Package org.surfnet.oaaas.model

Examples of org.surfnet.oaaas.model.VerifyTokenResponse


  public Optional<AuthenticatedPrincipal> authenticate(String accessToken) throws AuthenticationException {
    String json = client
        .resource(String.format(authorizationServerUrl.concat("?access_token=%s"), accessToken))
        .header(HttpHeaders.AUTHORIZATION, authorizationValue).accept("application/json")
        .get(String.class);
    final VerifyTokenResponse response;
    try {
      response = mapper.readValue(json, VerifyTokenResponse.class);
    } catch (IOException e) {
      throw new AuthenticationException("Could not parse JSON: "+ json, e);
    }
    return Optional.fromNullable(response.getPrincipal());
  }
View Full Code Here


  public void happy() throws IOException {
    final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "00-11-22-33")
        .header("Authorization", authorizationBasic("it-test-resource-server", "somesecret")).get(ClientResponse.class);
    assertEquals(200, response.getStatus());
    String json = response.getEntity(String.class);
    final VerifyTokenResponse verifyTokenResponse = objectMapper.readValue(json, VerifyTokenResponse.class);
    assertEquals("it-test-enduser", verifyTokenResponse.getPrincipal().getName());
  }
View Full Code Here

  private ResourceOwnerRepository resourceOwnerRepository;

  @Before
  public void before() throws Exception {
    MockitoAnnotations.initMocks(this);
    VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse();
    verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user"));
    verifyTokenResponse.setScopes(Arrays.asList("read"));
    when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse);
  }
View Full Code Here

  @Test
  public void scopesShouldBeSubsetOfResourceServerScopes() {

    Client client = new Client();
    request.setAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE, new VerifyTokenResponse("",
        new ArrayList<String>(), new AuthenticatedPrincipal("user"), 0L));
    client.setScopes(Arrays.asList("Some", "arbitrary", "set"));
    client.setName("clientname");
    ResourceServer resourceServer = new ResourceServer();
    resourceServer.setScopes(Arrays.asList("read", "update", "delete"));
View Full Code Here

  private AccessTokenRepository accessTokenRepository;

  @Before
  public void before() {
    MockitoAnnotations.initMocks(this);
    VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse();
    verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user"));
    verifyTokenResponse.setScopes(Arrays.asList("read"));
    when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse);
  }
View Full Code Here

     * The Access Token from the Client app as documented in
     * http://tools.ietf.org/html/draft-ietf-oauth-v2#section-7
     */
    final String accessToken = getAccessToken(request);
    if (accessToken != null) {
      VerifyTokenResponse tokenResponse = getVerifyTokenResponse(accessToken);
      if (isValidResponse(tokenResponse)) {
        request.setAttribute(VERIFY_TOKEN_RESPONSE, tokenResponse);
        chain.doFilter(request, response);
        return;
      }
View Full Code Here

   */
  @Test
  public void testDoFilterHappyFlow() throws IOException, ServletException {
    Map<String, String> attributes = new HashMap<String, String>();
    attributes.put("key", "value");
    VerifyTokenResponse recorderdResponse = new VerifyTokenResponse("org.surfnet.oaaas.conext.mock-client", Collections.singletonList("read"),
        new AuthenticatedPrincipal("john.doe", Arrays.asList("user", "admin"), attributes), 0L);
    MockFilterChain chain = doCallFilter(recorderdResponse);
    /*
     * Verify that the FilterChain#doFilter is called and the
     * VerifyTokenResponse is set on the Request
     */
    VerifyTokenResponse response = (VerifyTokenResponse) chain.getRequest().getAttribute(
        AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE);
    assertEquals("value",response.getPrincipal().getAttributes().get("key"));
    assertEquals("*", ((MockHttpServletResponse)chain.getResponse()).getHeader("Access-Control-Allow-Origin"));


    /*
     * Also test the cache by repeating the call and setting the expected result
View Full Code Here

    }
    sendError(response, HttpServletResponse.SC_FORBIDDEN, "OAuth2 endpoint");
  }

  protected VerifyTokenResponse getVerifyTokenResponse(String accessToken) {
    VerifyTokenResponse verifyTokenResponse = null;
    if (cacheAccessTokens()) {
      verifyTokenResponse = cache.getVerifyToken(accessToken);
      if (verifyTokenResponse != null) {
        return verifyTokenResponse;
      }
View Full Code Here

   * @throws ServletException
   * @throws IOException
   */
  @Test
  public void testDoFilterWrongAccessToken() throws IOException, ServletException {
    VerifyTokenResponse recorderdResponse = new VerifyTokenResponse("wtf");
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = doCallFilter(recorderdResponse, response);
    /*
     * Verify that the response is 403 and that the chain is stopped
     */
 
View Full Code Here

    }

    AccessToken token = accessTokenRepository.findByToken(accessToken);
    if (token == null || !resourceServer.containsClient(token.getClient())) {
      LOG.warn("Access token {} not found for resource server '{}'. Responding with 404 in VerifyResource#verifyToken for user {}", accessToken, resourceServer.getName(), credentials);
      return Response.status(Status.NOT_FOUND).entity(new VerifyTokenResponse("not_found")).build();
    }
    if (tokenExpired(token)) {
      LOG.warn("Token {} is expired. Responding with 410 in VerifyResource#verifyToken for user {}", accessToken, credentials);
      return Response.status(Status.GONE).entity(new VerifyTokenResponse("token_expired")).build();
    }

    final VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse(token.getClient().getName(),
            token.getScopes(), token.getPrincipal(), token.getExpires());

    if (LOG.isDebugEnabled()) {
      LOG.debug("Responding with 200 in VerifyResource#verifyToken for access token {} and user {}", accessToken, credentials);
    }
View Full Code Here

TOP

Related Classes of org.surfnet.oaaas.model.VerifyTokenResponse

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.