├── apis-images ├── cool_app.png ├── surf-oauth.png ├── university.png ├── apis-client.png ├── surf-conext-logo.png ├── surf-oauth-client.png └── apis_deployment_diagram.png ├── apis-example-client-app ├── .gitignore ├── src │ ├── main │ │ ├── webapp │ │ │ ├── assets │ │ │ │ ├── bootstrap-2.0.2 │ │ │ │ │ ├── readme │ │ │ │ │ └── img │ │ │ │ │ │ ├── glyphicons-halflings.png │ │ │ │ │ │ └── glyphicons-halflings-white.png │ │ │ │ ├── img │ │ │ │ │ └── surf-oauth.png │ │ │ │ ├── awesome-1.0.0 │ │ │ │ │ └── font │ │ │ │ │ │ ├── fontawesome-webfont.eot │ │ │ │ │ │ ├── fontawesome-webfont.svgz │ │ │ │ │ │ ├── fontawesome-webfont.ttf │ │ │ │ │ │ └── fontawesome-webfont.woff │ │ │ │ ├── css │ │ │ │ │ ├── client.css │ │ │ │ │ └── style-additional.css │ │ │ │ └── js │ │ │ │ │ └── client.js │ │ │ └── WEB-INF │ │ │ │ └── web.xml │ │ └── java │ │ │ └── org │ │ │ └── surfnet │ │ │ └── oaaas │ │ │ └── config │ │ │ └── SpringConfiguration.java │ └── test │ │ └── resources │ │ └── client.apis.properties └── README.md ├── apis-example-resource-server ├── .gitignore ├── university-foo-local.yml ├── README.md └── src │ └── main │ └── java │ └── org │ └── surfnet │ └── oaaas │ └── example │ └── api │ ├── UniversityFooConfiguration.java │ ├── domain │ ├── Student.java │ ├── Course.java │ └── University.java │ ├── AuthConfiguration.java │ └── UniversityFooService.java ├── apis-example-resource-server-war ├── .gitignore ├── src │ ├── main │ │ └── webapp │ │ │ ├── index.jsp │ │ │ └── WEB-INF │ │ │ └── web.xml │ └── test │ │ ├── resources │ │ └── apis-resource-server.properties │ │ └── java │ │ └── org │ │ └── surfnet │ │ └── oaaas │ │ └── it │ │ └── AuthorizationFilterIntegration.java ├── README.md └── pom.xml ├── apis-openconext-mock-war ├── README.md ├── src │ └── main │ │ ├── java │ │ └── org │ │ │ └── surfnet │ │ │ └── oaaas │ │ │ └── conext │ │ │ └── mock │ │ │ └── OpenConextServlet.java │ │ └── webapp │ │ └── WEB-INF │ │ └── web.xml └── pom.xml ├── apis-authorization-server-war ├── src │ ├── main │ │ ├── webapp │ │ │ ├── client │ │ │ │ ├── img │ │ │ │ │ ├── arrow.png │ │ │ │ │ ├── Untitled-3.png │ │ │ │ │ ├── surf-oauth.png │ │ │ │ │ ├── icon-example.png │ │ │ │ │ ├── dead-end-sign.jpg │ │ │ │ │ ├── icon-apps-blue.png │ │ │ │ │ ├── icon-apps-grey.png │ │ │ │ │ ├── icon-keys-blue.png │ │ │ │ │ ├── icon-keys-grey.png │ │ │ │ │ ├── icon-stats-blue.png │ │ │ │ │ ├── icon-stats-grey.png │ │ │ │ │ ├── side-nav-server.png │ │ │ │ │ ├── icon-servers-blue.png │ │ │ │ │ ├── icon-servers-grey.png │ │ │ │ │ ├── dead_end_no_consent.jpg │ │ │ │ │ ├── glyphicons-halflings.png │ │ │ │ │ ├── glyphicons-halflings-blue.png │ │ │ │ │ └── glyphicons-halflings-white.png │ │ │ │ ├── templates │ │ │ │ │ ├── tplAlert.html │ │ │ │ │ ├── tplResourceServerScope.html │ │ │ │ │ ├── tplClientRedirectUri.html │ │ │ │ │ ├── tplDeleteScopeWarning.html │ │ │ │ │ ├── tplClientAttribute.html │ │ │ │ │ ├── tplLanding.html │ │ │ │ │ ├── tplStatisticsGrid.html │ │ │ │ │ ├── tplAccessTokenGrid.html │ │ │ │ │ ├── tplClientGrid.html │ │ │ │ │ └── tplResourceServerGrid.html │ │ │ │ ├── js │ │ │ │ │ ├── jquery-extensions.js │ │ │ │ │ ├── main.js │ │ │ │ │ ├── statisticsGrid.js │ │ │ │ │ └── oauth.js │ │ │ │ └── client.html │ │ │ ├── index.html │ │ │ └── WEB-INF │ │ │ │ └── jsp │ │ │ │ ├── userconsent_denied.jsp │ │ │ │ └── login.jsp │ │ ├── resources │ │ │ ├── db │ │ │ │ └── migration │ │ │ │ │ └── mysql_content │ │ │ │ │ └── V1__auth-server-admin.sql │ │ │ └── spring-repositories.xml │ │ └── java │ │ │ └── org │ │ │ └── surfnet │ │ │ └── oaaas │ │ │ ├── logging │ │ │ └── LogbackConfigLocationListener.java │ │ │ └── config │ │ │ └── CasSpringConfiguration.java │ └── test │ │ ├── resources │ │ ├── apis.application.test.properties │ │ ├── mujina-idp.properties │ │ ├── jetty-context.xml │ │ ├── logback.xml │ │ └── apis-logback.xml │ │ └── java │ │ └── org │ │ └── surfnet │ │ └── oaaas │ │ ├── config │ │ └── SpringConfigTest.java │ │ ├── it │ │ ├── AbstractAuthorizationServerTest.java │ │ └── VerifyResourceTestIT.java │ │ └── selenium │ │ └── ImplicitGrantTestIT.java └── README.md ├── .gitignore ├── apis-authorization-server ├── src │ ├── test │ │ ├── resources │ │ │ ├── db │ │ │ │ └── migration │ │ │ │ │ ├── hsqldb │ │ │ │ │ ├── V2_2__insert_resowner.sql │ │ │ │ │ └── V2_1__add_resowner.sql │ │ │ │ │ └── mysql │ │ │ │ │ └── V1__auth-server-admin.sql │ │ │ └── logback.xml │ │ └── java │ │ │ └── org │ │ │ └── surfnet │ │ │ └── oaaas │ │ │ ├── model │ │ │ ├── AbstractEntityTest.java │ │ │ ├── ResourceOwnerTest.java │ │ │ └── ClientTest.java │ │ │ ├── repository │ │ │ ├── AccessTokenRepositoryTest.java │ │ │ └── ResourceOwnerRepositoryTest.java │ │ │ ├── resource │ │ │ └── resourceserver │ │ │ │ ├── ResourceServerResourceTest.java │ │ │ │ ├── AccessTokenResourceTest.java │ │ │ │ └── ResourceOwnerResourceTest.java │ │ │ └── auth │ │ │ └── LocalResourceOwnerAuthenticatorTest.java │ └── main │ │ ├── java │ │ └── org │ │ │ └── surfnet │ │ │ └── oaaas │ │ │ ├── cas │ │ │ ├── CasUser.java │ │ │ ├── CasAuthenticator.java │ │ │ └── PostCasAuthenticationFilter.java │ │ │ ├── auth │ │ │ ├── ResourceOwnerAuthenticator.java │ │ │ ├── LocalResourceOwnerAuthenticator.java │ │ │ ├── ValidationResponseException.java │ │ │ └── AbstractFilter.java │ │ │ ├── repository │ │ │ ├── ExceptionTranslator.java │ │ │ ├── ResourceOwnerRepository.java │ │ │ ├── AuthorizationRequestRepository.java │ │ │ ├── ResourceServerRepository.java │ │ │ ├── ClientRepository.java │ │ │ ├── OpenJPAExceptionTranslator.java │ │ │ └── AccessTokenRepository.java │ │ │ ├── noop │ │ │ ├── NoopResourceOwnerAuthenticator.java │ │ │ ├── NoopAdminAuthenticator.java │ │ │ ├── NoopAuthenticator.java │ │ │ └── NoopUserConsentHandler.java │ │ │ ├── support │ │ │ └── Cleaner.java │ │ │ └── model │ │ │ ├── validation │ │ │ ├── AbstractEntityValid.java │ │ │ └── AbstractEntityValidator.java │ │ │ ├── ValidationErrorResponse.java │ │ │ ├── ResourceOwner.java │ │ │ └── ErrorResponse.java │ │ └── resources │ │ └── META-INF │ │ └── persistence.xml └── README.md ├── apis-authorization-server-dist ├── README.md ├── src │ └── main │ │ ├── resources │ │ ├── context │ │ │ └── ROOT.xml │ │ └── tomcat │ │ │ ├── apis.application.properties.prod │ │ │ ├── apis.application.properties.acc │ │ │ ├── apis.application.properties.dev │ │ │ ├── apis.application.properties.test │ │ │ ├── apis.application.properties.vm │ │ │ ├── apis-logback.xml.acc │ │ │ ├── apis-logback.xml.dev │ │ │ ├── apis-logback.xml.prod │ │ │ ├── apis-logback.xml.test │ │ │ ├── apis-logback.xml.vm │ │ │ ├── surfconext.authn.properties.vm │ │ │ └── surfconext.authn.properties.acc │ │ └── assembly │ │ └── dep.xml ├── build.xml └── pom.xml ├── NOTICE ├── .editorconfig ├── jetty-connector ├── README.md ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── surfnet │ │ └── oaaas │ │ └── jetty │ │ └── SelectChannelConnectorHttps.java │ └── test │ └── java │ └── org │ └── surfnet │ └── oaaas │ └── jetty │ └── SelectChannelConnectorHttpsTest.java ├── apis-resource-server-library ├── README.md └── src │ ├── main │ └── java │ │ └── org │ │ └── surfnet │ │ └── oaaas │ │ ├── model │ │ └── TokenResponseCache.java │ │ └── auth │ │ └── ObjectMapperProvider.java │ └── test │ └── java │ └── org │ └── surfnet │ └── oaaas │ ├── auth │ └── principal │ │ ├── AuthenticatedPrincipalTest.java │ │ └── BasicAuthCredentialsTest.java │ └── model │ └── TokenResponseCacheTest.java ├── CHANGES.md └── apis-surfconext-authn ├── src └── test │ └── java │ └── org │ └── surfnet │ └── oaaas │ └── conext │ └── SAMLAuthenticatedPrincipalTest.java └── pom.xml /apis-images/cool_app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/cool_app.png -------------------------------------------------------------------------------- /apis-images/surf-oauth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/surf-oauth.png -------------------------------------------------------------------------------- /apis-images/university.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/university.png -------------------------------------------------------------------------------- /apis-images/apis-client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/apis-client.png -------------------------------------------------------------------------------- /apis-example-client-app/.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings 4 | .idea 5 | *.iml 6 | target 7 | -------------------------------------------------------------------------------- /apis-example-resource-server/.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings 4 | .idea 5 | *.iml 6 | target 7 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/readme: -------------------------------------------------------------------------------- 1 | http://twitter.github.com/bootstrap/download.html -------------------------------------------------------------------------------- /apis-example-resource-server-war/.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings 4 | .idea 5 | *.iml 6 | target 7 | -------------------------------------------------------------------------------- /apis-images/surf-conext-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/surf-conext-logo.png -------------------------------------------------------------------------------- /apis-images/surf-oauth-client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/surf-oauth-client.png -------------------------------------------------------------------------------- /apis-images/apis_deployment_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-images/apis_deployment_diagram.png -------------------------------------------------------------------------------- /apis-openconext-mock-war/README.md: -------------------------------------------------------------------------------- 1 | OpenConext Mock War 2 | ====== 3 | This project can be ignored. It is used internally by the SAML Authenticator. -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/arrow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/arrow.png -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/img/surf-oauth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/img/surf-oauth.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | notes 2 | .DS_Store 3 | rebel.xml 4 | .classpath 5 | .project 6 | .settings 7 | .idea 8 | *.iml 9 | *.ipr 10 | *.iws 11 | target 12 | bin 13 | .sass-cache -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/Untitled-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/Untitled-3.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/surf-oauth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/surf-oauth.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-example.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/dead-end-sign.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/dead-end-sign.jpg -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-apps-blue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-apps-blue.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-apps-grey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-apps-grey.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-keys-blue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-keys-blue.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-keys-grey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-keys-grey.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-stats-blue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-stats-blue.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-stats-grey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-stats-grey.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/side-nav-server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/side-nav-server.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-servers-blue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-servers-blue.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/icon-servers-grey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/icon-servers-grey.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/dead_end_no_consent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/dead_end_no_consent.jpg -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplAlert.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | {{title}}! {{text}} 4 |
5 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/resources/db/migration/hsqldb/V2_2__insert_resowner.sql: -------------------------------------------------------------------------------- 1 | /* 2 | emma.blunt 3 | */ 4 | INSERT INTO resourceowner (id, username, password) 5 | VALUES (99999,'emma.blunt', 'cafebabe'); -------------------------------------------------------------------------------- /apis-example-resource-server-war/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="org.surfnet.oaaas.model.VerifyTokenResponse"%> 2 | <%= ((VerifyTokenResponse) request.getAttribute("VERIFY_TOKEN_RESPONSE")).getPrincipal() %> -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings-blue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings-blue.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-authorization-server-war/src/main/webapp/client/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.eot -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.svgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.svgz -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.woff -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OAuth-Apis/apis/HEAD/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/README.md: -------------------------------------------------------------------------------- 1 | Apis Distribution 2 | ====== 3 | This project is optionally and not part of the core. It is used for making an environment independent tar file for distribution including the properties file for 'steering' runtime behaviour. -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplResourceServerScope.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 |
5 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplClientRedirectUri.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 |
5 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | OpenConext - Copyright 2012, 2013, 2014 SURFnet bv, The Netherlands 2 | 3 | Unless stated otherwise in source code headers, all software in this repository 4 | is governed by the Apache License, Version 2. 5 | A copy of this license is added in this repository 6 | 7 | This product includes software developed at 8 | SURFnet BV, The Netherlands 9 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/resources/db/migration/hsqldb/V2_1__add_resowner.sql: -------------------------------------------------------------------------------- 1 | CREATE MEMORY TABLE PUBLIC.RESOURCEOWNER(ID BIGINT NOT NULL PRIMARY KEY,CREATIONDATE TIMESTAMP,MODIFICATIONDATE TIMESTAMP,USERNAME VARCHAR(255),PASSWORD VARCHAR(255),CONSTRAINT U_ROWN_USERNAME UNIQUE(USERNAME)); 2 | CREATE INDEX I_RSCOWN_USERNAME ON PUBLIC.RESOURCEOWNER(USERNAME); 3 | -------------------------------------------------------------------------------- /apis-example-resource-server/university-foo-local.yml: -------------------------------------------------------------------------------- 1 | http: 2 | port: 8180 3 | adminPort: 8181 4 | 5 | logging: 6 | level: info 7 | loggers: 8 | "org.surfnet": debug 9 | "openjpa": error 10 | 11 | auth: 12 | authorizationServerUrl: http://localhost:8080/v1/tokeninfo 13 | secret: 58b749f7-acb3-44b7-a38c-53d5ad740cf6 14 | key: university-foo 15 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplDeleteScopeWarning.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | Changing existing scopes might have effect on configured 4 | client apps. Make sure all client app configurations reflect the 5 | changes made here prior to deleting scopes. 6 |
-------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplClientAttribute.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 |
6 | -------------------------------------------------------------------------------- /apis-example-resource-server/README.md: -------------------------------------------------------------------------------- 1 | Example Resource Server 2 | ====== 3 | The Example Resource Server is build using [Dropwizard] (http://dropwizard.codahale.com/). It demonstrates a Resource Server depending on the Authorization Server to validate tokens. 4 | 5 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for detailed instructions on how to start the Example Resource Server. 6 | 7 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/WEB-INF/jsp/userconsent_denied.jsp: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | 11 | [*.java] 12 | indent_style = space 13 | indent_size = 2 14 | 15 | [*.js] 16 | indent_style = space 17 | indent_size = 4 18 | 19 | [*.css] 20 | indent_style = space 21 | indent_size = 4 22 | 23 | [*.xml] 24 | indent_style = space 25 | indent_size = 2 26 | -------------------------------------------------------------------------------- /jetty-connector/README.md: -------------------------------------------------------------------------------- 1 | Jetty Connector for proxied configuration 2 | ====== 3 | This project contains an extension plugin for Jetty that permits to permit a proper Apache (or Nginx) proxying. 4 | This extension permits to implement the configuration described here: 5 | ``` 6 | https http 7 | ---------> Apache -------> Jetty 8 | ``` 9 | 10 | To permit this workflow the request schema is retrieved from the `X-Forwarded-Proto` HTTP header. 11 | This is the standard behavior of Jetty 9, this extension makes it available also in Jetty 8. 12 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/css/client.css: -------------------------------------------------------------------------------- 1 | .subcontent { 2 | margin: auto; 3 | padding-left: 20px; 4 | } 5 | 6 | .form-horizontal .help-block { 7 | font-size: 0.9em; 8 | } 9 | 10 | .input-xxlarge { 11 | width: 290px; 12 | } 13 | 14 | .alert-http { 15 | margin-bottom: 5px; 16 | } 17 | 18 | .pre-json { 19 | font-size: 10px; 20 | line-height: 14px; 21 | } 22 | 23 | .break-word { 24 | word-wrap: break-word; 25 | width: 350px; 26 | } 27 | 28 | form.horizontal input[readonly="readonly"] { 29 | font-size: 0.85em; 30 | } -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/CasUser.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.cas; 2 | 3 | /** 4 | * Created by bourges on 07/08/14. 5 | */ 6 | public class CasUser { 7 | String uid; 8 | boolean isAdmin; 9 | 10 | public String getUid() { 11 | return uid; 12 | } 13 | 14 | public void setUid(String uid) { 15 | this.uid = uid; 16 | } 17 | 18 | public boolean isAdmin() { 19 | return isAdmin; 20 | } 21 | 22 | public void setAdmin(boolean isAdmin) { 23 | this.isAdmin = isAdmin; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /apis-example-client-app/README.md: -------------------------------------------------------------------------------- 1 | Example Client App 2 | ====== 3 | The Example Client App is a very simple Spring web application that is developed for demo purposes. With the client app you can see what the typical flow is for real clients of your Resource Server. The prerequisites for seeing the client app in action are: 4 | 5 | - The Authorization Server up and running 6 | - The Example Resource Server up and running 7 | 8 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for detailed instructions. 9 | 10 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplLanding.html: -------------------------------------------------------------------------------- 1 |
2 |

