public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean required) { validateAccessTokenHash(at.getTokenKey(), jwt, required); } public static void validateAccessTokenHash(String accessToken, JwtToken jwt, boolean required) {
public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean required) { validateAccessTokenHash(at.getTokenKey(), jwt, required); } public static void validateAccessTokenHash(String accessToken, JwtToken jwt, boolean required) {
@Override public String getAuthorizationHeader(String resourceURI, String httpMethod) { if (this.accessToken == null || expired(this.accessToken)) { this.accessToken = getAccessToken(); } return "Bearer "+this.accessToken.getTokenKey(); //$NON-NLS-1$ }
@Override public String getAuthorizationHeader(String resourceURI, String httpMethod) { if (this.accessToken == null || expired(this.accessToken)) { this.accessToken = getAccessToken(); } return "Bearer "+this.accessToken.getTokenKey(); //$NON-NLS-1$ }
protected ClientAccessToken getClientAccessToken() { ClientAccessToken at = super.getClientAccessToken(); if (at.getTokenKey() == null) { ClientTokenContext ctx = StaticClientTokenContext.getClientTokenContext(); if (ctx != null) { at = ctx.getToken(); } } return at; } }
protected ClientAccessToken getClientAccessToken() { ClientAccessToken at = super.getClientAccessToken(); if (at.getTokenKey() == null) { ClientTokenContext ctx = StaticClientTokenContext.getClientTokenContext(); if (ctx != null) { at = ctx.getToken(); } } return at; } }
@POST @Path("/books") @Produces("application/xml") @Consumes("application/xml") public Book echoBookXml(Book book) { URL busFile = PartnerService.class.getResource("client.xml"); String address = "https://localhost:" + OAuth2FiltersTest.PORT + "/secured/bookstore/books"; WebClient client = WebClient.create(address, busFile.toString()); client.type("application/xml").accept("application/xml"); client.header("Authorization", "Bearer " + context.getToken().getTokenKey()); // Now make a service invocation with the access token Response serviceResponse = client.post(book); if (serviceResponse.getStatus() == 200) { return serviceResponse.readEntity(Book.class); } throw new WebApplicationException(Response.Status.FORBIDDEN); }
public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken, Consumer client) { if (!sendTokenAsFormParameter) { OAuthClientUtils.setAuthorizationHeader(profileClient, at); if (getUserInfoFromJwt) { String jwt = profileClient.get(String.class); return getUserInfoFromJwt(jwt, idToken, client); } UserInfo profile = profileClient.get(UserInfo.class); validateUserInfo(profile, idToken, client); return profile; } Form form = new Form().param("access_token", at.getTokenKey()); if (getUserInfoFromJwt) { String jwt = profileClient.form(form).readEntity(String.class); return getUserInfoFromJwt(jwt, idToken, client); } UserInfo profile = profileClient.form(form).readEntity(UserInfo.class); validateUserInfo(profile, idToken, client); return profile; } public UserInfo getUserInfoFromJwt(String profileJwtToken,
@Test public void testJWTBearerAuthenticationDirect() throws Exception { String address = "https://localhost:" + port + "/oauth2-auth-jwt/token"; WebClient wc = createWebClient(address); // Create the JWT Token String token = OAuth2TestUtils.createToken("resourceOwner", "alice", address, true, true); Map<String, String> extraParams = new HashMap<>(); extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, token); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams); assertNotNull(at.getTokenKey()); }
@Test public void testTwoWayTLSAuthenticationCustomGrant() throws Exception { if (JPA_PORT.equals(port)) { // We don't run this test for the JPA provider due to: // java.sql.BatchUpdateException: data exception: string data, right truncation; // table: CLIENT_APPLICATIONCERTIFICATES column: APPLICATIONCERTIFICATES return; } String address = "https://localhost:" + port + "/oauth2/token"; WebClient wc = createWebClient(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant()); assertNotNull(at.getTokenKey()); }
@Test public void testPublicClientIdOnly() throws Exception { String pubPort = JCACHE_PORT_PUBLIC; if (JWT_JCACHE_PORT.equals(port)) { pubPort = JWT_JCACHE_PORT_PUBLIC; } else if (JPA_PORT.equals(port)) { pubPort = JPA_PORT_PUBLIC; } else if (JWT_NON_PERSIST_JCACHE_PORT.equals(port)) { pubPort = JWT_NON_PERSIST_JCACHE_PORT_PUBLIC; } String address = "http://localhost:" + pubPort + "/oauth2Public/token"; WebClient wc = WebClient.create(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("fredPublic"), new CustomGrant(), false); assertNotNull(at.getTokenKey()); }
