Examples with ConsumerCredentials org.glassfish.jersey.client.oauth1.ConsumerCredentials used on opensource projects

Example 1 with ConsumerCredentials

use of org.glassfish.jersey.client.oauth1.ConsumerCredentials in project jersey by jersey.

the class OAuthClientServerTest method testRequestSigningWithExceedingCache.

/**
     * Tests configuration of the nonce cache on the server side.
     */
@Test
public void testRequestSigningWithExceedingCache() {
    final Feature filterFeature = OAuth1ClientSupport.builder(new ConsumerCredentials(CONSUMER_KEY, SECRET_CONSUMER_KEY)).feature().accessToken(new AccessToken(PROMETHEUS_TOKEN, PROMETHEUS_SECRET)).build();
    final Client client = ClientBuilder.newBuilder().register(filterFeature).build();
    final URI resourceUri = UriBuilder.fromUri(getBaseUri()).path("resource").build();
    final WebTarget target = client.target(resourceUri);
    Response response;
    for (int i = 0; i < 20; i++) {
        System.out.println("request: " + i);
        response = target.request().get();
        assertEquals(200, response.getStatus());
        assertEquals("prometheus", response.readEntity(String.class));
        i++;
        response = target.path("admin").request().get();
        assertEquals(200, response.getStatus());
        assertEquals(true, response.readEntity(boolean.class));
    }
    // now the nonce cache is full
    response = target.request().get();
    assertEquals(401, response.getStatus());
}

Example 2 with ConsumerCredentials

use of org.glassfish.jersey.client.oauth1.ConsumerCredentials in project jersey by jersey.

the class OAuthClientServerTest method testAuthorizationFlow.

/**
     * Tests client and server OAuth.
     * <p/>
     * Tests authorization flow including the request to a protected resource. The test uses {@link OAuth1AuthorizationFlow}
     * to perform user authorization and uses authorized client for requesting protected resource.
     * <p/>
     * The resource {@link OAuthAuthorizationResource} is used to perform user authorization (this is done
     * programmatically from the test). Finally, the Access Token is retrieved and used to request the
     * protected resource. In this resource the user principal is used to return the name of the user stored
     * in {@link SecurityContext}.
     */
@Test
public void testAuthorizationFlow() {
    String tempCredUri = UriBuilder.fromUri(getBaseUri()).path("requestTokenSpecialUri").build().toString();
    String accessTokenUri = UriBuilder.fromUri(getBaseUri()).path("accessTokenSpecialUri").build().toString();
    final String userAuthorizationUri = UriBuilder.fromUri(getBaseUri()).path("user-authorization").build().toString();
    final OAuth1AuthorizationFlow authFlow = OAuth1ClientSupport.builder(new ConsumerCredentials(CONSUMER_KEY, SECRET_CONSUMER_KEY)).authorizationFlow(tempCredUri, accessTokenUri, userAuthorizationUri).callbackUri("http://consumer/callback/homer").build();
    final String authUri = authFlow.start();
    // authorize by a request to authorization URI
    final Response userAuthResponse = ClientBuilder.newClient().target(authUri).request().get();
    assertEquals(200, userAuthResponse.getStatus());
    final String verifier = userAuthResponse.readEntity(String.class);
    System.out.println("Verifier: " + verifier);
    authFlow.finish(verifier);
    final Client authorizedClient = authFlow.getAuthorizedClient();
    Response response = authorizedClient.target(getBaseUri()).path("resource").request().get();
    assertEquals(200, response.getStatus());
    assertEquals("homer", response.readEntity(String.class));
    response = authorizedClient.target(getBaseUri()).path("resource").path("admin").request().get();
    assertEquals(200, response.getStatus());
    assertEquals(false, response.readEntity(boolean.class));
}

Example 3 with ConsumerCredentials

use of org.glassfish.jersey.client.oauth1.ConsumerCredentials in project jersey by jersey.

the class OAuthClientServerTest method testRequestSigning.

/**
     * Tests {@link org.glassfish.jersey.client.oauth1.OAuth1ClientFilter} already configured with Access Token for signature
     * purposes only.
     */
@Test
public void testRequestSigning() {
    final Feature filterFeature = OAuth1ClientSupport.builder(new ConsumerCredentials(CONSUMER_KEY, SECRET_CONSUMER_KEY)).feature().accessToken(new AccessToken(PROMETHEUS_TOKEN, PROMETHEUS_SECRET)).build();
    final Client client = ClientBuilder.newBuilder().register(filterFeature).build();
    final URI resourceUri = UriBuilder.fromUri(getBaseUri()).path("resource").build();
    final WebTarget target = client.target(resourceUri);
    Response response;
    for (int i = 0; i < 15; i++) {
        System.out.println("request: " + i);
        response = target.request().get();
        assertEquals(200, response.getStatus());
        assertEquals("prometheus", response.readEntity(String.class));
        i++;
        response = target.path("admin").request().get();
        assertEquals(200, response.getStatus());
        assertEquals(true, response.readEntity(boolean.class));
    }
}

Example 4 with ConsumerCredentials

use of org.glassfish.jersey.client.oauth1.ConsumerCredentials in project jersey by jersey.

the class OauthClientAuthorizationFlowTest method testOAuthClientFeature.

