use of org.apache.cxf.rs.security.oauth2.common.Client in project testcases by coheigea.
the class BalanceServiceTest method testPartnerServiceWithToken.
@org.junit.Test
public void testPartnerServiceWithToken() throws Exception {
URL busFile = BalanceServiceTest.class.getResource("cxf-client.xml");
// Create an initial account at the bank
String address = "https://localhost:" + PORT + "/bankservice/customers/balance";
WebClient client = WebClient.create(address, "bob", "security", busFile.toString());
client.type("text/plain").accept("text/plain");
client.path("/bob");
client.post(40);
// Get Authorization Code (as "bob")
String oauthService = "https://localhost:" + OAUTH_PORT + "/services/";
WebClient oauthClient = WebClient.create(oauthService, setupProviders(), "bob", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
String code = getAuthorizationCode(oauthClient);
assertNotNull(code);
// Now get the access token
oauthClient = WebClient.create(oauthService, setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
ClientAccessToken accessToken = getAccessTokenWithAuthorizationCode(oauthClient, code, "http://www.blah.apache.org");
assertNotNull(accessToken.getTokenKey());
// Now invoke on the service with the access token
String partnerAddress = "https://localhost:" + PORT + "/bankservice/partners/balance";
WebClient partnerClient = WebClient.create(partnerAddress, busFile.toString());
partnerClient.type("text/plain").accept("text/plain");
partnerClient.header("Authorization", "Bearer " + accessToken.getTokenKey());
partnerClient.path("/bob");
// Now make a service invocation with the access token
Response serviceResponse = partnerClient.get();
assertEquals(serviceResponse.getStatus(), 200);
assertEquals(serviceResponse.readEntity(Integer.class).intValue(), 40);
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project testcases by coheigea.
the class BalanceServiceTest method testPartnerServiceWithTokenUsingAudience.
@org.junit.Test
public void testPartnerServiceWithTokenUsingAudience() throws Exception {
URL busFile = BalanceServiceTest.class.getResource("cxf-client.xml");
// Create an initial account at the bank
String address = "https://localhost:" + PORT + "/bankservice/customers/balance";
WebClient client = WebClient.create(address, "bob", "security", busFile.toString());
client.type("text/plain").accept("text/plain");
client.path("/bob");
client.post(40);
// Get Authorization Code (as "bob")
String oauthService = "https://localhost:" + OAUTH_PORT + "/services/";
WebClient oauthClient = WebClient.create(oauthService, setupProviders(), "bob", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
String code = getAuthorizationCode(oauthClient, null, "consumer-id-aud");
assertNotNull(code);
// Now get the access token
oauthClient = WebClient.create(oauthService, setupProviders(), "consumer-id-aud", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
String partnerAddress = "https://localhost:" + PORT + "/bankservice/partners/balance";
ClientAccessToken accessToken = getAccessTokenWithAuthorizationCode(oauthClient, code, "consumer-id-aud", partnerAddress, "http://www.blah.apache.org");
assertNotNull(accessToken.getTokenKey());
// Now invoke on the service with the access token
WebClient partnerClient = WebClient.create(partnerAddress, busFile.toString());
partnerClient.type("text/plain").accept("text/plain");
partnerClient.header("Authorization", "Bearer " + accessToken.getTokenKey());
partnerClient.path("/bob");
// Now make a service invocation with the access token
Response serviceResponse = partnerClient.get();
assertEquals(serviceResponse.getStatus(), 200);
assertEquals(serviceResponse.readEntity(Integer.class).intValue(), 40);
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project testcases by coheigea.
the class JWTRequestTest method getAuthorizationCode.
private String getAuthorizationCode(WebClient client, String scope, String nonce, String state, String consumerId, String request) {
// Make initial authorization request
client.type("application/json").accept("application/json");
client.query("client_id", consumerId);
client.query("redirect_uri", "http://www.blah.apache.org");
client.query("response_type", "code");
if (scope != null) {
client.query("scope", scope);
}
if (nonce != null) {
client.query("nonce", nonce);
}
if (state != null) {
client.query("state", state);
}
if (request != null) {
client.query("request", request);
}
client.path("authorize/");
Response response = client.get();
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
// Now call "decision" to get the authorization code grant
client.path("decision");
client.type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("session_authenticity_token", authzData.getAuthenticityToken());
form.param("client_id", authzData.getClientId());
form.param("redirect_uri", authzData.getRedirectUri());
if (authzData.getNonce() != null) {
form.param("nonce", authzData.getNonce());
}
if (authzData.getProposedScope() != null) {
form.param("scope", authzData.getProposedScope());
}
if (authzData.getState() != null) {
form.param("state", authzData.getState());
}
form.param("oauthDecision", "allow");
response = client.post(form);
String location = response.getHeaderString("Location");
if (state != null) {
Assert.assertTrue(location.contains("state=" + state));
}
return getSubstring(location, "code");
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project testcases by coheigea.
the class BalanceServiceTest method makeAuthorizationCodeInvocation.
private String makeAuthorizationCodeInvocation(WebClient client) {
// Make initial authorization request
client.type("application/json").accept("application/json");
Response response = client.get();
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
// Now call "decision" to get the authorization code grant
client.path("decision");
client.type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("session_authenticity_token", authzData.getAuthenticityToken());
form.param("client_id", authzData.getClientId());
form.param("redirect_uri", authzData.getRedirectUri());
if (authzData.getProposedScope() != null) {
form.param("scope", authzData.getProposedScope());
}
form.param("state", authzData.getState());
form.param("oauthDecision", "allow");
response = client.post(form);
return response.getHeaderString("Location");
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project testcases by coheigea.
the class UserInfoTest method getAuthorizationCode.
private String getAuthorizationCode(WebClient client, String scope, String nonce, String state, String consumerId) {
// Make initial authorization request
client.type("application/json").accept("application/json");
client.query("client_id", consumerId);
client.query("redirect_uri", "http://www.blah.apache.org");
client.query("response_type", "code");
if (scope != null) {
client.query("scope", scope);
}
if (nonce != null) {
client.query("nonce", nonce);
}
if (state != null) {
client.query("state", state);
}
client.path("authorize/");
Response response = client.get();
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
// Now call "decision" to get the authorization code grant
client.path("decision");
client.type("application/x-www-form-urlencoded");
Form form = new Form();
form.param("session_authenticity_token", authzData.getAuthenticityToken());
form.param("client_id", authzData.getClientId());
form.param("redirect_uri", authzData.getRedirectUri());
if (authzData.getNonce() != null) {
form.param("nonce", authzData.getNonce());
}
if (authzData.getProposedScope() != null) {
form.param("scope", authzData.getProposedScope());
}
if (authzData.getState() != null) {
form.param("state", authzData.getState());
}
form.param("oauthDecision", "allow");
response = client.post(form);
String location = response.getHeaderString("Location");
if (state != null) {
Assert.assertTrue(location.contains("state=" + state));
}
return getSubstring(location, "code");
}
Aggregations