
getProvider().setRecycleRefreshTokens(false);
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
atr.setSubject(null);
final ServerAccessToken at = getProvider().createAccessToken(atr);
Runnable task = new Runnable() {
@Override
public void run() {
getProvider().refreshAccessToken(c, at.getRefreshToken(), Collections.emptyList());
}
};
Thread th1 = new Thread(task);
Thread th2 = new Thread(task);
Thread th3 = new Thread(task);
th1.start();
th2.start();
th3.start();
th1.join();
th2.join();
th3.join();
assertNotNull(getProvider().getAccessToken(at.getTokenKey()));
List<RefreshToken> rtl = getProvider().getRefreshTokens(c, null);
assertNotNull(rtl);
assertEquals(1, rtl.size());
List<String> atl = rtl.get(0).getAccessTokens();
assertNotNull(atl);
assertEquals(4, atl.size());
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
JPAOAuthDataProviderTest(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProviderTest)
Aggregations
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)22
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)21
Test (org.junit.Test)14
Client (org.apache.cxf.rs.security.oauth2.common.Client)12
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)6
BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)5
Ignore (org.junit.Ignore)4
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)3
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
KeyPair (java.security.KeyPair)2
KeyPairGenerator (java.security.KeyPairGenerator)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
JSONProvider (org.apache.cxf.jaxrs.provider.json.JSONProvider)2
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2
SecretKey (javax.crypto.SecretKey)1
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