OAuth 2.0. But dead simple.

3 |

Can you imagine getting an OAuth2 compliant Authorization Server (and this client apparently;-) up in a matter of minutes? Wait and see. By the way, the Apis Authorization Server lets you authenticate against any possible backend of your choice and is totally agnostic as it comes to the flavor of your Resource Server.

4 |

5 | 6 | Login 7 | 8 |

9 |
10 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/js/client.js: -------------------------------------------------------------------------------- 1 | $(function() { 2 | // show the correct step 3 | $('#' + $('input#step').val()).collapse('show'); 4 | 5 | // we are in step 3 of implicit grant 6 | // if ($('#parseAnchorForAccesstoken').val() == 'true') { 7 | // value = window.location.hash.replace("#", ""); 8 | // $('#parseAnchorForAccesstoken').val(''); 9 | // $.get('/v1/test/parseAnchor.shtml?' + value, function(data) { 10 | // $('#responseInfo').html(data); 11 | // $.each(data.split("&"), function(i, value) { 12 | // param = value.split("="); 13 | // if (param[0] == 'access_token') { 14 | // $('#accessTokenValue').html(param[1]); 15 | // } 16 | // }); 17 | // }); 18 | // } 19 | }); 20 | -------------------------------------------------------------------------------- /apis-resource-server-library/README.md: -------------------------------------------------------------------------------- 1 | Authorization Resource Server Library jar 2 | ====== 3 | The Authorization Resource Server Library jar module contains the minimal dependency set for a Resource Server to include if the Resource Servers wants to leverage the Filter that checks the access-token with each API request on the Resource Server. 4 | 5 | For more information how to configure the Filter and protect your endpoints on the Resource Server(s) see: 6 | 7 | * apis/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java 8 | 9 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for overall documentation. 10 | 11 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/context/ROOT.xml: -------------------------------------------------------------------------------- 1 | 16 | -------------------------------------------------------------------------------- /apis-openconext-mock-war/src/main/java/org/surfnet/oaaas/conext/mock/OpenConextServlet.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.conext.mock; 2 | 3 | import javax.servlet.ServletConfig; 4 | import javax.servlet.ServletException; 5 | import javax.servlet.http.HttpServlet; 6 | import javax.servlet.http.HttpServletRequest; 7 | import javax.servlet.http.HttpServletResponse; 8 | import java.io.IOException; 9 | 10 | public class OpenConextServlet extends HttpServlet { 11 | 12 | private String callBackUrl; 13 | 14 | @Override 15 | public void init(ServletConfig config) throws ServletException { 16 | super.init(config); 17 | callBackUrl = config.getInitParameter("call-back-url"); 18 | } 19 | 20 | @Override 21 | protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 22 | resp.sendRedirect(callBackUrl); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/ResourceOwnerAuthenticator.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.auth; 2 | 3 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 4 | 5 | /** 6 | * Defines the service contract for authentication of resource owners. 7 | * 8 | * @author sfitts 9 | * 10 | */ 11 | public interface ResourceOwnerAuthenticator { 12 | 13 | /** 14 | * Authenticate the given resource owner credentials. 15 | * 16 | * @param username 17 | * the user name of the resource owner 18 | * @param password 19 | * the password of the resource owner 20 | * @return the {@link AuthenticatedPrincipal} associated with the given credentials. Will 21 | * return {@code null} if the credentials could not be authenticated. 22 | */ 23 | AuthenticatedPrincipal authenticate(String username, String password); 24 | 25 | } 26 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ExceptionTranslator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | public interface ExceptionTranslator { 20 | 21 | Exception translate(Throwable e); 22 | } 23 | -------------------------------------------------------------------------------- /CHANGES.md: -------------------------------------------------------------------------------- 1 | ## 1.3.6 2 | 3 | Issue #53: Be explicit about a move to Java 7. 4 | 5 | Issue #46: Now behaving according to spec. 6 | 7 | ## 1.3.0 8 | 9 | Issue #17 is fixed: Changed default properties file for resource servers that use the AuthorizationServerFilter for token verification: it now is 'apis-resource-server.properties'. 10 | To be consistent, the servlet filter's init-param has been renamed as well, from 'apis.application.properties.file' to 'apis-resource-server.properties.file'. 11 | Migration consists of either: 12 | 13 | - Rename your current apis.application.properties (only for the resource server!) to 'apis-resource-server.properties'. 14 | 15 | or 16 | 17 | - Change the init-param in your web.xml from 'apis.application.properties.file' to 'apis-resource-server.properties.file' 18 | 19 | Which one to use depends on whether you currently use the init-param or rely on the default file name. 20 | 21 | 22 | ## 1.2.6 23 | 24 | Issue #15 Type information fixed 25 | -------------------------------------------------------------------------------- /apis-example-client-app/src/test/resources/client.apis.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | redirect_uri = http://localhost:8084/redirect 18 | token_uri = http://localhost:8080/oauth2/token 19 | client_id = cool_app_id 20 | client_secret = secret 21 | authorize_url = http://localhost:8080/oauth2/authorize 22 | resource_server_api_url = http://localhost:8180/v1/api/course -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/resources/apis.application.test.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=org.hsqldb.jdbcDriver 19 | #jdbc.url=jdbc:hsqldb:hsq://localhost/xdb 20 | #jdbc.url=jdbc:hsqldb:hsql//localhost/target/db;ifexists=false 21 | jdbc.url=jdbc:hsqldb:file:target/db;hsqldb.lock_file=false 22 | jdbc.username=sa 23 | jdbc.password= 24 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/resources/mujina-idp.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | ASSERTION_VALIDITY_TIME_INS_SECONDS=90 18 | 19 | REPLAY_CACHE_LIFE_IN_MILLIS=14400000 20 | ISSUE_INSTANT_CHECK_CLOCK_SKEW_IN_SECONDS=90 21 | ISSUE_INSTANT_CHECK_VALIDITY_TIME_IN_SECONDS=300 22 | 23 | MAX_PARSER_POOL_SIZE=2 24 | AUTHN_RESPONDER_URI=/AuthnResponder 25 | SSO_SERVICE_URI=/SingleSignOnService 26 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/resources/db/migration/mysql/V1__auth-server-admin.sql: -------------------------------------------------------------------------------- 1 | /* 2 | Local administration application 3 | */ 4 | INSERT INTO resourceserver (id, contactEmail, contactName, name, key0, secret, owner, thumbNailUrl) 5 | VALUES 6 | (99998, 'localadmin@example.com','local admin','Authorization Server Apis', 7 | 'authorization-server-admin', 'cafebabe-cafe-babe-cafe-babecafebabe', null, 'https://static.surfconext.nl/media/logo-surfnet-small.png'); 8 | INSERT INTO Resourceserver_scopes values (99998, 'read'),(99998, 'write') ; 9 | 10 | INSERT INTO client (id, contactEmail, contactName, description, name, thumbNailUrl, resourceserver_id, 11 | clientId, secret) 12 | VALUES 13 | (99998, 'client@coolapp.com', 'john.doe', 'Javascript application for authorization server administration', 14 | 'Authorization Server Admin Client', 15 | 'https://static.surfconext.nl/media/logo-surfnet-small.png', 99998, 16 | 'authorization-server-admin-js-client', ''); 17 | INSERT INTO Client_scopes values (99998, 'read'), (99998, 'write'); 18 | -------------------------------------------------------------------------------- /apis-example-resource-server-war/src/test/resources/apis-resource-server.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 18 | adminService.tokenVerificationUrl=http://localhost:8080/v1/tokeninfo 19 | adminService.resourceServerKey=it-test-resource-server 20 | adminService.resourceServerSecret=somesecret 21 | adminService.jsonTypeInfoIncluded=true 22 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/js/jquery-extensions.js: -------------------------------------------------------------------------------- 1 | $.fn.serializeObject = function() 2 | { 3 | var o = {}; 4 | var a = this.serializeArray(); 5 | $.each(a, function() { 6 | if (o[this.name] !== undefined) { 7 | if (!o[this.name].push) { 8 | o[this.name] = [o[this.name]]; 9 | } 10 | o[this.name].push(this.value || ''); 11 | } else { 12 | o[this.name] = this.value || ''; 13 | } 14 | }); 15 | return o; 16 | }; 17 | 18 | /* 19 | Enhancement to $.unique, to work on non-domelements as well. 20 | From http://paulirish.com/2010/duck-punching-with-jquery/ 21 | */ 22 | (function($){ 23 | 24 | var _old = $.unique; 25 | 26 | $.unique = function(arr){ 27 | 28 | // do the default behavior only if we got an array of elements 29 | if (!!arr[0].nodeType){ 30 | return _old.apply(this,arguments); 31 | } else { 32 | // reduce the array to contain no dupes via grep/inArray 33 | return $.grep(arr,function(v,k){ 34 | return $.inArray(v,arr) === k; 35 | }); 36 | } 37 | }; 38 | })(jQuery); -------------------------------------------------------------------------------- /apis-authorization-server-war/README.md: -------------------------------------------------------------------------------- 1 | Authorization Server web application 2 | ====== 3 | The Authorization Server web application is a WAR-wrapper around the main functionality of the `apis-authorization-server` module. 4 | It provides a fully functional web application ready to be deployed in a servlet container. 5 | 6 | Components of the web application are: 7 | * plain JS/HTML client for administration of resource servers and clients. (using implicit grant) 8 | * `FormLoginAuthenticator`, `FormUserConsentHandler` 9 | * Bean wiring, using `SpringConfiguration` class 10 | * property files, for environment specific configuration. 11 | 12 | ## Extending the web application 13 | With separating the components of the war and the core jar, it should be possible to pick only a subset of functionalities and build your own web application. 14 | To extend/modify the default web application, extend `SpringConfiguration` to inject your own framework beans. 15 | 16 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for overall documentation. 17 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/LocalResourceOwnerAuthenticator.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.auth; 2 | 3 | import javax.inject.Inject; 4 | 5 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 6 | import org.surfnet.oaaas.model.ResourceOwner; 7 | import org.surfnet.oaaas.repository.ResourceOwnerRepository; 8 | 9 | /** 10 | * Implementation of {@link ResourceOwnerAuthenticator} which uses the local auth server model 11 | * to authenticate. 12 | * 13 | * @author sfitts 14 | * 15 | */ 16 | public class LocalResourceOwnerAuthenticator implements ResourceOwnerAuthenticator { 17 | 18 | @Inject 19 | private ResourceOwnerRepository resourceOwnerRepository; 20 | 21 | @Override 22 | public AuthenticatedPrincipal authenticate(String username, String password) { 23 | ResourceOwner user = resourceOwnerRepository.findByUsername(username); 24 | if (user == null) { 25 | return null; 26 | } 27 | 28 | // Validate password 29 | if (!user.checkPassword(password)) { 30 | return null; 31 | } 32 | return new AuthenticatedPrincipal(username); 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceOwnerRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import org.springframework.data.repository.CrudRepository; 20 | import org.springframework.stereotype.Repository; 21 | import org.surfnet.oaaas.model.ResourceOwner; 22 | 23 | @Repository 24 | public interface ResourceOwnerRepository extends CrudRepository { 25 | 26 | ResourceOwner findByUsername(String username); 27 | } 28 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/resources/db/migration/mysql_content/V1__auth-server-admin.sql: -------------------------------------------------------------------------------- 1 | /* 2 | Local administration application 3 | */ 4 | INSERT INTO resourceserver (id, contactEmail, contactName, resourceServerName, resourceServerKey, secret, owner, thumbNailUrl) 5 | VALUES 6 | (99998, 'localadmin@example.com','local admin','Authorization Server Apis', 7 | 'authorization-server-admin', 'cafebabe-cafe-babe-cafe-babecafebabe', null, 'https://raw.github.com/OpenConextApps/apis/master/apis-images/surf-oauth.png'); 8 | INSERT INTO ResourceServer_scopes values (99998, 'read'),(99998, 'write') ; 9 | 10 | INSERT INTO client (id, contactEmail, contactName, description, clientName, thumbNailUrl, resourceserver_id, 11 | clientId, includePrincipal, allowedImplicitGrant) 12 | VALUES 13 | (99998, 'client@coolapp.com', 'john.doe', 'Javascript application for authorization server administration', 14 | 'Authorization Server Admin Client', 15 | 'https://raw.github.com/OpenConextApps/apis/master/apis-images/surf-oauth-client.png', 99998, 16 | 'authorization-server-admin-js-client', 1, 1); 17 | INSERT INTO Client_scopes values (99998, 'read'), (99998, 'write'); -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/resources/jetty-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | 20 | 21 | 22 | org.eclipse.jetty.server.webapp.WebInfIncludeJarPattern 23 | .