Examples with CodeVerifierTransformer org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer used on opensource projects

Search in sources :

Example 1 with CodeVerifierTransformer

use of org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer in project cxf by apache.

the class PublicClientTest method testAuthorizationCodeGrantNoRedirectURI.

@org.junit.Test
public void testAuthorizationCodeGrantNoRedirectURI() throws Exception {
    URL busFile = PublicClientTest.class.getResource("publicclient.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    try {
        // Get Authorization Code
        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
        parameters.setConsumerId("fredPublic");
        String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
        CodeVerifierTransformer transformer = new PlainCodeVerifier();
        parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
        parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
        parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
        parameters.setPath("authorize/");
        OAuth2TestUtils.getLocation(client, parameters);
        fail("Failure expected on a missing (registered) redirectURI");
    } catch (Exception ex) {
    // expected
    }
}
Also used : PlainCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.PlainCodeVerifier) CodeVerifierTransformer(org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Example 2 with CodeVerifierTransformer

use of org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer in project cxf by apache.

the class PublicClientTest method testPKCEMissingVerifier.

private void testPKCEMissingVerifier(CodeVerifierTransformer transformer) {
    URL busFile = PublicClientTest.class.getResource("publicclient.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
    parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
    parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
    parameters.setPath("authorize/");
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(tokenServiceAddress, busFile.toString());
    try {
        OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null);
        fail("Failure expected on a missing verifier");
    } catch (OAuthServiceException ex) {
        assertFalse(ex.getError().getError().isEmpty());
    }
}
Also used : OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 3 with CodeVerifierTransformer

use of org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer in project cxf by apache.

the class PublicClientTest method testPKCE.

private void testPKCE(CodeVerifierTransformer transformer) {
    URL busFile = PublicClientTest.class.getResource("publicclient.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
    parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
    parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
    parameters.setPath("authorize/");
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(tokenServiceAddress, busFile.toString());
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
    assertNotNull(accessToken.getTokenKey());
}
Also used : ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 4 with CodeVerifierTransformer

use of org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer in project cxf by apache.

the class PublicClientTest method testPKCEDifferentVerifier.

private void testPKCEDifferentVerifier(CodeVerifierTransformer transformer) {
    URL busFile = PublicClientTest.class.getResource("publicclient.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
    parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
    parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
    parameters.setPath("authorize/");
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(tokenServiceAddress, busFile.toString());
    codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    try {
        OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
        fail("Failure expected on a different verifier");
    } catch (OAuthServiceException ex) {
        assertFalse(ex.getError().getError().isEmpty());
    }
}
Also used : OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 5 with CodeVerifierTransformer

use of org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowWithPKCE.

@org.junit.Test
public void testAuthorizationCodeFlowWithPKCE() throws Exception {
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope(OidcUtils.OPENID_SCOPE);
    parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
    parameters.setPath("authorize/");
    String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    CodeVerifierTransformer transformer = new DigestCodeVerifier();
    parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
    parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
    assertNotNull(accessToken.getTokenKey());
    if (isAccessTokenInJWTFormat()) {
        validateAccessToken(accessToken.getTokenKey());
    }
}
Also used : CodeVerifierTransformer(org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer) DigestCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Aggregations

WebClient (org.apache.cxf.jaxrs.client.WebClient)5 AuthorizationCodeParameters (org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters)5 URL (java.net.URL)4 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)3 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2 CodeVerifierTransformer (org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer)2 DigestCodeVerifier (org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier)1 PlainCodeVerifier (org.apache.cxf.rs.security.oauth2.grants.code.PlainCodeVerifier)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial