Example 36 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteAccessToken.
@Test
public void testAddGetDeleteAccessToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(1, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
tokens = getProvider().getAccessTokens(null, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
tokens = getProvider().getAccessTokens(null, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
getProvider().revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
assertNull(getProvider().getAccessToken(at.getTokenKey()));
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 37 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteMultipleAccessToken.
/**
* Checks that having multiple token each with its own
* userSubject (but having same login) works.
*/
@Test
public void testAddGetDeleteMultipleAccessToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
at = getProvider().getAccessToken(at.getTokenKey());
AccessTokenRegistration atr2 = new AccessTokenRegistration();
atr2.setClient(c);
atr2.setApprovedScope(Collections.singletonList("a"));
atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
ServerAccessToken at2 = getProvider().createAccessToken(atr2);
at2 = getProvider().getAccessToken(at2.getTokenKey());
assertNotNull(at.getSubject().getId());
assertTrue(at.getSubject() instanceof UserSubject);
assertNotNull(at2.getSubject().getId());
assertTrue(at2.getSubject() instanceof TestingUserSubject);
assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 38 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteAccessTokenWithNullSubject.
@Test
@Ignore("uncomment when CXF-7264 is fixed")
public void testAddGetDeleteAccessTokenWithNullSubject() {
Client c = addClient("102", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(null);
getProvider().createAccessToken(atr);
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
getProvider().removeClient(c.getClientId());
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(0, tokens.size());
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 39 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractOAuthDataProvider method getPreauthorizedToken.
@Override
public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException {
if (!isSupportPreauthorizedTokens()) {
return null;
}
ServerAccessToken token = null;
for (ServerAccessToken at : getAccessTokens(client, sub)) {
if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) {
token = at;
break;
}
}
if (token != null && OAuthUtils.isExpired(token.getIssuedAt(), token.getExpiresIn())) {
revokeToken(client, token.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
token = null;
}
return token;
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Example 40 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractOAuthDataProvider method handleLinkedRefreshToken.
protected void handleLinkedRefreshToken(ServerAccessToken accessToken) {
if (accessToken != null && accessToken.getRefreshToken() != null) {
RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
if (rt == null) {
return;
}
unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
if (rt.getAccessTokens().isEmpty()) {
revokeRefreshToken(rt.getTokenKey());
} else {
saveRefreshToken(rt);
}
}
}
Also used :
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
Aggregations
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24
Client (org.apache.cxf.rs.security.oauth2.common.Client)24
Test (org.junit.Test)21
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11
BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6
ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6
JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5
ArrayList (java.util.ArrayList)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
LinkedList (java.util.LinkedList)3
Map (java.util.Map)3
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3
Ignore (org.junit.Ignore)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