*/.*jsp-api-[^/]\.jar$|./.*jsp-[^/]\.jar$|./.*taglibs[^/]*\.jar$ 24 | 25 | -------------------------------------------------------------------------------- /apis-resource-server-library/src/main/java/org/surfnet/oaaas/model/TokenResponseCache.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model; 20 | 21 | public interface TokenResponseCache { 22 | 23 | VerifyTokenResponse getVerifyToken(String accessToken); 24 | 25 | void storeVerifyToken(String accessToken, VerifyTokenResponse tokenResponse); 26 | } 27 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/resources/META-INF/persistence.xml: -------------------------------------------------------------------------------- 1 | 16 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | 20 | 21 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/resources/apis-logback.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | 20 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopResourceOwnerAuthenticator.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.noop; 2 | 3 | import org.surfnet.oaaas.auth.ResourceOwnerAuthenticator; 4 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 5 | 6 | /** 7 | * Minimal implementation of {@link ResourceOwnerAuthenticator} designed to satisfy the contract. 8 | * Useful for testing or demonstration purposes, but clearly not fit for production. 9 | * 10 | * @author sfitts 11 | * 12 | */ 13 | public class NoopResourceOwnerAuthenticator implements ResourceOwnerAuthenticator { 14 | 15 | public static final String BAD_USER = "xxxBAD USERxxx"; 16 | 17 | @Override 18 | public AuthenticatedPrincipal authenticate(String username, String password) { 19 | if (username == null) { 20 | throw new IllegalArgumentException("Must supply a non-null user name"); 21 | } 22 | 23 | if (password == null) { 24 | throw new IllegalArgumentException("Must supply a non-null password."); 25 | } 26 | 27 | // Is this our bad user? 28 | if (BAD_USER.equals(username)) { 29 | return null; 30 | } 31 | return new AuthenticatedPrincipal(username); 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/build.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | 20 | 21 | 22 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/AuthorizationRequestRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import org.springframework.data.repository.CrudRepository; 20 | import org.springframework.stereotype.Repository; 21 | import org.surfnet.oaaas.model.AuthorizationRequest; 22 | 23 | @Repository 24 | public interface AuthorizationRequestRepository extends CrudRepository { 25 | 26 | AuthorizationRequest findByAuthState(String authState); 27 | 28 | AuthorizationRequest findByAuthorizationCode(String authorizationCode); 29 | 30 | 31 | } 32 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import java.util.List; 20 | 21 | import org.springframework.data.repository.CrudRepository; 22 | import org.springframework.stereotype.Repository; 23 | import org.surfnet.oaaas.model.ResourceServer; 24 | 25 | @Repository 26 | public interface ResourceServerRepository extends CrudRepository { 27 | 28 | List findByOwner(String owner); 29 | 30 | ResourceServer findByIdAndOwner(Long id, String owner); 31 | 32 | ResourceServer findByKey(String key); 33 | } 34 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/ValidationResponseException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.auth; 20 | 21 | import org.surfnet.oaaas.auth.OAuth2Validator.ValidationResponse; 22 | 23 | @SuppressWarnings("serial") 24 | public class ValidationResponseException extends RuntimeException { 25 | public final ValidationResponse v; 26 | 27 | public ValidationResponseException(ValidationResponse v) { 28 | this.v = v; 29 | } 30 | } -------------------------------------------------------------------------------- /apis-example-resource-server-war/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 12 | 13 | oaaas-example-resource-server 14 | 15 | 16 | 17 | authorization-server 18 | org.surfnet.oaaas.auth.AuthorizationServerFilter 19 | 20 | 21 | authorization-server 22 | /* 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/resources/spring-repositories.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import java.util.List; 20 | 21 | import org.springframework.data.repository.CrudRepository; 22 | import org.springframework.stereotype.Repository; 23 | import org.surfnet.oaaas.model.Client; 24 | import org.surfnet.oaaas.model.ResourceServer; 25 | 26 | @Repository 27 | public interface ClientRepository extends CrudRepository { 28 | 29 | List findByResourceServer(ResourceServer resourceServer); 30 | 31 | Client findByIdAndResourceServer(Long id, ResourceServer resourceServer); 32 | 33 | Client findByClientId(String clientId); 34 | 35 | } 36 | -------------------------------------------------------------------------------- /apis-resource-server-library/src/test/java/org/surfnet/oaaas/auth/principal/AuthenticatedPrincipalTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | package org.surfnet.oaaas.auth.principal; 21 | 22 | import org.junit.Test; 23 | 24 | import static org.junit.Assert.assertEquals; 25 | 26 | public class AuthenticatedPrincipalTest { 27 | 28 | @Test 29 | public void testSerialization() { 30 | AuthenticatedPrincipal principal = new AuthenticatedPrincipal("emma.blunt"); 31 | assertEquals("emma.blunt",AuthenticatedPrincipal.deserialize(principal.serialize()).getDisplayName()); 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /apis-example-resource-server-war/src/test/java/org/surfnet/oaaas/it/AuthorizationFilterIntegration.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.it; 2 | 3 | import static org.junit.Assert.assertEquals; 4 | import static org.junit.Assert.assertTrue; 5 | 6 | import java.net.HttpURLConnection; 7 | import java.net.URL; 8 | 9 | import org.apache.commons.io.IOUtils; 10 | import org.apache.commons.lang.StringUtils; 11 | import org.junit.Before; 12 | import org.junit.Test; 13 | 14 | /** 15 | * 16 | * See http://maven.apache.org/plugins/maven-failsafe-plugin/examples/inclusion- 17 | * exclusion.html 18 | * 19 | */ 20 | public class AuthorizationFilterIntegration { 21 | private String baseUrl; 22 | 23 | @Before 24 | public void setUp() throws Exception { 25 | String port = System.getProperty("servlet.port"); 26 | port = (StringUtils.isBlank(port) ? port = "8082" : port); 27 | this.baseUrl = "http://localhost:" + port ; 28 | } 29 | 30 | @Test 31 | public void testCallIndexPage() throws Exception { 32 | URL url = new URL(this.baseUrl); 33 | HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 34 | connection.setRequestProperty("Authorization", "bearer 74eccf5f-0995-4e1c-b08c-d05dd5a0f89b"); 35 | connection.connect(); 36 | assertEquals(200, connection.getResponseCode()); 37 | String output = IOUtils.toString(connection.getInputStream()); 38 | assertTrue(output.contains("emma.blunt")); 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/support/Cleaner.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.support; 2 | 3 | import org.slf4j.Logger; 4 | import org.slf4j.LoggerFactory; 5 | import org.springframework.scheduling.annotation.Scheduled; 6 | import org.surfnet.oaaas.model.AccessToken; 7 | import org.surfnet.oaaas.repository.AccessTokenRepository; 8 | 9 | import javax.inject.Inject; 10 | import java.util.Date; 11 | 12 | /** 13 | * Helper class that contains scheduled tasks for database cleanup 14 | */ 15 | public class Cleaner { 16 | private static final Logger LOG = LoggerFactory.getLogger(Cleaner.class); 17 | 18 | @Inject 19 | private AccessTokenRepository accessTokenRepository; 20 | 21 | /** 22 | * Interval in ms between cleanup jobs 23 | */ 24 | private static final long CLEANUP_INTERVAL = 1000 * 3600; 25 | 26 | /** 27 | * Throw away expired tokens after 30 days 28 | */ 29 | private static final long EXPIRED_TOKEN_CLEANUP_AGE = 1000L * 3600 * 24 * 30; 30 | 31 | @Scheduled(fixedDelay = CLEANUP_INTERVAL) 32 | public void cleanupExpiredAccessTokens() { 33 | LOG.debug("Cleaning up expired access tokens"); 34 | for (AccessToken at : accessTokenRepository.findByMaxExpires(System.currentTimeMillis() - EXPIRED_TOKEN_CLEANUP_AGE)) { 35 | LOG.debug("Deleting expired access token {} (created: {}, expired: {})", at.getToken(), at.getCreationDate(), new Date(at.getExpires())); 36 | accessTokenRepository.delete(at); 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopAdminAuthenticator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.noop; 18 | 19 | import java.io.IOException; 20 | 21 | import javax.servlet.FilterChain; 22 | import javax.servlet.ServletException; 23 | import javax.servlet.http.HttpServletRequest; 24 | import javax.servlet.http.HttpServletResponse; 25 | 26 | import org.surfnet.oaaas.auth.AbstractAuthenticator; 27 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 28 | 29 | /** 30 | * Grants isAdmin authority to the Principal 31 | */ 32 | public class NoopAdminAuthenticator extends NoopAuthenticator { 33 | 34 | @Override 35 | protected AuthenticatedPrincipal getAuthenticatedPrincipal() { 36 | AuthenticatedPrincipal principal = super.getAuthenticatedPrincipal(); 37 | principal.setAdminPrincipal(true); 38 | return principal; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/model/AbstractEntityTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model; 20 | 21 | import javax.validation.Validation; 22 | import javax.validation.Validator; 23 | import javax.validation.ValidatorFactory; 24 | 25 | import org.junit.BeforeClass; 26 | import org.junit.Test; 27 | 28 | /** 29 | * {@link Test} for {@link AbstractEntity} subclasses for validation 30 | * 31 | */ 32 | public abstract class AbstractEntityTest { 33 | 34 | protected static Validator validator; 35 | 36 | @BeforeClass 37 | public static void setUp() { 38 | ValidatorFactory factory = Validation.buildDefaultValidatorFactory(); 39 | validator = factory.getValidator(); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /apis-surfconext-authn/src/test/java/org/surfnet/oaaas/conext/SAMLAuthenticatedPrincipalTest.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.conext; 2 | 3 | import org.junit.Test; 4 | import org.springframework.security.core.GrantedAuthority; 5 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 6 | 7 | import java.io.IOException; 8 | import java.util.Arrays; 9 | import java.util.Collection; 10 | import java.util.HashMap; 11 | import java.util.Map; 12 | 13 | import static org.junit.Assert.assertEquals; 14 | import static org.junit.Assert.assertTrue; 15 | 16 | public class SAMLAuthenticatedPrincipalTest { 17 | 18 | @Test 19 | public void testSerialization() throws IOException { 20 | Map attributes = new HashMap(); 21 | attributes.put("key", "value"); 22 | String identityProvider = "http://universiteit-hardewijk"; 23 | String displayName = "gebruiker.pi"; 24 | AuthenticatedPrincipal principal = new SAMLAuthenticatedPrincipal("ud.id.name.pi", Arrays.asList(new String[]{"USER", "ADMIN"}), attributes, Arrays.asList(new String[]{"id.group.1", "id.group.2", "id.group.3"}), identityProvider, displayName, true); 25 | String json = principal.serialize(); 26 | SAMLAuthenticatedPrincipal samlPrincipal = (SAMLAuthenticatedPrincipal) AuthenticatedPrincipal.deserialize(json); 27 | assertTrue(samlPrincipal.isGroupAware()); 28 | assertEquals(identityProvider, samlPrincipal.getIdentityProvider()); 29 | assertEquals(displayName, samlPrincipal.getDisplayName()); 30 | assertTrue(samlPrincipal.isAdminPrincipal()); 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 12 | 13 | 14 | mvc 15 | org.springframework.web.servlet.DispatcherServlet 16 | 17 | contextClass 18 | org.springframework.web.context.support.AnnotationConfigWebApplicationContext 19 | 20 | 21 | contextConfigLocation 22 | org.surfnet.oaaas.config.SpringConfiguration 23 | 24 | 25 | 1 26 | 27 | 28 | 29 | 30 | mvc 31 | / 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis.application.properties.prod: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=com.mysql.jdbc.Driver 19 | jdbc.url=jdbc\:mysql\://db.surfconext.nl\:3306/apis 20 | jdbc.username=apisrw 21 | jdbc.password=?? 22 | 23 | # Either db/migration/mysql or db/migration/hsqldb or your custom implementation (e.g. postgres) 24 | flyway.migrations.location=db/migration/mysql, db/migration/mysql_content 25 | 26 | # The authentication module 27 | authenticatorClass=org.surfnet.oaaas.conext.SAMLAuthenticator 28 | 29 | # The user consent module 30 | userConsentHandlerClass=org.surfnet.oaaas.consent.FormUserConsentHandler 31 | 32 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 33 | adminService.tokenVerificationUrl=https\://apis.surfconext.nl/v1/tokeninfo 34 | adminService.resourceServerKey=authorization-server-admin 35 | adminService.resourceServerSecret=??? 36 | adminService.jsonTypeInfoIncluded=false 37 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis.application.properties.acc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=com.mysql.jdbc.Driver 19 | jdbc.url=jdbc\:mysql\://db.acc.surfconext.nl\:3306/apis 20 | jdbc.username=apisrw 21 | jdbc.password=?? 