Examples with Book org.apache.cxf.systest.jaxrs.security.Book used on opensource projects

Example 71 with Book

use of org.apache.cxf.systest.jaxrs.security.Book in project cxf by apache.

the class OAuth2JwtFiltersTest method doTestServiceWithJwtTokenAndScope.

private void doTestServiceWithJwtTokenAndScope(String oauthService, String rsAddress) throws Exception {
    final AuthorizationMetadata authorizationMetadata = OAuthClientUtils.getAuthorizationMetadata(oauthService);
    final String scope = "create_book";
    final URI authorizationURI = OAuthClientUtils.getAuthorizationURI(authorizationMetadata.getAuthorizationEndpoint().toString(), "consumer-id", null, null, scope);
    // Get Authorization Code
    WebClient oauthClient = WebClient.create(authorizationURI.toString(), OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    final String location = OAuth2TestUtils.getLocation(oauthClient, oauthClient.accept(MediaType.APPLICATION_JSON).get(OAuthAuthorizationData.class), null);
    final String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    final ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(authorizationMetadata.getTokenEndpoint().toString(), new Consumer("consumer-id", "this-is-a-secret"), new AuthorizationCodeGrant(code), true);
    assertNotNull(accessToken.getTokenKey());
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken.getTokenKey());
    JwsSignatureVerifier verifier = JwsUtils.loadSignatureVerifier("org/apache/cxf/systest/jaxrs/security/alice.rs.properties", null);
    assertTrue(jwtConsumer.verifySignatureWith(verifier));
    JwtClaims claims = jwtConsumer.getJwtClaims();
    assertEquals("consumer-id", claims.getStringProperty(OAuthConstants.CLIENT_ID));
    assertEquals("alice", claims.getStringProperty("username"));
    assertTrue(claims.getStringProperty(OAuthConstants.SCOPE).contains(scope));
    // Now invoke on the service with the access token
    WebClient client = WebClient.create(rsAddress, OAuth2TestUtils.setupProviders()).authorization(new ClientAccessToken(BEARER_AUTHORIZATION_SCHEME, accessToken.getTokenKey()));
    Book returnedBook = client.type("application/xml").post(new Book("book", 123L), Book.class);
    assertEquals(returnedBook.getName(), "book");
    assertEquals(returnedBook.getId(), 123L);
}

Example 72 with Book

use of org.apache.cxf.systest.jaxrs.security.Book in project cxf by apache.

the class OAuth2JwtFiltersTest method testServiceLocalValidationWithNoToken.

@org.junit.Test
public void testServiceLocalValidationWithNoToken() throws Exception {
    // Now invoke on the service with the faked access token
    String address = "https://localhost:" + PORT + "/securedLocalValidation/bookstore/books";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders());
    Response response = client.post(new Book("book", 123L));
    assertNotEquals(response.getStatus(), 200);
}

Example 73 with Book

use of org.apache.cxf.systest.jaxrs.security.Book in project cxf by apache.

the class OAuth2FiltersTest method testServiceWithTokenUsingAudience.

@org.junit.Test
public void testServiceWithTokenUsingAudience() throws Exception {
    // Get Authorization Code
    String oauthService = "https://localhost:" + OAUTH_PORT + "/services/";
    WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, null, "consumer-id-aud");
    assertNotNull(code);
    // Now get the access token
    oauthClient = WebClient.create(oauthService, "consumer-id-aud", "this-is-a-secret", null);
    String address = "https://localhost:" + PORT + "/secured/bookstore/books";
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code, "consumer-id-aud", address);
    assertNotNull(accessToken.getTokenKey());
    // Now invoke on the service with the access token
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders()).authorization(new ClientAccessToken(BEARER_AUTHORIZATION_SCHEME, accessToken.getTokenKey()));
    Response response = client.type("application/xml").post(new Book("book", 123L));
    assertEquals(response.getStatus(), 200);
    Book returnedBook = response.readEntity(Book.class);
    assertEquals(returnedBook.getName(), "book");
    assertEquals(returnedBook.getId(), 123L);
}

Example 74 with Book

use of org.apache.cxf.systest.jaxrs.security.Book in project cxf by apache.

the class OAuth2FiltersTest method testServiceWithEmptyToken.

@org.junit.Test
public void testServiceWithEmptyToken() throws Exception {
    // Now invoke on the service with the faked access token
    String address = "https://localhost:" + PORT + "/secured/bookstore/books";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders()).authorization(new ClientAccessToken(BEARER_AUTHORIZATION_SCHEME, ""));
    Response response = client.post(new Book("book", 123L));
    assertEquals(Family.CLIENT_ERROR, response.getStatusInfo().getFamily());
}

Example 75 with Book

use of org.apache.cxf.systest.jaxrs.security.Book in project cxf by apache.

the class OAuth2FiltersTest method testServiceWithTokenAndMultipleScopes.

@org.junit.Test
public void testServiceWithTokenAndMultipleScopes() throws Exception {
    // Get Authorization Code
    String oauthService = "https://localhost:" + OAUTH_PORT + "/services/";
    WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(oauthClient).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, "read_book create_image create_book");
    assertNotNull(code);
    // Now get the access token
    oauthClient = WebClient.create(oauthService, "consumer-id", "this-is-a-secret", null);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code);
    assertNotNull(accessToken.getTokenKey());
    // Now invoke on the service with the access token
    String address = "https://localhost:" + PORT + "/secured/bookstore/books";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders()).authorization(new ClientAccessToken(BEARER_AUTHORIZATION_SCHEME, accessToken.getTokenKey()));
    Response response = client.type("application/xml").post(new Book("book", 123L));
    assertEquals(response.getStatus(), 200);
    Book returnedBook = response.readEntity(Book.class);
    assertEquals(returnedBook.getName(), "book");
    assertEquals(returnedBook.getId(), 123L);
}