/**
     * Tests mainly the client functionality. The test client registers
     * {@link org.glassfish.jersey.client.oauth1.OAuth1ClientFilter} and uses the filter only to sign requests. So, it does not
     * use the filter to perform authorization flow. However, each request that this test performs is actually a request used
     * during the authorization flow.
     * <p/>
     * The server side of this test extracts header authorization values and tests that signatures are
     * correct for each request type.
     */
@Test
public void testOAuthClientFeature() {
    final URI baseUri = getBaseUri();
    // baseline for requests
    final OAuth1Builder oAuth1Builder = OAuth1ClientSupport.builder(new ConsumerCredentials("dpf43f3p2l4k3l03", "kd94hf93k423kf44")).timestamp("1191242090").nonce("hsu94j3884jdopsl").signatureMethod(PlaintextMethod.NAME).version("1.0");
    final Feature feature = oAuth1Builder.feature().build();
    final Client client = client();
    client.register(LoggingFeature.class);
    final WebTarget target = client.target(baseUri);
    // simulate request for Request Token (temporary credentials)
    String responseEntity = target.path("request_token").register(feature).request().post(Entity.entity("entity", MediaType.TEXT_PLAIN_TYPE), String.class);
    assertEquals(responseEntity, "oauth_token=hh5s93j4hdidpola&oauth_token_secret=hdhd0244k9j7ao03");
    final Feature feature2 = oAuth1Builder.timestamp("1191242092").nonce("dji430splmx33448").feature().accessToken(new AccessToken("hh5s93j4hdidpola", "hdhd0244k9j7ao03")).build();
    // simulate request for Access Token
    responseEntity = target.path("access_token").register(feature2).request().post(Entity.entity("entity", MediaType.TEXT_PLAIN_TYPE), String.class);
    assertEquals(responseEntity, "oauth_token=nnch734d00sl2jdk&oauth_token_secret=pfkkdhi9sl3r4s00");
    final Feature feature3 = oAuth1Builder.nonce("kllo9940pd9333jh").signatureMethod("HMAC-SHA1").timestamp("1191242096").feature().accessToken(new AccessToken("nnch734d00sl2jdk", "pfkkdhi9sl3r4s00")).build();
    // based on Access Token
    responseEntity = target.path("/photos").register(feature3).queryParam("file", "vacation.jpg").queryParam("size", "original").request().get(String.class);
    assertEquals(responseEntity, "PHOTO");
}

Example 5 with ConsumerCredentials

use of org.glassfish.jersey.client.oauth1.ConsumerCredentials in project jersey by jersey.

the class OauthClientAuthorizationFlowTest method testOAuthClientFlow.

@Test
public void testOAuthClientFlow() throws Exception {
    final String uri = getBaseUri().toString();
    final OAuth1AuthorizationFlow authFlow = OAuth1ClientSupport.builder(new ConsumerCredentials("dpf43f3p2l4k3l03", "kd94hf93k423kf44")).timestamp("1191242090").nonce("hsu94j3884jdopsl").signatureMethod("PLAINTEXT").authorizationFlow(uri + "request_token", uri + "access_token", uri + "authorize").enableLogging().build();
    // Check we have correct authorization URI.
    final String authorizationUri = authFlow.start();
    assertThat(authorizationUri, containsString("authorize?oauth_token=hh5s93j4hdidpola"));
    // For the purpose of the test I need parameters (and there is no way how to do it now).
    final Field paramField = authFlow.getClass().getDeclaredField("parameters");
    paramField.setAccessible(true);
    final OAuth1Parameters params = (OAuth1Parameters) paramField.get(authFlow);
    // Update parameters.
    params.timestamp("1191242092").nonce("dji430splmx33448");
    final AccessToken accessToken = authFlow.finish();
    assertThat(accessToken, equalTo(new AccessToken("nnch734d00sl2jdk", "pfkkdhi9sl3r4s00")));
    // Update parameters before creating a feature (i.e. changing signature method).
    params.nonce("kllo9940pd9333jh").signatureMethod("HMAC-SHA1").timestamp("1191242096");
    // Check Authorized Client.
    final Client flowClient = authFlow.getAuthorizedClient().register(LoggingFeature.class);
    String responseEntity = flowClient.target(uri).path("/photos").queryParam("file", "vacation.jpg").queryParam("size", "original").request().get(String.class);
    assertThat("Flow Authorized Client", responseEntity, equalTo("PHOTO"));
    // Check Feature.
    final Client featureClient = ClientBuilder.newClient().register(authFlow.getOAuth1Feature()).register(LoggingFeature.class);
    responseEntity = featureClient.target(uri).path("/photos").queryParam("file", "vacation.jpg").queryParam("size", "original").request().get(String.class);
    assertThat("Feature Client", responseEntity, equalTo("PHOTO"));
}