22 | 23 | # Either db/migration/mysql or db/migration/hsqldb or your custom implementation (e.g. postgres) 24 | flyway.migrations.location=db/migration/mysql, db/migration/mysql_content 25 | 26 | # The authentication module 27 | authenticatorClass=org.surfnet.oaaas.conext.SAMLAuthenticator 28 | 29 | # The user consent module 30 | userConsentHandlerClass=org.surfnet.oaaas.consent.FormUserConsentHandler 31 | 32 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 33 | adminService.tokenVerificationUrl=https\://apis.acc.surfconext.nl/v1/tokeninfo 34 | adminService.resourceServerKey=authorization-server-admin 35 | adminService.resourceServerSecret=??? 36 | adminService.jsonTypeInfoIncluded=false 37 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis.application.properties.dev: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=com.mysql.jdbc.Driver 19 | jdbc.url=jdbc\:mysql\://db.dev.surfconext.nl\:3306/apis 20 | jdbc.username=apisrw 21 | jdbc.password=?? 22 | 23 | # Either db/migration/mysql or db/migration/hsqldb or your custom implementation (e.g. postgres) 24 | flyway.migrations.location=db/migration/mysql, db/migration/mysql_content 25 | 26 | # The authentication module 27 | authenticatorClass=org.surfnet.oaaas.conext.SAMLAuthenticator 28 | 29 | # The user consent module 30 | userConsentHandlerClass=org.surfnet.oaaas.consent.FormUserConsentHandler 31 | 32 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 33 | adminService.tokenVerificationUrl=https\://apis.dev.surfconext.nl/v1/tokeninfo 34 | adminService.resourceServerKey=authorization-server-admin 35 | adminService.resourceServerSecret=??? 36 | adminService.jsonTypeInfoIncluded=false 37 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis.application.properties.test: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=com.mysql.jdbc.Driver 19 | jdbc.url=jdbc\:mysql\://db.test.surfconext.nl\:3306/apis 20 | jdbc.username=apisrw 21 | jdbc.password=?? 22 | 23 | # Either db/migration/mysql or db/migration/hsqldb or your custom implementation (e.g. postgres) 24 | flyway.migrations.location=db/migration/mysql, db/migration/mysql_content 25 | 26 | # The authentication module 27 | authenticatorClass=org.surfnet.oaaas.conext.SAMLAuthenticator 28 | 29 | # The user consent module 30 | userConsentHandlerClass=org.surfnet.oaaas.consent.FormUserConsentHandler 31 | 32 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 33 | adminService.tokenVerificationUrl=https\://apis.test.surfconext.nl/v1/tokeninfo 34 | adminService.resourceServerKey=authorization-server-admin 35 | adminService.resourceServerSecret=??? 36 | adminService.jsonTypeInfoIncluded=false 37 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis.application.properties.vm: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # The database settings 18 | jdbc.driverClassName=com.mysql.jdbc.Driver 19 | jdbc.url=jdbc\:mysql\://db._OPENCONEXT_DOMAIN_\:3306/apis 20 | jdbc.username=root 21 | jdbc.password=c0n3xt 22 | 23 | # Either db/migration/mysql or db/migration/hsqldb or your custom implementation (e.g. postgres) 24 | flyway.migrations.location=db/migration/mysql, db/migration/mysql_content 25 | 26 | # The authentication module 27 | authenticatorClass=org.surfnet.oaaas.conext.SAMLAuthenticator 28 | 29 | # The user consent module 30 | userConsentHandlerClass=org.surfnet.oaaas.consent.FormUserConsentHandler 31 | 32 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens 33 | adminService.tokenVerificationUrl=https\://apis._OPENCONEXT_DOMAIN_/v1/tokeninfo 34 | adminService.resourceServerKey=authorization-server-admin 35 | adminService.resourceServerSecret=cafebabe-cafe-babe-cafe-babecafebabe 36 | adminService.jsonTypeInfoIncluded=false 37 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | 20 | 21 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /apis-resource-server-library/src/test/java/org/surfnet/oaaas/auth/principal/BasicAuthCredentialsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.auth.principal; 20 | 21 | import org.junit.Test; 22 | 23 | import static org.junit.Assert.assertEquals; 24 | import static org.junit.Assert.assertTrue; 25 | 26 | public class BasicAuthCredentialsTest { 27 | 28 | @Test 29 | public void testGetAuthorizationHeaderValue() throws Exception { 30 | BasicAuthCredentials credentials = new BasicAuthCredentials("john.doe","secret"); 31 | assertTrue(credentials.isValid()); 32 | 33 | BasicAuthCredentials fromAuthValue = 34 | BasicAuthCredentials.createCredentialsFromHeader(credentials.getAuthorizationHeaderValue()); 35 | assertEquals(credentials.getUsername(), fromAuthValue.getUsername()); 36 | assertEquals(credentials.getPassword(), fromAuthValue.getPassword()); 37 | 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /jetty-connector/pom.xml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 4.0.0 11 | 12 | 13 | ../pom.xml 14 | nl.surfnet.apis 15 | apis-parent 16 | 1.3.6-SNAPSHOT 17 | 18 | 19 | jetty-connector 20 | jar 21 | Connector to customize schema for Jetty 8 22 | 23 | 24 | 25 | org.mortbay.jetty 26 | jetty-maven-plugin 27 | ${jetty-maven-plugin.version} 28 | 29 | 30 | junit 31 | junit 32 | 33 | 34 | org.mockito 35 | mockito-all 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/UniversityFooConfiguration.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api; 20 | 21 | import javax.validation.Valid; 22 | import javax.validation.constraints.NotNull; 23 | 24 | import org.codehaus.jackson.annotate.JsonProperty; 25 | 26 | import com.yammer.dropwizard.config.Configuration; 27 | 28 | /** 29 | * Main Configuration 30 | * 31 | */ 32 | public class UniversityFooConfiguration extends Configuration { 33 | 34 | @Valid 35 | @NotNull 36 | @JsonProperty 37 | private AuthConfiguration auth = new AuthConfiguration(); 38 | 39 | /** 40 | * @return the auth 41 | */ 42 | public AuthConfiguration getAuth() { 43 | return auth; 44 | } 45 | 46 | /** 47 | * @param auth the auth to set 48 | */ 49 | public void setAuth(AuthConfiguration auth) { 50 | this.auth = auth; 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/assembly/dep.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | bin 20 | 21 | tar.gz 22 | 23 | 24 | 25 | 26 | src/main/resources/tomcat 27 | tomcat/conf/classpath_properties 28 | 29 | **/*.* 30 | 31 | 32 | 33 | target/resources/context 34 | tomcat/conf/context 35 | 36 | **/*.* 37 | 38 | 39 | 40 | 41 | 42 | 43 | /tomcat/webapps 44 | false 45 | runtime 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /apis-openconext-mock-war/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 23 | 24 | OpenConext Mock 25 | 26 | 27 | openconext-mock-server 28 | org.surfnet.oaaas.conext.mock.OpenConextServlet 29 | 30 | call-back-url 31 | http://localhost:8080/oauth2/authorize?apiOauthCallback=true 32 | 33 | 1 34 | 35 | 36 | 37 | openconext-mock-server 38 | /authorize/* 39 | 40 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/webapp/assets/css/style-additional.css: -------------------------------------------------------------------------------- 1 | div#editResourceServerView { display:none; } 2 | 3 | 4 | /* bootstrap alert */ 5 | 6 | .clearfix { 7 | *zoom: 1; 8 | } 9 | .clearfix:before, 10 | .clearfix:after { 11 | display: table; 12 | content: ""; 13 | } 14 | .clearfix:after { 15 | clear: both; 16 | } 17 | .hide-text { 18 | font: 0/0 a; 19 | color: transparent; 20 | text-shadow: none; 21 | background-color: transparent; 22 | border: 0; 23 | } 24 | .input-block-level { 25 | display: block; 26 | width: 100%; 27 | min-height: 28px; 28 | -webkit-box-sizing: border-box; 29 | -moz-box-sizing: border-box; 30 | -ms-box-sizing: border-box; 31 | box-sizing: border-box; 32 | } 33 | .alert { 34 | padding: 8px 35px 8px 14px; 35 | margin-bottom: 18px; 36 | text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); 37 | background-color: #fcf8e3; 38 | border: 1px solid #fbeed5; 39 | -webkit-border-radius: 4px; 40 | -moz-border-radius: 4px; 41 | border-radius: 4px; 42 | color: #c09853; 43 | } 44 | .alert-heading { 45 | color: inherit; 46 | } 47 | .alert .close { 48 | position: relative; 49 | top: -2px; 50 | right: -21px; 51 | line-height: 18px; 52 | } 53 | .alert-success { 54 | background-color: #dff0d8; 55 | border-color: #d6e9c6; 56 | color: #468847; 57 | } 58 | .alert-danger, 59 | .alert-error { 60 | background-color: #f2dede; 61 | border-color: #eed3d7; 62 | color: #b94a48; 63 | } 64 | .alert-info { 65 | background-color: #d9edf7; 66 | border-color: #bce8f1; 67 | color: #3a87ad; 68 | } 69 | .alert-block { 70 | padding-top: 14px; 71 | padding-bottom: 14px; 72 | } 73 | .alert-block > p, 74 | .alert-block > ul { 75 | margin-bottom: 0; 76 | } 77 | .alert-block p + p { 78 | margin-top: 5px; 79 | } -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/model/validation/AbstractEntityValid.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model.validation; 20 | import java.lang.annotation.Documented; 21 | import java.lang.annotation.Retention; 22 | import java.lang.annotation.Target; 23 | 24 | import javax.validation.Constraint; 25 | import javax.validation.Payload; 26 | 27 | import static java.lang.annotation.ElementType.TYPE; 28 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 29 | 30 | /** 31 | * Ensures the {@link org.surfnet.oaaas.model.AbstractEntity} is validated. 32 | * 33 | */ 34 | @Target( { TYPE }) 35 | @Retention(RUNTIME) 36 | @Constraint(validatedBy = AbstractEntityValidator.class) 37 | @Documented 38 | public @interface AbstractEntityValid { 39 | 40 | String message() default ""; 41 | 42 | Class[] groups() default {}; 43 | 44 | Class[] payload() default {}; 45 | } 46 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ValidationErrorResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.model; 18 | 19 | import java.util.ArrayList; 20 | import java.util.List; 21 | import java.util.Set; 22 | 23 | import javax.validation.ConstraintViolation; 24 | import javax.xml.bind.annotation.XmlRootElement; 25 | 26 | import org.codehaus.jackson.annotate.JsonProperty; 27 | import org.codehaus.jackson.map.annotate.JsonSerialize; 28 | 29 | /** 30 | * POJO representing an error response used when dealing with resources. 31 | * 32 | */ 33 | @XmlRootElement 34 | @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) 35 | public class ValidationErrorResponse { 36 | 37 | @JsonProperty 38 | private List violations = new ArrayList(); 39 | 40 | public ValidationErrorResponse() { 41 | } 42 | 43 | public ValidationErrorResponse(Set> violations) { 44 | for (ConstraintViolation v : violations) { 45 | this.violations.add(v.getMessage()); 46 | } 47 | } 48 | 49 | public List getViolations() { 50 | return violations; 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/CasAuthenticator.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.cas; 2 | 3 | import org.surfnet.oaaas.auth.AbstractAuthenticator; 4 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 5 | 6 | import javax.servlet.FilterChain; 7 | import javax.servlet.ServletException; 8 | import javax.servlet.http.HttpServletRequest; 9 | import javax.servlet.http.HttpServletResponse; 10 | import java.io.IOException; 11 | 12 | /** 13 | * Created by bourges on 05/08/14. 14 | */ 15 | public class CasAuthenticator extends AbstractAuthenticator { 16 | @Override 17 | public boolean canCommence(HttpServletRequest request) { 18 | return getAuthStateValue(request) != null; 19 | } 20 | 21 | @Override 22 | public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String authStateValue, String returnUri) throws IOException, ServletException { 23 | CasUser casUser = (CasUser) request.getSession().getAttribute(PostCasAuthenticationFilter.POST_CAS_AUTHENTICATION_INFO); 24 | if (casUser == null) { 25 | String uri = request.getRequestURI(); 26 | String queryString = request.getQueryString(); 27 | request.getSession().setAttribute(PostCasAuthenticationFilter.REDIRECT_URL, uri + "?" + queryString); 28 | response.sendRedirect("/cas"); 29 | return; 30 | } 31 | else { 32 | AuthenticatedPrincipal principal = new AuthenticatedPrincipal(casUser.getUid()); 33 | principal.setAdminPrincipal(casUser.isAdmin); 34 | super.setPrincipal(request, principal); 35 | super.setAuthStateValue(request, authStateValue); 36 | chain.doFilter(request, response); 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/model/validation/AbstractEntityValidator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model.validation; 20 | 21 | import javax.validation.ConstraintValidator; 22 | import javax.validation.ConstraintValidatorContext; 23 | 24 | import org.surfnet.oaaas.model.AbstractEntity; 25 | 26 | /** 27 | * {@link ConstraintValidator} that validates {@link org.surfnet.oaaas.model.AbstractEntity} by calling 28 | * the {@link org.surfnet.oaaas.model.AbstractEntity#validate(javax.validation.ConstraintValidatorContext)} 29 | * 30 | */ 31 | public class AbstractEntityValidator implements ConstraintValidator { 32 | 33 | @Override 34 | public void initialize(AbstractEntityValid constraintAnnotation) { 35 | } 36 | 37 | @Override 38 | public boolean isValid(AbstractEntity entity, ConstraintValidatorContext context) { 39 | return entity.validate(context); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplStatisticsGrid.html: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 |
19 |

