Examples with AccessTokenRegistration org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration used on opensource projects

Search in sources :

Example 11 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteRefreshToken.

@Test
public void testAddGetDeleteRefreshToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = getProvider().createAccessToken(atr);
    ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(2, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    OAuthPermission perm2 = scopes.get(1);
    assertEquals("refreshToken", perm2.getPermission());
    RefreshToken rt = getProvider().getRefreshToken(at2.getRefreshToken());
    assertNotNull(rt);
    assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
    List<RefreshToken> tokens = getProvider().getRefreshTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
    getProvider().revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
    assertNull(getProvider().getRefreshToken(rt.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 12 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken.

@Test
public void testAddGetDeleteAccessToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = getProvider().createAccessToken(atr);
    ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    List<OAuthPermission> scopes = at2.getScopes();
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    OAuthPermission perm = scopes.get(0);
    assertEquals("a", perm.getPermission());
    List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = getProvider().getAccessTokens(null, c.getResourceOwnerSubject());
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    tokens = getProvider().getAccessTokens(null, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
    getProvider().revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
    assertNull(getProvider().getAccessToken(at.getTokenKey()));
}
Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 13 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteMultipleAccessToken.

/**
 * Checks that having multiple token each with its own
 * userSubject (but having same login) works.
 */
@Test
public void testAddGetDeleteMultipleAccessToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = getProvider().createAccessToken(atr);
    at = getProvider().getAccessToken(at.getTokenKey());
    AccessTokenRegistration atr2 = new AccessTokenRegistration();
    atr2.setClient(c);
    atr2.setApprovedScope(Collections.singletonList("a"));
    atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
    ServerAccessToken at2 = getProvider().createAccessToken(atr2);
    at2 = getProvider().getAccessToken(at2.getTokenKey());
    assertNotNull(at.getSubject().getId());
    assertTrue(at.getSubject() instanceof UserSubject);
    assertNotNull(at2.getSubject().getId());
    assertTrue(at2.getSubject() instanceof TestingUserSubject);
    assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
    assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 14 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteAccessTokenWithNullSubject.

@Test
@Ignore("uncomment when CXF-7264 is fixed")
public void testAddGetDeleteAccessTokenWithNullSubject() {
    Client c = addClient("102", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(null);
    getProvider().createAccessToken(atr);
    List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    getProvider().removeClient(c.getClientId());
    tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(0, tokens.size());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 15 with AccessTokenRegistration

use of org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration in project cxf by apache.

the class CryptoUtilsTest method prepareTokenRegistration.

private AccessTokenRegistration prepareTokenRegistration() {
    AccessTokenRegistration atr = new AccessTokenRegistration();
    Client regClient = p.getClient("1");
    atr.setClient(regClient);
    atr.setGrantType("code");
    atr.setAudiences(Collections.singletonList("http://localhost"));
    UserSubject endUser = new UserSubject("Barry", "BarryId");
    atr.setSubject(endUser);
    endUser.setRoles(Collections.singletonList("role1"));
    return atr;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)

Aggregations

ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)22 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)21 Test (org.junit.Test)14 Client (org.apache.cxf.rs.security.oauth2.common.Client)12 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)6 BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)5 Ignore (org.junit.Ignore)4 UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)3 RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 JSONProvider (org.apache.cxf.jaxrs.provider.json.JSONProvider)2 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2 SecretKey (javax.crypto.SecretKey)1 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial