[cxf] branch master updated: cxf-systests-rs-security: use OAuthClientUtils.getAccessToken

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch master updated: cxf-systests-rs-security: use OAuthClientUtils.getAccessToken

buhhunyx
This is an automated email from the ASF dual-hosted git repository.

buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 12b0c59  cxf-systests-rs-security: use OAuthClientUtils.getAccessToken
12b0c59 is described below

commit 12b0c595a03e0fed09fbc2d4ee37e0ee15fe4432
Author: Alexey Markevich <[hidden email]>
AuthorDate: Wed Feb 12 16:55:41 2020 +0300

    cxf-systests-rs-security: use OAuthClientUtils.getAccessToken
---
 .../security/oauth2/common/OAuth2TestUtils.java    | 31 ++++-----
 .../security/oauth2/grants/PublicClientTest.java   | 73 ++++++----------------
 .../systest/jaxrs/security/oidc/OIDCFlowTest.java  | 71 +++++----------------
 3 files changed, 51 insertions(+), 124 deletions(-)

diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index a6ddb2c..c31cace 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -21,7 +21,9 @@ package org.apache.cxf.systest.jaxrs.security.oauth2.common;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import javax.ws.rs.core.Form;
@@ -37,9 +39,13 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.oauth2.client.Consumer;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
@@ -164,23 +170,20 @@ public final class OAuth2TestUtils {
                                                                         String consumerId,
                                                                         String audience,
                                                                         String codeVerifier) {
-        client.type("application/x-www-form-urlencoded").accept("application/json");
-        client.path("token");
-
-        Form form = new Form();
-        form.param("grant_type", "authorization_code");
-        form.param("code", code);
-        form.param("client_id", consumerId);
+        Map<String, String> extraParams = new HashMap<>(3);
+        extraParams.put(OAuthConstants.REDIRECT_URI, "http://www.blah.apache.org");
         if (audience != null) {
-            form.param("audience", audience);
+            extraParams.put(OAuthConstants.CLIENT_AUDIENCE, audience);
         }
         if (codeVerifier != null) {
-            form.param("code_verifier", codeVerifier);
-        }
-        form.param("redirect_uri", "http://www.blah.apache.org");
-        Response response = client.post(form);
-
-        return response.readEntity(ClientAccessToken.class);
+            extraParams.put(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, codeVerifier);
+        }
+        return OAuthClientUtils.getAccessToken(
+            client.path("token"),
+            new Consumer(consumerId),
+            new AuthorizationCodeGrant(code),
+            extraParams,
+            false);
     }
 
     public static List<Object> setupProviders() {
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index 455ba0e..5aa55d7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -21,25 +21,25 @@ package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
 
 import java.net.URL;
 
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
 import org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.AbstractClientServerTestBase;
 import org.apache.cxf.testutil.common.TestUtil;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -47,7 +47,7 @@ import static org.junit.Assert.fail;
 /**
  * Some tests for public clients.
  */
-public class PublicClientTest extends AbstractBusClientServerTestBase {
+public class PublicClientTest extends AbstractClientServerTestBase {
     public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-grants-jcache-public");
     public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-jcache-public");
 
@@ -79,10 +79,7 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services2 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services2/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -135,10 +132,7 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services2 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services2/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
@@ -171,16 +165,13 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services2 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services2/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         try {
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null);
             fail("Failure expected on a missing verifier");
-        } catch (Exception ex) {
-            // expected
+        } catch (OAuthServiceException ex) {
+            assertFalse(ex.getError().getError().isEmpty());
         }
     }
 
@@ -210,17 +201,14 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services2 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services2/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         try {
             codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
             fail("Failure expected on a different verifier");
-        } catch (Exception ex) {
-            // expected
+        } catch (OAuthServiceException ex) {
+            assertFalse(ex.getError().getError().isEmpty());
         }
     }
 
@@ -252,10 +240,7 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services3 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services3/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
@@ -291,15 +276,12 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
         // Now get the access token - note services3 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services3/";
         client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
 
         try {
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null);
             fail("Failure expected on a missing verifier");
-        } catch (Exception ex) {
-            // expected
+        } catch (OAuthServiceException ex) {
+            assertFalse(ex.getError().getError().isEmpty());
         }
     }
 
@@ -331,41 +313,24 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
 
         // Now get the access token - note services3 doesn't require basic auth
         String address2 = "https://localhost:" + JCACHE_PORT + "/services3/";
-        client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address2, busFile.toString());
 
         try {
             codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
             fail("Failure expected on a different verifier");
-        } catch (Exception ex) {
-            // expected
+        } catch (OAuthServiceException ex) {
+            assertFalse(ex.getError().getError().isEmpty());
         }
     }
 
     //
     // Server implementations
     //
-
     public static class BookServerOAuth2GrantsJCache extends AbstractBusTestServerBase {
-        private static final URL SERVER_CONFIG_FILE =
-            BookServerOAuth2GrantsJCache.class.getResource("grants-server-public.xml");
-
         protected void run() {
-            SpringBusFactory bf = new SpringBusFactory();
-            Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
-            BusFactory.setDefaultBus(springBus);
-            setBus(springBus);
-
-            try {
-                new BookServerOAuth2GrantsJCache();
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
+            setBus(new SpringBusFactory().createBus(getClass().getResource("grants-server-public.xml")));
         }
-
     }
 
 }
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index dcbed83..c6441d2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -124,11 +124,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -176,11 +172,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -213,11 +205,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -249,11 +237,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -285,11 +269,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -311,7 +291,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         URL busFile = OIDCFlowTest.class.getResource("client.xml");
 
         String address = "https://localhost:" + port + "/services/";
-        WebClient client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
                                             "alice", "security", busFile.toString());
         // Save the Cookie for the second request...
         WebClient.getConfig(client).getRequestContext().put(
@@ -322,11 +302,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -339,6 +315,9 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         validateIdToken(idToken, null);
 
         // Refresh the access token
+        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+            "consumer-id", "this-is-a-secret", busFile.toString());
+        client.path("token");
         client.type("application/x-www-form-urlencoded").accept("application/json");
 
         Form form = new Form();
@@ -376,11 +355,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -413,11 +388,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address,  OAuth2TestUtils.setupProviders(),
-                                  "consumer-id-aud", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id-aud", "this-is-a-secret", busFile.toString());
 
         String audience = "https://localhost:" + port + "/secured/bookstore/books";
         ClientAccessToken accessToken =
@@ -658,11 +629,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
 
         // Now get the access token
-        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -721,11 +688,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNull(idToken);
 
         // Now get the access token with the code
-        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
@@ -906,11 +869,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
 
         // Now get the access token
-        client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
-                                  "consumer-id", "this-is-a-secret", busFile.toString());
-        // Save the Cookie for the second request...
-        WebClient.getConfig(client).getRequestContext().put(
-            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
 
         ClientAccessToken accessToken =
             OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);