Statistics

20 | {{#if resourceServers}} 21 |
22 |

All your Resource Servers and client statistics

23 |
24 | {{#each resourceServers}} 25 |

Resource Server name: {{name}}

26 | {{#if description}} 27 |

Description: {{description}}

28 | {{/if}} 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | {{#each clients}} 39 | 40 | 41 | 42 | 43 | 44 | {{/each}} 45 | 46 |
Client App nameDescription#Unique clients
{{name}}{{description}}{{tokenCount}}
47 | {{/each}} 48 | {{else}} 49 |

No resource servers configured.

50 | {{/if}} 51 |
52 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/java/org/surfnet/oaaas/config/SpringConfigTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.config; 18 | 19 | import com.googlecode.flyway.core.Flyway; 20 | import org.junit.Test; 21 | import org.junit.runner.RunWith; 22 | import org.springframework.test.context.ContextConfiguration; 23 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 24 | import org.surfnet.oaaas.resource.VerifyResource; 25 | 26 | import javax.inject.Inject; 27 | import javax.sql.DataSource; 28 | 29 | import static junit.framework.Assert.assertFalse; 30 | import static junit.framework.Assert.assertTrue; 31 | import static org.junit.Assert.assertNotNull; 32 | 33 | @RunWith(SpringJUnit4ClassRunner.class) 34 | @ContextConfiguration(classes = SpringConfiguration.class) 35 | public class SpringConfigTest { 36 | 37 | @Inject 38 | private DataSource dataSource; 39 | 40 | @Inject 41 | private Flyway flyway; 42 | 43 | @Inject 44 | private VerifyResource verifyResource; 45 | 46 | 47 | @Test 48 | public void wire() { 49 | assertNotNull(dataSource); 50 | assertNotNull(flyway); 51 | assertFalse(verifyResource.isJsonTypeInfoIncluded()); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplAccessTokenGrid.html: -------------------------------------------------------------------------------- 1 | 16 | 17 |
18 | 19 |

Access Tokens

20 | {{#if accessTokens}} 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | {{#each accessTokens}} 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | {{/each}} 47 | 48 |
TokenResource serverClientScopesResource owner IDIssue dateValid untilActions
{{token}}todo{{clientId}}{{scopes}}{{resourceOwnerId}}{{creationDate}}{{expiresIn}}Delete
49 | {{else}} 50 |

No access tokens found for current user.

51 | {{/if}} 52 |
53 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/repository/AccessTokenRepositoryTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.repository; 20 | 21 | import static org.junit.Assert.assertEquals; 22 | 23 | import org.junit.Test; 24 | import org.surfnet.oaaas.model.AccessToken; 25 | 26 | /** 27 | * {@link Test} for {@link AccessTokenRepository} 28 | * 29 | */ 30 | public class AccessTokenRepositoryTest extends AbstractTestRepository { 31 | 32 | @Test 33 | public void testPrincipal() { 34 | AccessTokenRepository repo = getRepository(AccessTokenRepository.class); 35 | AccessToken token = repo.findByToken("00-11-22-33"); 36 | assertEquals("it-test-enduser",token.getPrincipal().getName()); 37 | } 38 | 39 | @Test 40 | public void testCountByResourceOwnerid() { 41 | AccessTokenRepository repo = getRepository(AccessTokenRepository.class); 42 | Number countByResourceOwnerId = repo.countByUniqueResourceOwnerIdAndClientId(99999); 43 | assertEquals(1L,countByResourceOwnerId.longValue()); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/js/main.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | requirejs.config({ 18 | //By default load any module IDs from js/lib 19 | baseUrl: 'js', 20 | 21 | paths: { 22 | lib: "lib" 23 | }, 24 | 25 | shim: { 26 | 27 | 'lib/bootstrap': { 28 | deps: ['lib/jquery'] 29 | }, 30 | 31 | 'jquery-extensions': { 32 | deps: ['lib/jquery'] 33 | }, 34 | 35 | 'lib/jquery.zclip': { 36 | deps: ['lib/jquery'] 37 | }, 38 | 39 | 'lib/bootbox.min': { 40 | deps: ['lib/bootstrap'] 41 | }, 42 | 43 | 'data': { 44 | deps: [ 45 | 'lib/jquery' 46 | ]}, 47 | 48 | 'client': { 49 | deps: [ 50 | 'oauth', 51 | 'jquery-extensions', 52 | 'lib/bootstrap', 53 | 'lib/handlebars', 54 | 'data', 55 | 'resourceServerForm', 56 | 'resourceServerGrid', 57 | 'clientForm', 58 | 'clientGrid', 59 | 'accessTokenGrid', 60 | 'statisticsGrid', 61 | 'popoverBundle', 62 | 'lib/jquery.zclip', 63 | 'lib/bootbox.min' 64 | ] 65 | } 66 | } 67 | }); 68 | 69 | require([ 70 | "jquery-extensions", 71 | "lib/handlebars", 72 | "lib/bootstrap", 73 | "client" 74 | ]); -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/client.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SURF OAuth 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 19 | 20 | 21 | 22 | 23 |
24 | 25 | 27 |
28 |
29 |
30 | 36 |
37 |
38 |
39 |
40 | 41 |
42 |

Powered by SURFnet. Fork me on Github. Licensed under the Apache License 2.0.

43 |
44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/Student.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api.domain; 20 | 21 | /** 22 | * Student representation 23 | * 24 | */ 25 | public class Student { 26 | 27 | private String id; 28 | private String name; 29 | private String email; 30 | 31 | /** 32 | * @return the id 33 | */ 34 | public String getId() { 35 | return id; 36 | } 37 | /** 38 | * @param id the id to set 39 | */ 40 | public void setId(String id) { 41 | this.id = id; 42 | } 43 | /** 44 | * @return the name 45 | */ 46 | public String getName() { 47 | return name; 48 | } 49 | /** 50 | * @param name the name to set 51 | */ 52 | public void setName(String name) { 53 | this.name = name; 54 | } 55 | /** 56 | * @return the email 57 | */ 58 | public String getEmail() { 59 | return email; 60 | } 61 | /** 62 | * @param email the email to set 63 | */ 64 | public void setEmail(String email) { 65 | this.email = email; 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplClientGrid.html: -------------------------------------------------------------------------------- 1 |
2 | Add another client app 3 |

Client applications

4 | {{#if clients}} 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | {{#each clients}} 18 | 19 | 20 | 24 | 25 | 26 | 33 | 34 | 35 | {{/each}} 36 | 37 |
IconNameClient IDScopesCredentialsActions
{{name}}
21 | {{description}}
22 | Connected to {{resourceServer.name}} 23 | 		{{clientId}}{{scopes}} 27 | Contact: {{contactName}}
28 | Client ID : 29 |
30 | Secret : 31 |
32 | 		Delete
38 | {{else}} 39 |

No clients yet. Add one.

