use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class CryptoUtilsTest method testBearerTokenJSON.
@Test
public void testBearerTokenJSON() throws Exception {
AccessTokenRegistration atr = prepareTokenRegistration();
BearerAccessToken token = p.createAccessTokenInternal(atr);
JSONProvider<BearerAccessToken> jsonp = new JSONProvider<>();
jsonp.setMarshallAsJaxbElement(true);
jsonp.setUnmarshallAsJaxbElement(true);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
jsonp.writeTo(token, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes()));
// compare tokens
compareAccessTokens(token, token2);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class CryptoUtilsTest method compareAccessTokens.
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
assertEquals(token.getTokenKey(), token2.getTokenKey());
assertEquals(token.getTokenType(), token2.getTokenType());
assertEquals(token.getIssuedAt(), token2.getIssuedAt());
assertEquals(token.getExpiresIn(), token2.getExpiresIn());
Client regClient1 = token.getClient();
Client regClient2 = token2.getClient();
assertEquals(regClient1.getClientId(), regClient2.getClientId());
assertNull(regClient2.getApplicationDescription());
UserSubject endUser1 = token.getSubject();
UserSubject endUser2 = token2.getSubject();
assertEquals(endUser1.getLogin(), endUser2.getLogin());
assertEquals(endUser1.getId(), endUser2.getId());
assertEquals(endUser1.getRoles(), endUser2.getRoles());
assertEquals(token.getRefreshToken(), token2.getRefreshToken());
assertEquals(token.getAudiences(), token2.getAudiences());
assertEquals(token.getGrantType(), token2.getGrantType());
assertEquals(token.getParameters(), token2.getParameters());
List<OAuthPermission> permissions = token.getScopes();
List<OAuthPermission> permissions2 = token2.getScopes();
assertEquals(1, permissions.size());
assertEquals(1, permissions2.size());
OAuthPermission perm1 = permissions.get(0);
OAuthPermission perm2 = permissions2.get(0);
assertEquals(perm1.getPermission(), perm2.getPermission());
assertEquals(perm1.getDescription(), perm2.getDescription());
RefreshToken refreshToken = ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
assertEquals(1200L, refreshToken.getExpiresIn());
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class CustomGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(client);
return dataProvider.createAccessToken(atr);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method tearDownClient.
protected void tearDownClient(String clientId) {
if (getProvider() == null) {
return;
}
Client client = getProvider().getClient(clientId);
if (client != null) {
List<RefreshToken> refreshTokens = getProvider().getRefreshTokens(client, null);
for (RefreshToken refreshToken : refreshTokens) {
getProvider().revokeToken(client, refreshToken.getTokenKey(), refreshToken.getTokenType());
}
List<ServerAccessToken> accessTokens = getProvider().getAccessTokens(client, null);
for (ServerAccessToken accessToken : accessTokens) {
getProvider().revokeToken(client, accessToken.getTokenKey(), accessToken.getTokenType());
}
getProvider().removeClient(clientId);
}
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteRefreshToken.
@Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(2, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
OAuthPermission perm2 = scopes.get(1);
assertEquals("refreshToken", perm2.getPermission());
RefreshToken rt = getProvider().getRefreshToken(at2.getRefreshToken());
assertNotNull(rt);
assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
List<RefreshToken> tokens = getProvider().getRefreshTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
getProvider().revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
assertNull(getProvider().getRefreshToken(rt.getTokenKey()));
}
Aggregations