public String getAuthorization(AuthorizationPolicy authPolicy, URI currentURI, Message message, String fullHeader) { if (code != null) { synchronized (tokenSupplier) { if (tokenSupplier.getClientAccessToken().getTokenKey() == null) { WebClient wc = tokenSupplier.createAccessTokenServiceClient(); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, tokenSupplier.getConsumer(), new AuthorizationCodeGrant(code)); code = null; tokenSupplier.setClientAccessToken(at); } } } return tokenSupplier.getAuthorization(authPolicy, currentURI, message, fullHeader); }
public String getAuthorization(AuthorizationPolicy authPolicy, URI currentURI, Message message, String fullHeader) { if (code != null) { synchronized (tokenSupplier) { if (tokenSupplier.getClientAccessToken().getTokenKey() == null) { WebClient wc = tokenSupplier.createAccessTokenServiceClient(); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, tokenSupplier.getConsumer(), new AuthorizationCodeGrant(code)); code = null; tokenSupplier.setClientAccessToken(at); } } } return tokenSupplier.getAuthorization(authPolicy, currentURI, message, fullHeader); }
@Test public void testSAML2BearerAuthenticationInterceptor() throws Exception { String address = "https://localhost:" + port + "/oauth2-auth/token"; WebClient wc = createWebClientWithProps(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new CustomGrant()); assertNotNull(at.getTokenKey()); }
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormTokenResponse bean = new FormTokenResponse(); bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE); bean.setRedirectUri(state.getRedirectUri()); bean.setState(state.getState()); bean.setAccessToken(clientToken.getTokenKey()); bean.setAccessTokenType(clientToken.getTokenType()); bean.setAccessTokenExpiresIn(clientToken.getExpiresIn()); bean.getParameters().putAll(clientToken.getParameters()); return bean; }
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormTokenResponse bean = new FormTokenResponse(); bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE); bean.setRedirectUri(state.getRedirectUri()); bean.setState(state.getState()); bean.setAccessToken(clientToken.getTokenKey()); bean.setAccessTokenType(clientToken.getTokenType()); bean.setAccessTokenExpiresIn(clientToken.getExpiresIn()); bean.getParameters().putAll(clientToken.getParameters()); return bean; }
@Test public void testConfidentialClientIdAndSecret() throws Exception { String address = "https://localhost:" + port + "/oauth2/token"; WebClient wc = createWebClient(address); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("fred", "password"), new CustomGrant(), false); assertNotNull(at.getTokenKey()); }
@Test public void testTwoWayTLSClientIdBound() throws Exception { String atServiceAddress = "https://localhost:" + PORT + "/oauth2/token"; WebClient wc = createOAuth2WebClient(atServiceAddress); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("bound"), new CustomGrant()); assertNotNull(at.getTokenKey()); }
@Test public void testJWTBearerGrant() throws Exception { String address = "https://localhost:" + port + "/oauth2/token"; WebClient wc = createWebClient(address); // Create the JWT Token String token = OAuth2TestUtils.createToken("resourceOwner", "alice", address, true, true); JwtBearerGrant grant = new JwtBearerGrant(token); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("alice", "alice"), grant, false); assertNotNull(at.getTokenKey()); }
@Test public void testSAML2BearerGrant() throws Exception { String address = "https://localhost:" + port + "/oauth2/token"; WebClient wc = createWebClient(address); Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES); SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password"); SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false); String audienceURI = "https://localhost:" + port + "/oauth2/token"; samlCallbackHandler.setAudience(audienceURI); SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler, signInfo); Document doc = DOMUtils.newDocument(); Element assertionElement = assertionWrapper.toDOM(doc); String assertion = DOM2Writer.nodeToString(assertionElement); Saml2BearerGrant grant = new Saml2BearerGrant(assertion); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("alice", "alice"), grant, false); assertNotNull(at.getTokenKey()); }