40 | {{/if}} 41 |
42 | -------------------------------------------------------------------------------- /apis-authorization-server/README.md: -------------------------------------------------------------------------------- 1 | Authorization Server jar 2 | ====== 3 | The Authorization Server jar module contains all of the main code of the actual Authorization Server war module. It is compliant with the [the draft v2-31 OAuth specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-31). 4 | 5 | The main building blocks of the Authorization Server are: 6 | 7 | * [JAX-RS](http://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services) endpoints (by default using the [Jersey](http://jersey.java.net/) implementation). 8 | * CRUD interface for Resource Servers and Client apps 9 | * OAuth2 authorization and token resources for obtaining access (and optionally refresh) tokens 10 | * An endpoint/ resource for validating access tokens (to be leveraged by a Resource Server) 11 | * Pluggable [Filters](http://docs.oracle.com/javaee/1.3/api/javax/servlet/Filter.html) for Resource Owner authentication and user consent handling. 12 | * See `org.surfnet.oaaas.auth.AbstractAuthenticator` and the default implementation `org.surfnet.oaaas.authentication.FormLoginAuthenticator` 13 | * See `org.surfnet.oaaas.auth.AbstractUserConsentHandler` and the default implementation `org.surfnet.oaaas.consent.FormUserConsentHandler` 14 | * Spring configuration to wire everything together 15 | * The main components are annotated using `org.springframework.stereotype@Repository`, `javax.inject.@Named` and `javax.inject.@Inject` 16 | * See `/apis-authorization-server-war/src/main/java/org/surfnet/oaaas/config/SpringConfiguration.java` 17 | * [OpenJPA](http://openjpa.apache.org/) persistence layer 18 | * See `/apis-authorization-server/src/main/resources/META-INF/persistence.xml` 19 | * See `/apis-authorization-server/src/main/resources/db/migration/mysql/V1__auth-server-admin.sql` 20 | 21 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for overall documentation. 22 | 23 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/PostCasAuthenticationFilter.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.cas; 2 | 3 | import javax.servlet.*; 4 | import javax.servlet.http.HttpServletRequest; 5 | import javax.servlet.http.HttpServletResponse; 6 | import java.io.IOException; 7 | import java.util.ArrayList; 8 | import java.util.Arrays; 9 | import java.util.List; 10 | 11 | /** 12 | * Created by bourges on 05/08/14. 13 | */ 14 | public class PostCasAuthenticationFilter implements Filter { 15 | 16 | public static String POST_CAS_AUTHENTICATION_INFO = "casUser"; 17 | public static String REDIRECT_URL = "redirectURL"; 18 | 19 | private List admins = new ArrayList(); 20 | 21 | @Override 22 | public void init(FilterConfig filterConfig) throws ServletException { 23 | String adminList = filterConfig.getInitParameter("admins"); 24 | if (adminList != null) { 25 | admins = Arrays.asList(adminList.split(",")); 26 | } 27 | } 28 | 29 | @Override 30 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 31 | HttpServletRequest httpServletRequest = (HttpServletRequest) request; 32 | HttpServletResponse httpResponse = (HttpServletResponse) response; 33 | CasUser casUser = new CasUser(); 34 | String uid = httpServletRequest.getRemoteUser(); 35 | casUser.setUid(uid); 36 | if (admins.contains(uid)) { 37 | casUser.setAdmin(true); 38 | } 39 | httpServletRequest.getSession().setAttribute(POST_CAS_AUTHENTICATION_INFO, casUser); 40 | String uri = (String) httpServletRequest.getSession().getAttribute(REDIRECT_URL); 41 | httpResponse.sendRedirect(uri); 42 | } 43 | 44 | @Override 45 | public void destroy() { 46 | 47 | } 48 | 49 | public void setAdmins(List admins) { 50 | this.admins = admins; 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /apis-example-resource-server-war/README.md: -------------------------------------------------------------------------------- 1 | Example Resource Server War 2 | ====== 3 | The Example Resource Server War is a very simple Spring MVC web application that demonstrates how a Resource Server can communicate with the Authorization Server using the `org.surfnet.oaaas.auth.AuthorizationServerFilter` (which is a simple `javax.servlet.Filter`). The `AuthorizationServerFilter` only protects a single JSP page in the apis-example-resource-server-war module. 4 | 5 | To see the in action first start the Authorization Server. Go the authorization-server-war and start the application 6 | 7 | cd apis-authorization-server-war 8 | mvn jetty:run 9 | 10 | Go the apis-example-resource-server-war and start the application (new Terminal session) 11 | 12 | cd apis-example-resource-server-war 13 | mvn jetty:run 14 | 15 | Then perform a curl (new Terminal session): 16 | 17 | curl -i -v -H "Authorization: bearer 00-11-22-33" http://localhost:8082 18 | 19 | You will see the response of the `/apis-example-resource-server-war/src/main/webapp/index.jsp` which should look this: 20 | 21 | AuthenticatedPrincipalImpl [name=it-test-enduser, roles=[user, admin], attributes={} 22 | 23 | This works because of the fact that access token '00-11-22-33' is configured in the dummy data defined in /apis-authorization-server/src/main/resources/db/migration/hsqldb/V1__auth-server-admin.sql 24 | 25 | Also configured in the dummy data defined in /apis-authorization-server/src/main/resources/db/migration/hsqldb/V1__auth-server-admin.sql are the resource server with the key-secret as defined in /apis-example-resource-server-war/src/test/resources/apis-resource-server.properties read by the `org.surfnet.oaaas.auth.AuthorizationServerFilter` configured in `/apis-example-resource-server-war/src/main/webapp/WEB-INF/web.xml` 26 | 27 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/tree/master/apis-example-resource-server) in the other Example Resource Server for detailed instructions on how to demo the entire flow. 28 | 29 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/Course.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api.domain; 20 | 21 | /** 22 | * Course representation 23 | * 24 | */ 25 | public class Course { 26 | private String id; 27 | private String name; 28 | private String description; 29 | 30 | /** 31 | * @return the id 32 | */ 33 | public String getId() { 34 | return id; 35 | } 36 | 37 | /** 38 | * @param id 39 | * the id to set 40 | */ 41 | public void setId(String id) { 42 | this.id = id; 43 | } 44 | 45 | /** 46 | * @return the name 47 | */ 48 | public String getName() { 49 | return name; 50 | } 51 | 52 | /** 53 | * @param name 54 | * the name to set 55 | */ 56 | public void setName(String name) { 57 | this.name = name; 58 | } 59 | 60 | /** 61 | * @return the description 62 | */ 63 | public String getDescription() { 64 | return description; 65 | } 66 | 67 | /** 68 | * @param description 69 | * the description to set 70 | */ 71 | public void setDescription(String description) { 72 | this.description = description; 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis-logback.xml.acc: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | ${CATALINA_BASE}/logs/apis.log 20 | 21 | 22 | ${CATALINA_BASE}/logs/apis-%d{yyyy-MM-dd}.log.gz 23 | 60 24 | 25 | 26 | %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis-logback.xml.dev: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | ${CATALINA_BASE}/logs/apis.log 20 | 21 | 22 | ${CATALINA_BASE}/logs/apis-%d{yyyy-MM-dd}.log.gz 23 | 60 24 | 25 | 26 | %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis-logback.xml.prod: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | ${CATALINA_BASE}/logs/apis.log 20 | 21 | 22 | ${CATALINA_BASE}/logs/apis-%d{yyyy-MM-dd}.log.gz 23 | 60 24 | 25 | 26 | %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis-logback.xml.test: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | ${CATALINA_BASE}/logs/apis.log 20 | 21 | 22 | ${CATALINA_BASE}/logs/apis-%d{yyyy-MM-dd}.log.gz 23 | 60 24 | 25 | 26 | %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/apis-logback.xml.vm: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | ${CATALINA_BASE}/logs/apis.log 20 | 21 | 22 | ${CATALINA_BASE}/logs/apis-%d{yyyy-MM-dd}.log.gz 23 | 60 24 | 25 | 26 | %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/surfconext.authn.properties.vm: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | ########################################################################## 18 | # The following properties are the responsibility of Maintenance. The # 19 | # values depend on the environment and are unknown to the developers # 20 | ########################################################################## 21 | 22 | entityId=https\://apis._OPENCONEXT_DOMAIN_/ 23 | assertionConsumerURI=https\://apis._OPENCONEXT_DOMAIN_/oauth2/authorize 24 | idpUrl=https\://engine._OPENCONEXT_DOMAIN_/authentication/idp/single-sign-on 25 | idpCertificate=?? 26 | idpEntityId=https\://engine._OPENCONEXT_DOMAIN_/authentication/idp/metadata 27 | spPrivateKey=?? 28 | spCertificate=?? 29 | 30 | # When using SURFconext, this should be: urn:oid:1.3.6.1.4.1.1076.20.40.40.1 31 | samlUuidAttribute=urn:oid:1.3.6.1.4.1.1076.20.40.40.1 32 | 33 | # The group where one need to be a member of for authorization in the JavaScript client apis admin 34 | admin.client.apis.teamname=urn\:collab\:group\:surfteams.nl\:nl\:surfnet\:management\:managementvo 35 | 36 | openConextApiClient=nl.surfnet.coin.api.client.OpenConextOAuthClientImpl 37 | 38 | api-baseurl=https\://api._OPENCONEXT_DOMAIN_/v1/ 39 | api-consumerkey=https\://apis._OPENCONEXT_DOMAIN_ 40 | api-consumersecret=secret 41 | api-callbackuri=https\://apis._OPENCONEXT_DOMAIN_/oauth2/authorize?apiOauthCallback\=true 42 | api-enrich-principal=true 43 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/java/org/surfnet/oaaas/it/AbstractAuthorizationServerTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.it; 18 | 19 | import org.apache.commons.codec.binary.Base64; 20 | 21 | import com.sun.jersey.api.client.Client; 22 | import org.codehaus.jackson.map.ObjectMapper; 23 | import org.surfnet.oaaas.auth.ObjectMapperProvider; 24 | 25 | 26 | public abstract class AbstractAuthorizationServerTest { 27 | 28 | protected static final String ACCESS_TOKEN = "dad30fb8-ad90-4f24-af99-798bb71d27c8"; 29 | 30 | protected int defaultServletPort = 8080; 31 | protected Client client = new Client(); 32 | protected static ObjectMapper objectMapper = new ObjectMapperProvider().getContext(ObjectMapper.class); 33 | static { 34 | objectMapper.disableDefaultTyping(); 35 | } 36 | 37 | protected String baseUrl() { 38 | return String.format("http://localhost:%s", 39 | System.getProperty("servlet.port", String.valueOf(defaultServletPort))); 40 | } 41 | 42 | protected String baseUrlWith(String suffix) { 43 | return baseUrl().concat(suffix); 44 | } 45 | 46 | public static String authorizationBasic(String username, String password) { 47 | String concatted = username + ":" + password; 48 | return "Basic " + new String(Base64.encodeBase64(concatted.getBytes())); 49 | } 50 | 51 | public static String authorizationBearer(String token) { 52 | return "bearer " + token; 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/OpenJPAExceptionTranslator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import javax.persistence.PersistenceException; 20 | 21 | import org.apache.openjpa.lib.jdbc.ReportingSQLException; 22 | import org.slf4j.Logger; 23 | import org.slf4j.LoggerFactory; 24 | 25 | public class OpenJPAExceptionTranslator implements ExceptionTranslator { 26 | 27 | private static final Logger LOG = LoggerFactory.getLogger(OpenJPAExceptionTranslator.class); 28 | 29 | @Override 30 | public Exception translate(Throwable e) { 31 | if (e.getCause() != null && isRelevantCause(e.getCause())) { 32 | return translate(e.getCause()); 33 | } 34 | Class c = e.getClass(); 35 | if (c.equals(org.apache.openjpa.persistence.EntityExistsException.class)) { 36 | return new javax.persistence.EntityExistsException(e.getMessage(), e); 37 | } else if (c.equals(javax.validation.ConstraintViolationException.class)) { 38 | return (Exception) e; 39 | } 40 | LOG.info("Cannot translate '{}' to specific subtype, will return generic PersistenceException", 41 | e.getClass().getName()); 42 | return new PersistenceException(e); 43 | } 44 | 45 | /** 46 | * OpenJPA starts with an irrelevant ReportingSQLException.... 47 | */ 48 | private boolean isRelevantCause(Throwable cause) { 49 | return ! (cause instanceof ReportingSQLException); 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/AccessTokenRepository.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.repository; 18 | 19 | import java.util.List; 20 | 21 | import org.springframework.data.jpa.repository.Query; 22 | import org.springframework.data.repository.CrudRepository; 23 | import org.springframework.stereotype.Repository; 24 | import org.springframework.transaction.annotation.Transactional; 25 | import org.surfnet.oaaas.model.AccessToken; 26 | import org.surfnet.oaaas.model.Client; 27 | 28 | @Repository 29 | public interface AccessTokenRepository extends CrudRepository { 30 | 31 | AccessToken findByToken(String token); 32 | 33 | AccessToken findByTokenAndClient(String token, Client client); 34 | 35 | AccessToken findByRefreshToken(String refreshToken); 36 | 37 | List findByResourceOwnerIdAndClient(String resourceOwnerId, Client client); 38 | 39 | List findByResourceOwnerId(String resourceOwnerId); 40 | 41 | AccessToken findByIdAndResourceOwnerId(Long id, String owner); 42 | 43 | @Query(value = "select count(distinct resourceOwnerId) from accesstoken where client_id = ?1", nativeQuery = true) 44 | Number countByUniqueResourceOwnerIdAndClientId(long clientId); 45 | 46 | @Transactional 47 | void delete(AccessToken token); 48 | 49 | @Query(value="select * from accesstoken where expires > 0 and expires < ?1", nativeQuery = true) 50 | List findByMaxExpires(long expiresBoundary); 51 | } 52 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/ResourceServerResourceTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.resource.resourceserver; 18 | 19 | import static junit.framework.Assert.assertEquals; 20 | 21 | import java.util.Arrays; 22 | import java.util.HashSet; 23 | import java.util.List; 24 | import java.util.Set; 25 | 26 | import org.junit.Before; 27 | import org.junit.Test; 28 | import org.surfnet.oaaas.model.Client; 29 | import org.surfnet.oaaas.resource.resourceserver.ResourceServerResource; 30 | 31 | public class ResourceServerResourceTest { 32 | private ResourceServerResource resourceServerResource; 33 | 34 | @Before 35 | public void setUp() throws Exception { 36 | resourceServerResource = new ResourceServerResource(); 37 | } 38 | 39 | @Test 40 | public void pruneScopes() { 41 | Client client1 = new Client(); 42 | client1.setScopes(Arrays.asList("scope1")); 43 | Client client2 = new Client(); 44 | client2.setScopes(Arrays.asList("scope1", "scope2")); 45 | 46 | Set clients = new HashSet(Arrays.asList(client1, client2)); 47 | 48 | List oldScopes = Arrays.asList("scope1"); 49 | List newScopes = Arrays.asList("scope2"); 50 | 51 | resourceServerResource.pruneClientScopes(newScopes, oldScopes, clients); 52 | 53 | assertEquals(0, client1.getScopes().size()); 54 | assertEquals(1, client2.getScopes().size()); 55 | assertEquals("scope2", client2.getScopes().get(0)); 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/repository/ResourceOwnerRepositoryTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.repository; 20 | 21 | import static org.junit.Assert.assertEquals; 22 | import static org.junit.Assert.assertNotNull; 23 | import static org.junit.Assert.assertNull; 24 | 25 | import org.junit.Test; 26 | import org.surfnet.oaaas.model.ResourceOwner; 27 | 28 | /** 29 | * {@link Test} for {@link ResourceServerRepository} 30 | * 31 | */ 32 | public class ResourceOwnerRepositoryTest extends AbstractTestRepository { 33 | 34 | @Test 35 | public void test() { 36 | ResourceOwnerRepository repo = getRepository(ResourceOwnerRepository.class); 37 | 38 | ResourceOwner ro = repo.findByUsername("emma.blunt"); 39 | assertNotNull("Did not find expected resource owner", ro); 40 | 41 | ro = repo.findByUsername("not.here"); 42 | assertNull("Found user that shouldn't be there", ro); 43 | } 44 | 45 | @Test 46 | public void findAll() { 47 | ResourceOwnerRepository repo = getRepository(ResourceOwnerRepository.class); 48 | Iterable all = repo.findAll(); 49 | int i = 0; 50 | for (ResourceOwner resourceOwner : all) { 51 | assertNotNull(resourceOwner); 52 | i++; 53 | } 54 | assertEquals(1, i); 55 | } 56 | 57 | } 58 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ResourceOwner.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.model; 18 | 19 | 20 | import javax.persistence.Column; 21 | import javax.persistence.Entity; 22 | import javax.persistence.Inheritance; 23 | import javax.persistence.InheritanceType; 24 | import javax.persistence.Table; 25 | import javax.persistence.UniqueConstraint; 26 | import javax.validation.constraints.NotNull; 27 | import javax.xml.bind.annotation.XmlRootElement; 28 | 29 | /** 30 | * Representation of the server hosting the protected resources, capable of 31 | * accepting and responding to protected resource requests using access tokens. 32 | */ 33 | @SuppressWarnings("serial") 34 | @Entity 35 | @Table(name="resourceowner", uniqueConstraints = 36 | @UniqueConstraint(columnNames = {"username"}) 37 | ) 38 | @XmlRootElement 39 | @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS) 40 | public class ResourceOwner extends AbstractEntity { 41 | 42 | @Column 43 | @NotNull 44 | private String username; 45 | 46 | @Column 47 | @NotNull 48 | private String password; // TODO -- store encrypted 49 | 50 | public String getUsername() { 51 | return username; 52 | } 53 | 54 | public void setUsername(String name) { 55 | this.username = name; 56 | } 57 | 58 | public void setPassword(String password) { 59 | this.password = password; 60 | } 61 | 62 | public boolean checkPassword(String password) { 63 | return this.password.equals(password); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/University.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api.domain; 20 | 21 | import java.util.List; 22 | 23 | /** 24 | * Root domain object for our dummy API 25 | * 26 | */ 27 | public class University { 28 | private String name; 29 | private List students; 30 | private List courses; 31 | 32 | /** 33 | * @return the name 34 | */ 35 | public String getName() { 36 | return name; 37 | } 38 | 39 | /** 40 | * @param name 41 | * the name to set 42 | */ 43 | public void setName(String name) { 44 | this.name = name; 45 | } 46 | 47 | /** 48 | * @return the students 49 | */ 50 | public List getStudents() { 51 | return students; 52 | } 53 | 54 | /** 55 | * @param students 56 | * the students to set 57 | */ 58 | public void setStudents(List students) { 59 | this.students = students; 60 | } 61 | 62 | /** 63 | * @return the courses 64 | */ 65 | public List getCourses() { 66 | return courses; 67 | } 68 | 69 | /** 70 | * @param courses 71 | * the courses to set 72 | */ 73 | public void setCourses(List courses) { 74 | this.courses = courses; 75 | } 76 | 77 | } 78 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/templates/tplResourceServerGrid.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | Add another server 4 |

Resource servers

5 | {{#if resourceServers}} 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | {{#each resourceServers}} 19 | 20 | 21 | 24 | 25 | 26 | 33 | 34 | 35 | {{/each}} 36 | 37 |
IconResource serverClient appsScopesAboutActions
{{name}}
22 | {{description}} 23 | 		{{scopes}} 27 | Contact: {{contactName}}
28 | Key : 29 |
30 | Secret : 31 | 32 | 		Delete
38 | {{else}} 39 |

No resource servers yet. Add one.

