Examples with TokenIntrospection org.apache.cxf.rs.security.oauth2.common.TokenIntrospection used on opensource projects

Example 6 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class IntrospectionServiceTest method testTokenIntrospection.

@org.junit.Test
public void testTokenIntrospection() throws Exception {
    URL busFile = IntrospectionServiceTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = OAuth2TestUtils.getAuthorizationCode(client);
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
    assertNotNull(accessToken.getTokenKey());
    // Now query the token introspection service
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    client.accept("application/json").type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("token", accessToken.getTokenKey());
    client.path("introspect/");
    Response response = client.post(form);
    TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
    assertEquals(tokenIntrospection.isActive(), true);
    assertEquals(tokenIntrospection.getUsername(), "alice");
    assertEquals(tokenIntrospection.getClientId(), "consumer-id");
    assertEquals(tokenIntrospection.getScope(), accessToken.getApprovedScope());
    Long validity = tokenIntrospection.getExp() - tokenIntrospection.getIat();
    assertTrue(validity == accessToken.getExpiresIn());
}

Example 7 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project testcases by coheigea.

the class IntrospectionServiceTest method testTokenIntrospectionWithAudience.

@org.junit.Test
public void testTokenIntrospectionWithAudience() throws Exception {
    URL busFile = AuthorizationGrantTest.class.getResource("cxf-client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = getAuthorizationCode(client, null, "consumer-id-aud");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, setupProviders(), "consumer-id-aud", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    String audience = "https://localhost:" + BANK_PORT + "/bankservice/partners/balance";
    ClientAccessToken accessToken = getAccessTokenWithAuthorizationCode(client, code, "consumer-id-aud", audience);
    assertNotNull(accessToken.getTokenKey());
    // Now query the token introspection service
    client = WebClient.create(address, setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    client.accept("application/json").type("application/x-www-form-urlencoded");
    Form form = new Form();
    form.param("token", accessToken.getTokenKey());
    client.path("introspect/");
    Response response = client.post(form);
    TokenIntrospection tokenIntrospection = response.readEntity(TokenIntrospection.class);
    assertEquals(tokenIntrospection.isActive(), true);
    assertEquals(tokenIntrospection.getUsername(), "alice");
    assertEquals(tokenIntrospection.getClientId(), "consumer-id-aud");
    assertEquals(tokenIntrospection.getScope(), accessToken.getApprovedScope());
    Long validity = tokenIntrospection.getExp() - tokenIntrospection.getIat();
    assertTrue(validity == accessToken.getExpiresIn());
    assertEquals(tokenIntrospection.getAud().get(0), audience);
}

Example 8 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class AccessTokenIntrospectionClient method validateAccessToken.

public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
    WebClient client = WebClient.fromClient(tokenValidatorClient, true);
    MultivaluedMap<String, String> props = new MetadataMap<String, String>();
    props.putSingle(OAuthConstants.TOKEN_ID, authSchemeData);
    try {
        TokenIntrospection response = client.post(props, TokenIntrospection.class);
        return convertIntrospectionToValidation(response);
    } catch (WebApplicationException ex) {
        throw new OAuthServiceException(ex);
    }
}

Example 9 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class OAuthJSONProviderTest method testReadTokenIntrospection.

@Test
@SuppressWarnings({ "unchecked", "rawtypes" })
public void testReadTokenIntrospection() throws Exception {
    String response = "{\"active\":true,\"client_id\":\"WjcK94pnec7CyA\",\"username\":\"alice\",\"token_type\":\"Bearer\"" + ",\"scope\":\"a\",\"aud\":\"https://localhost:8082/service\"," + "\"iat\":1453472181,\"exp\":1453475781}";
    OAuthJSONProvider provider = new OAuthJSONProvider();
    TokenIntrospection t = (TokenIntrospection) provider.readFrom((Class) TokenIntrospection.class, TokenIntrospection.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(response.getBytes()));
    assertTrue(t.isActive());
    assertEquals("WjcK94pnec7CyA", t.getClientId());
    assertEquals("alice", t.getUsername());
    assertEquals("a", t.getScope());
    assertEquals(1, t.getAud().size());
    assertEquals("https://localhost:8082/service", t.getAud().get(0));
    assertEquals(1453472181L, t.getIat().longValue());
    assertEquals(1453475781L, t.getExp().longValue());
}

Example 10 with TokenIntrospection

use of org.apache.cxf.rs.security.oauth2.common.TokenIntrospection in project cxf by apache.

the class OAuthJSONProviderTest method testReadTokenIntrospectionSingleAudAsArray.

@Test
@SuppressWarnings({ "unchecked", "rawtypes" })
public void testReadTokenIntrospectionSingleAudAsArray() throws Exception {
    String response = "{\"active\":false,\"client_id\":\"WjcK94pnec7CyA\",\"username\":\"alice\",\"token_type\":\"Bearer\"" + ",\"scope\":\"a\",\"aud\":[\"https://localhost:8082/service\"]," + "\"iat\":1453472181,\"exp\":1453475781}";
    OAuthJSONProvider provider = new OAuthJSONProvider();
    TokenIntrospection t = (TokenIntrospection) provider.readFrom((Class) TokenIntrospection.class, TokenIntrospection.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(response.getBytes()));
    assertFalse(t.isActive());
    assertEquals("WjcK94pnec7CyA", t.getClientId());
    assertEquals("alice", t.getUsername());
    assertEquals("a", t.getScope());
    assertEquals(1, t.getAud().size());
    assertEquals("https://localhost:8082/service", t.getAud().get(0));
    assertEquals(1453472181L, t.getIat().longValue());
    assertEquals(1453475781L, t.getExp().longValue());
}