40 |

After you have added a resource server, you can start adding client applications that actually do something with the protected resources of your resource server. 41 | {{/if}} 42 |

43 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/js/statisticsGrid.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | var statisticsGridView = (function() { 18 | 19 | var templateId = "tplStatisticsGrid"; 20 | var containerSelector = "#contentView"; 21 | var handleSelector = "#statisticsGrid"; 22 | 23 | return { 24 | 25 | refresh: function(statistics) { 26 | this.hide(); 27 | this.show(statistics); 28 | }, 29 | 30 | show: function(statistics) { 31 | Template.get(templateId, function(template) { 32 | $(containerSelector).append(template(statistics)); 33 | $(containerSelector).css("height", ""); // clear the fixed height 34 | }); 35 | }, 36 | isVisible: function() { 37 | return $(handleSelector).is(':visible'); 38 | }, 39 | hide: function() { 40 | $(containerSelector).css("height", $(containerSelector).height()); // set a fixed height to prevent wild swapping of the footer 41 | $(handleSelector).remove(); 42 | }, 43 | focus: function() { 44 | $(handleSelector).focus(); 45 | } 46 | } 47 | })(); 48 | 49 | var statisticsGridController = (function() { 50 | 51 | var view = statisticsGridView; 52 | 53 | return { 54 | show: function() { 55 | // first hide to view to prevent multiple views displayed 56 | view.hide(); 57 | data.getStatistics(function(statistics) { 58 | view.show(statistics); 59 | }); 60 | }, 61 | hide: view.hide, 62 | focus: view.focus, 63 | isVisible: view.isVisible 64 | } 65 | })(); 66 | 67 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/AuthConfiguration.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api; 20 | 21 | /** 22 | * Configuration for Authorization Server 23 | * 24 | */ 25 | public class AuthConfiguration { 26 | private String authorizationServerUrl; 27 | private String secret; 28 | private String key; 29 | 30 | /** 31 | * @return the authorizationServerUrl 32 | */ 33 | public String getAuthorizationServerUrl() { 34 | return authorizationServerUrl; 35 | } 36 | 37 | /** 38 | * @param authorizationServerUrl 39 | * the authorizationServerUrl to set 40 | */ 41 | public void setAuthorizationServerUrl(String authorizationServerUrl) { 42 | this.authorizationServerUrl = authorizationServerUrl; 43 | } 44 | 45 | 46 | 47 | /** 48 | * @return the secret 49 | */ 50 | public String getSecret() { 51 | return secret; 52 | } 53 | 54 | /** 55 | * @param secret the secret to set 56 | */ 57 | public void setSecret(String secret) { 58 | this.secret = secret; 59 | } 60 | 61 | /** 62 | * @return the key 63 | */ 64 | public String getKey() { 65 | return key; 66 | } 67 | 68 | /** 69 | * @param key the key to set 70 | */ 71 | public void setKey(String key) { 72 | this.key = key; 73 | } 74 | 75 | } 76 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopAuthenticator.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.noop; 18 | 19 | import java.io.IOException; 20 | 21 | import javax.servlet.FilterChain; 22 | import javax.servlet.ServletException; 23 | import javax.servlet.http.HttpServletRequest; 24 | import javax.servlet.http.HttpServletResponse; 25 | 26 | import org.surfnet.oaaas.auth.AbstractAuthenticator; 27 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 28 | 29 | /** 30 | * A minimalistic implementation of AbstractAuthenticator that contains no authentication but only fulfills the 31 | * contract of Authenticators. 32 | * Useful for testing and demonstration purposes only, of course not safe for production. 33 | */ 34 | public class NoopAuthenticator extends AbstractAuthenticator { 35 | 36 | @Override 37 | public boolean canCommence(HttpServletRequest request) { 38 | return getAuthStateValue(request) != null; 39 | } 40 | 41 | @Override 42 | public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain, 43 | String authStateValue, String returnUri) throws IOException, ServletException { 44 | super.setAuthStateValue(request, authStateValue); 45 | AuthenticatedPrincipal principal = getAuthenticatedPrincipal(); 46 | super.setPrincipal(request, principal); 47 | chain.doFilter(request, response); 48 | } 49 | 50 | protected AuthenticatedPrincipal getAuthenticatedPrincipal() { 51 | return new AuthenticatedPrincipal("noop"); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/model/ResourceOwnerTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.model; 18 | 19 | import static org.junit.Assert.assertEquals; 20 | import static org.junit.Assert.assertFalse; 21 | import static org.junit.Assert.assertTrue; 22 | 23 | import java.util.Set; 24 | 25 | import javax.validation.ConstraintViolation; 26 | 27 | import org.junit.Before; 28 | import org.junit.Test; 29 | 30 | public class ResourceOwnerTest extends AbstractEntityTest { 31 | 32 | private ResourceOwner resourceOwner; 33 | 34 | private static final String PASSWORD = "password"; 35 | 36 | @Before 37 | public void before() { 38 | resourceOwner = new ResourceOwner(); 39 | resourceOwner.setUsername("user"); 40 | resourceOwner.setPassword(PASSWORD); 41 | } 42 | 43 | @Test 44 | public void validateMinimalistic() { 45 | Set> violations = validator.validate(resourceOwner); 46 | assertEquals("minimal resource owner should have no violations", 0, violations.size()); 47 | } 48 | 49 | @Test 50 | public void validateLessThanMinimal() { 51 | resourceOwner = new ResourceOwner(); 52 | Set> violations = validator.validate(resourceOwner); 53 | assertEquals("Empty resource owner fails on 2 NotNull-fields", 2, violations.size()); 54 | } 55 | 56 | @Test 57 | public void validateCheckPassword() { 58 | assertTrue(resourceOwner.checkPassword(PASSWORD)); 59 | assertFalse(resourceOwner.checkPassword("bad")); 60 | } 61 | 62 | } 63 | -------------------------------------------------------------------------------- /apis-surfconext-authn/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 12 | 4.0.0 13 | 14 | 15 | nl.surfnet.apis 16 | apis-parent 17 | 1.3.6-SNAPSHOT 18 | 19 | 20 | apis-surfconext-authn 21 | API Secure - conext authentication plugin 22 | 23 | 24 | 25 | org.surfnet.coin 26 | spring-security-opensaml 27 | 28 | 29 | commons-collections 30 | commons-collections 31 | 32 | 33 | 34 | 35 | nl.surfnet.apis 36 | apis-authorization-server 37 | 38 | 39 | org.surfnet.coin 40 | coin-api-client 41 | 42 | 43 | javax.servlet 44 | javax.servlet-api 45 | 46 | 47 | javax.inject 48 | javax.inject 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/UniversityFooService.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.example.api; 20 | 21 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 22 | import org.surfnet.oaaas.example.api.resource.UniversityResource; 23 | 24 | import com.yammer.dropwizard.Service; 25 | import com.yammer.dropwizard.auth.oauth.OAuthProvider; 26 | import com.yammer.dropwizard.config.Environment; 27 | 28 | /** 29 | * Main entry 30 | * 31 | */ 32 | public class UniversityFooService extends Service { 33 | 34 | /* 35 | * Used by DropWizard to bootstrap the application. See README.md 36 | */ 37 | public static void main(String[] args) throws Exception { 38 | if (args == null || args.length != 2) { 39 | args = new String[] { "server", "university-foo-local.yml" }; 40 | } 41 | new UniversityFooService().run(args); 42 | } 43 | 44 | private UniversityFooService() { 45 | super("university-foo"); 46 | } 47 | 48 | @Override 49 | protected void initialize(UniversityFooConfiguration configuration, Environment environment) 50 | throws ClassNotFoundException { 51 | environment 52 | .addProvider(new OAuthProvider(new OAuthAuthenticator(configuration), "protected-resources")); 53 | environment.addResource(new UniversityResource()); 54 | 55 | } 56 | 57 | } 58 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopUserConsentHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.noop; 20 | 21 | import java.io.IOException; 22 | 23 | import javax.servlet.FilterChain; 24 | import javax.servlet.ServletException; 25 | import javax.servlet.http.HttpServletRequest; 26 | import javax.servlet.http.HttpServletResponse; 27 | 28 | import org.surfnet.oaaas.auth.AbstractUserConsentHandler; 29 | import org.surfnet.oaaas.auth.UserConsentFilter; 30 | import org.surfnet.oaaas.model.Client; 31 | 32 | /** 33 | * A noop implementation of {@link AbstractUserConsentHandler} that 34 | * contains no consent handling but only fulfills the contract of the 35 | * {@link UserConsentFilter}. Useful for testing and demonstration purposes 36 | * only, of course not safe for production. 37 | * 38 | */ 39 | public class NoopUserConsentHandler extends AbstractUserConsentHandler { 40 | 41 | @Override 42 | public void handleUserConsent(HttpServletRequest request, HttpServletResponse response, FilterChain chain, 43 | String authStateValue, String returnUri, Client client) throws IOException, ServletException { 44 | super.setAuthStateValue(request, authStateValue); 45 | super.setGrantedScopes(request, client.getScopes().isEmpty() ? new String[]{ } : client.getScopes().toArray(new 46 | String[client.getScopes().size()])); 47 | chain.doFilter(request, response); 48 | 49 | } 50 | 51 | } 52 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/java/org/surfnet/oaaas/logging/LogbackConfigLocationListener.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.logging; 2 | 3 | import ch.qos.logback.classic.BasicConfigurator; 4 | import ch.qos.logback.classic.LoggerContext; 5 | import ch.qos.logback.classic.joran.JoranConfigurator; 6 | import ch.qos.logback.core.joran.spi.JoranException; 7 | import ch.qos.logback.core.util.StatusPrinter; 8 | import org.slf4j.Logger; 9 | import org.slf4j.LoggerFactory; 10 | 11 | import javax.servlet.ServletContextEvent; 12 | import javax.servlet.ServletContextListener; 13 | import java.net.URL; 14 | 15 | public class LogbackConfigLocationListener implements ServletContextListener { 16 | 17 | private static final Logger LOG = LoggerFactory.getLogger(LogbackConfigLocationListener.class); 18 | 19 | public static final String CONFIG_FILE = "/apis-logback.xml"; 20 | 21 | @Override 22 | public void contextInitialized(ServletContextEvent sce) { 23 | try { 24 | URL logbackConfigLocation = LogbackConfigLocationListener.class.getResource(CONFIG_FILE); 25 | 26 | LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory(); 27 | 28 | if (logbackConfigLocation == null) { 29 | BasicConfigurator.configureDefaultContext(); 30 | LOG.info("No context-specific configuration file found, will use Logback's default configuration"); 31 | } else { 32 | LOG.debug("Found logback configuration file at {}", logbackConfigLocation); 33 | JoranConfigurator configurator = new JoranConfigurator(); 34 | configurator.setContext(lc); 35 | // the context was probably already configured by default configuration rules 36 | lc.reset(); 37 | try { 38 | configurator.doConfigure(logbackConfigLocation); 39 | } catch (JoranException je) { 40 | // StatusPrinter will handle this 41 | } 42 | 43 | } 44 | StatusPrinter.printInCaseOfErrorsOrWarnings(lc); 45 | } catch (Exception ex) { 46 | //Failed to load the custom log file, we log an error and use the default log config. 47 | LOG.error("Unable to initialize context", ex); 48 | } 49 | 50 | } 51 | 52 | @Override 53 | public void contextDestroyed(ServletContextEvent sce) { 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ErrorResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model; 20 | 21 | import javax.xml.bind.annotation.XmlRootElement; 22 | 23 | import org.codehaus.jackson.annotate.JsonProperty; 24 | 25 | /** 26 | * Representation an error response conform spec 28 | * 29 | */ 30 | @XmlRootElement 31 | public class ErrorResponse { 32 | 33 | private String error; 34 | @JsonProperty("error_description") 35 | private String errorDescription; 36 | 37 | public ErrorResponse() { 38 | super(); 39 | } 40 | 41 | public ErrorResponse(String error, String errorDescription) { 42 | super(); 43 | this.error = error; 44 | this.errorDescription = errorDescription; 45 | } 46 | 47 | /** 48 | * @return the error 49 | */ 50 | public String getError() { 51 | return error; 52 | } 53 | 54 | /** 55 | * @param error 56 | * the error to set 57 | */ 58 | public void setError(String error) { 59 | this.error = error; 60 | } 61 | 62 | /** 63 | * @return the errorDescription 64 | */ 65 | public String getErrorDescription() { 66 | return errorDescription; 67 | } 68 | 69 | /** 70 | * @param errorDescription 71 | * the errorDescription to set 72 | */ 73 | public void setErrorDescription(String errorDescription) { 74 | this.errorDescription = errorDescription; 75 | } 76 | 77 | } 78 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/LocalResourceOwnerAuthenticatorTest.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.auth; 2 | 3 | import static org.junit.Assert.assertEquals; 4 | import static org.junit.Assert.assertNotNull; 5 | import static org.junit.Assert.assertNull; 6 | import static org.mockito.Mockito.when; 7 | 8 | import org.junit.Before; 9 | import org.junit.Test; 10 | import org.mockito.InjectMocks; 11 | import org.mockito.Mock; 12 | import org.mockito.MockitoAnnotations; 13 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 14 | import org.surfnet.oaaas.model.ResourceOwner; 15 | import org.surfnet.oaaas.repository.ResourceOwnerRepository; 16 | 17 | public class LocalResourceOwnerAuthenticatorTest { 18 | 19 | private static final String PASSWORD = "password"; 20 | 21 | @Mock 22 | private ResourceOwnerRepository resourceOwnerRepository; 23 | 24 | @InjectMocks 25 | private LocalResourceOwnerAuthenticator authenticator = new LocalResourceOwnerAuthenticator(); 26 | 27 | private ResourceOwner resourceOwner; 28 | 29 | @Before 30 | public void before() { 31 | MockitoAnnotations.initMocks(this); 32 | this.resourceOwner = createResourceOwner("username"); 33 | when(resourceOwnerRepository.findByUsername(this.resourceOwner.getUsername())).thenReturn(resourceOwner); 34 | } 35 | 36 | @Test 37 | public void testAuthenticate() { 38 | AuthenticatedPrincipal principal = 39 | this.authenticator.authenticate(this.resourceOwner.getUsername(), PASSWORD); 40 | assertNotNull(principal); 41 | assertEquals("Principal does not have expected name", this.resourceOwner.getUsername(), 42 | principal.getName()); 43 | } 44 | 45 | @Test 46 | public void testAuthenticateBadUser() { 47 | AuthenticatedPrincipal principal = this.authenticator.authenticate("foo", PASSWORD); 48 | assertNull(principal); 49 | } 50 | 51 | @Test 52 | public void testAuthenticateBadPassword() { 53 | AuthenticatedPrincipal principal = 54 | this.authenticator.authenticate(this.resourceOwner.getUsername(), "bad"); 55 | assertNull(principal); 56 | } 57 | 58 | private ResourceOwner createResourceOwner(String username) { 59 | ResourceOwner resourceOwner = new ResourceOwner(); 60 | resourceOwner.setUsername(username); 61 | resourceOwner.setPassword(PASSWORD); 62 | return resourceOwner; 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/java/org/surfnet/oaaas/selenium/ImplicitGrantTestIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.selenium; 18 | 19 | import java.net.URI; 20 | 21 | import org.junit.Test; 22 | import org.openqa.selenium.WebDriver; 23 | 24 | import static org.hamcrest.core.IsEqual.equalTo; 25 | import static org.junit.Assert.assertThat; 26 | import static org.junit.matchers.JUnitMatchers.containsString; 27 | 28 | /** 29 | * Integration test (using Selenium) for the Implicit Grant flow. 30 | */ 31 | public class ImplicitGrantTestIT extends SeleniumSupport { 32 | 33 | @Test 34 | public void implicitGrant() { 35 | performImplicitGrant(true); 36 | /* 37 | * The second time no consent is required (as we have already an access token for the client/ principal name 38 | */ 39 | restartBrowserSession(); 40 | performImplicitGrant(false); 41 | } 42 | 43 | private void performImplicitGrant(boolean needConsent) { 44 | 45 | WebDriver webdriver = getWebDriver(); 46 | 47 | String responseType = "token"; 48 | String clientId = "it-test-client-grant"; 49 | String redirectUri = "http://localhost:8080/fourOhFour"; 50 | 51 | String url = String.format( 52 | "%s/oauth2/authorize?response_type=%s&client_id=%s&redirect_uri=%s", 53 | baseUrl(), responseType, clientId, redirectUri); 54 | webdriver.get(url); 55 | 56 | login(webdriver, needConsent); 57 | 58 | // Token response 59 | URI responseURI = URI.create(webdriver.getCurrentUrl()); 60 | 61 | assertThat(responseURI.getFragment(), containsString("access_token=")); 62 | assertThat(responseURI.getPath(), equalTo("/fourOhFour")); 63 | assertThat(responseURI.getHost(), equalTo("localhost")); 64 | } 65 | } -------------------------------------------------------------------------------- /jetty-connector/src/main/java/org/surfnet/oaaas/jetty/SelectChannelConnectorHttps.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.jetty; 20 | 21 | import java.util.Enumeration; 22 | import java.io.IOException; 23 | import org.eclipse.jetty.server.Request; 24 | import org.eclipse.jetty.server.nio.SelectChannelConnector; 25 | import org.eclipse.jetty.io.EndPoint; 26 | 27 | /** 28 | * {@link SelectChannelConnector} that sets the request schema according to the 29 | * value eventually specified in the HTTP header name "X-ForwardedProto. 30 | */ 31 | public class SelectChannelConnectorHttps extends SelectChannelConnector { 32 | 33 | private static final String X_FORWARDED_PROTO = "x-forwarded-proto"; 34 | 35 | private String getHeaderCaseInsensitive(Request request, String headerName) { 36 | Enumeration headerNames = (Enumeration) request.getHeaderNames(); 37 | while (headerNames.hasMoreElements()){ 38 | String curHeaderName = (String) headerNames.nextElement(); 39 | if (curHeaderName.toLowerCase().equals(headerName)) { 40 | return request.getHeader(curHeaderName); 41 | } 42 | } 43 | return null; 44 | } 45 | 46 | @Override 47 | public void customize(EndPoint endpoint, Request request) throws IOException { 48 | 49 | String forwardedProtocol = getHeaderCaseInsensitive(request, X_FORWARDED_PROTO); 50 | if (forwardedProtocol != null) { 51 | if (forwardedProtocol.indexOf("https") >= 0) { 52 | request.setScheme("https"); 53 | } 54 | } 55 | 56 | super.customize(endpoint, request); 57 | } 58 | 59 | } 60 | 61 | -------------------------------------------------------------------------------- /apis-resource-server-library/src/main/java/org/surfnet/oaaas/auth/ObjectMapperProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.auth; 20 | 21 | import javax.ws.rs.Produces; 22 | import javax.ws.rs.ext.ContextResolver; 23 | import javax.ws.rs.ext.Provider; 24 | 25 | import org.codehaus.jackson.annotate.JsonAutoDetect; 26 | import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; 27 | import org.codehaus.jackson.annotate.JsonMethod; 28 | import org.codehaus.jackson.map.DeserializationConfig; 29 | import org.codehaus.jackson.map.ObjectMapper; 30 | import org.codehaus.jackson.map.annotate.JsonSerialize; 31 | import org.codehaus.jackson.mrbean.MrBeanModule; 32 | 33 | import com.sun.jersey.api.client.Client; 34 | 35 | /** 36 | * We need to be able to set the {@link ObjectMapper} on the {@link Client} to 37 | * make sure the {@link MrBeanModule} is used. 38 | * 39 | */ 40 | public class ObjectMapperProvider implements ContextResolver { 41 | 42 | private ObjectMapper mapper; 43 | 44 | public ObjectMapperProvider(){ 45 | mapper = new ObjectMapper().enable(DeserializationConfig.Feature.ACCEPT_SINGLE_VALUE_AS_ARRAY).enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL) 46 | .setSerializationInclusion(JsonSerialize.Inclusion.NON_NULL).setVisibility(JsonMethod.FIELD, Visibility.ANY); 47 | mapper.registerModule(new MrBeanModule()); 48 | } 49 | 50 | /* (non-Javadoc) 51 | * @see javax.ws.rs.ext.ContextResolver#getContext(java.lang.Class) 52 | */ 53 | @Override 54 | public ObjectMapper getContext(Class type) { 55 | return mapper; 56 | } 57 | 58 | } 59 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/AccessTokenResourceTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.resource.resourceserver; 18 | 19 | import org.junit.Before; 20 | import org.junit.Test; 21 | import org.mockito.InjectMocks; 22 | import org.mockito.Mock; 23 | import org.mockito.MockitoAnnotations; 24 | import org.surfnet.oaaas.auth.AuthorizationServerFilter; 25 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 26 | import org.surfnet.oaaas.model.VerifyTokenResponse; 27 | import org.surfnet.oaaas.repository.AccessTokenRepository; 28 | import org.surfnet.oaaas.resource.resourceserver.AccessTokenResource; 29 | 30 | import javax.servlet.http.HttpServletRequest; 31 | import javax.ws.rs.core.Response; 32 | import java.util.Arrays; 33 | import java.util.List; 34 | 35 | import static junit.framework.Assert.assertEquals; 36 | import static org.mockito.Mockito.when; 37 | 38 | public class AccessTokenResourceTest { 39 | 40 | @InjectMocks 41 | private AccessTokenResource accessTokenResource; 42 | 43 | @Mock 44 | private HttpServletRequest request; 45 | 46 | @Mock 47 | private AccessTokenRepository accessTokenRepository; 48 | 49 | @Before 50 | public void before() { 51 | MockitoAnnotations.initMocks(this); 52 | VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse(); 53 | verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user")); 54 | verifyTokenResponse.setScopes(Arrays.asList("read")); 55 | when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse); 56 | } 57 | 58 | @Test 59 | public void getAllWhenNoneFound() { 60 | 61 | Response response = accessTokenResource.getAll(request); 62 | 63 | assertEquals(200, response.getStatus()); 64 | List tokens = (List) response.getEntity(); 65 | assertEquals(0, tokens.size()); 66 | } 67 | 68 | } 69 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/ResourceOwnerResourceTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.resource.resourceserver; 18 | 19 | import static junit.framework.Assert.assertEquals; 20 | import static org.mockito.Mockito.when; 21 | 22 | import java.util.Arrays; 23 | import java.util.List; 24 | 25 | import javax.servlet.http.HttpServletRequest; 26 | import javax.ws.rs.core.Response; 27 | 28 | import org.junit.Before; 29 | import org.junit.Test; 30 | import org.mockito.InjectMocks; 31 | import org.mockito.Mock; 32 | import org.mockito.MockitoAnnotations; 33 | import org.surfnet.oaaas.auth.AuthorizationServerFilter; 34 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal; 35 | import org.surfnet.oaaas.model.ResourceOwner; 36 | import org.surfnet.oaaas.model.VerifyTokenResponse; 37 | import org.surfnet.oaaas.repository.ResourceOwnerRepository; 38 | 39 | public class ResourceOwnerResourceTest { 40 | 41 | @InjectMocks 42 | private ResourceOwnerResource resourceOwnerResource; 43 | 44 | @Mock 45 | private HttpServletRequest request; 46 | 47 | @Mock 48 | private ResourceOwnerRepository resourceOwnerRepository; 49 | 50 | @Before 51 | public void before() throws Exception { 52 | MockitoAnnotations.initMocks(this); 53 | VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse(); 54 | verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user")); 55 | verifyTokenResponse.setScopes(Arrays.asList("read")); 56 | when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse); 57 | } 58 | 59 | @Test 60 | public void getAllWhenNoneFound() { 61 | 62 | Response response = resourceOwnerResource.getAll(request); 63 | 64 | assertEquals(200, response.getStatus()); 65 | List owners = (List) response.getEntity(); 66 | assertEquals(0, owners.size()); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /apis-example-client-app/src/main/java/org/surfnet/oaaas/config/SpringConfiguration.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.config; 20 | 21 | import javax.inject.Inject; 22 | 23 | import org.springframework.context.annotation.Bean; 24 | import org.springframework.context.annotation.Configuration; 25 | import org.springframework.context.annotation.PropertySource; 26 | import org.springframework.core.env.Environment; 27 | import org.springframework.web.servlet.ViewResolver; 28 | import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer; 29 | import org.springframework.web.servlet.config.annotation.EnableWebMvc; 30 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 31 | import org.springframework.web.servlet.view.InternalResourceViewResolver; 32 | import org.surfnet.oaaas.web.ClientController; 33 | 34 | /** 35 | * Main spring configuration class. See this link 37 | * 38 | */ 39 | @Configuration 40 | @PropertySource("classpath:client.apis.properties") 41 | @EnableWebMvc 42 | public class SpringConfiguration extends WebMvcConfigurerAdapter { 43 | 44 | @Inject 45 | private Environment env; 46 | 47 | @Bean 48 | public ViewResolver viewResolver() { 49 | InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); 50 | viewResolver.setPrefix("/WEB-INF/jsp/"); 51 | viewResolver.setSuffix(".jsp"); 52 | return viewResolver; 53 | } 54 | 55 | @Bean 56 | public ClientController clientController() { 57 | return new ClientController(env); 58 | } 59 | 60 | @Override 61 | public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { 62 | configurer.enable(); 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.auth; 20 | 21 | import org.apache.commons.lang.StringUtils; 22 | 23 | import javax.servlet.Filter; 24 | import javax.servlet.ServletRequest; 25 | 26 | /** 27 | * Shared functionality of the different authorization and userconsent Filters 28 | * 29 | */ 30 | public abstract class AbstractFilter implements Filter { 31 | 32 | /** 33 | * Constant to get the return uri when the control should be returned to the 34 | * implementor 35 | */ 36 | public static final String RETURN_URI = "RETURN_URI"; 37 | 38 | /** 39 | * The constant used to keep 'session' state when we give flow control to the 40 | * authenticator filter. Part of the contract with the authenticator Filter is 41 | * that we expect to get the value back when authentication is done. 42 | */ 43 | public static final String AUTH_STATE = "AUTH_STATE"; 44 | 45 | /** 46 | * Get the attribute value that serves as session state. 47 | * @param request the HttpServletRequest 48 | */ 49 | public final String getAuthStateValue(ServletRequest request) { 50 | String authStateValue = (String) request.getAttribute(AUTH_STATE); 51 | if (StringUtils.isEmpty(authStateValue)) { 52 | authStateValue = request.getParameter(AUTH_STATE); 53 | } 54 | return authStateValue; 55 | } 56 | 57 | public final String getReturnUri(ServletRequest request) { 58 | String returnUri = (String) request.getAttribute(RETURN_URI); 59 | if (StringUtils.isEmpty(returnUri)) { 60 | returnUri = request.getParameter(RETURN_URI); 61 | } 62 | 63 | return returnUri; 64 | } 65 | 66 | protected final void setAuthStateValue(ServletRequest request, String authState) { 67 | request.setAttribute(AUTH_STATE, authState); 68 | } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/java/org/surfnet/oaaas/config/CasSpringConfiguration.java: -------------------------------------------------------------------------------- 1 | package org.surfnet.oaaas.config; 2 | 3 | import org.jasig.cas.client.authentication.AuthenticationFilter; 4 | import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter; 5 | import org.jasig.cas.client.validation.Cas20ServiceTicketValidator; 6 | import org.springframework.beans.factory.annotation.Value; 7 | import org.springframework.context.annotation.Bean; 8 | import org.springframework.context.annotation.Configuration; 9 | import org.springframework.context.annotation.PropertySource; 10 | import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; 11 | import org.surfnet.oaaas.cas.PostCasAuthenticationFilter; 12 | 13 | import javax.servlet.Filter; 14 | import java.util.Arrays; 15 | import java.util.List; 16 | 17 | /** 18 | * Created by bourges on 06/08/14. 19 | */ 20 | @Configuration 21 | @PropertySource("classpath:apis.application.properties") 22 | public class CasSpringConfiguration { 23 | 24 | @Value("${cas.serverName}") 25 | private String serverName; 26 | 27 | @Value("${cas.serverUrlPrefix}") 28 | private String serverUrlPrefix; 29 | 30 | @Value("${cas.adminList}") 31 | private String adminList; 32 | 33 | @Bean 34 | public static PropertySourcesPlaceholderConfigurer propertyPlaceholderConfigurer() { 35 | return new PropertySourcesPlaceholderConfigurer(); 36 | } 37 | 38 | @Bean 39 | public Filter casAuthenticationFilter() { 40 | final AuthenticationFilter authenticationFilter = new AuthenticationFilter(); 41 | authenticationFilter.setCasServerLoginUrl(serverUrlPrefix + "/login"); 42 | authenticationFilter.setServerName(serverName); 43 | return authenticationFilter; 44 | } 45 | 46 | @Bean 47 | public Filter casValidationFilter() { 48 | final Cas20ProxyReceivingTicketValidationFilter casValidationFilter = new Cas20ProxyReceivingTicketValidationFilter(); 49 | final Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(serverUrlPrefix); 50 | casValidationFilter.setTicketValidator(ticketValidator); 51 | casValidationFilter.setServerName(serverName); 52 | return casValidationFilter; 53 | } 54 | 55 | @Bean 56 | public Filter postCASAuthenticationFilter() { 57 | final PostCasAuthenticationFilter postCasAuthenticationFilter = new PostCasAuthenticationFilter(); 58 | if (adminList != null) { 59 | List admins = Arrays.asList(adminList.split(",")); 60 | postCasAuthenticationFilter.setAdmins(admins); 61 | } 62 | return postCasAuthenticationFilter; 63 | } 64 | 65 | 66 | } 67 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/WEB-INF/jsp/login.jsp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Login 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | 21 |
22 | 23 |
24 |
25 |
26 |

Login

27 |
28 | 29 |
31 |
32 |
33 | 34 |
35 | 39 |

Hint: can be anything

40 |
41 |
42 | 43 |
44 | 45 |
46 | 50 |

Hint: can be anything

51 |
52 |
53 | 54 |
55 | 56 |
57 | 58 |
59 |
60 |
61 |
62 | 63 |
64 |

Powered by SURFnet. Fork me on Github. Licensed under the Apache License 2.0.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/main/webapp/client/js/oauth.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /** 18 | * OAuth2 Implicit Grant client. 19 | * 20 | * Create with these options: 21 | * var auth = new OAuth({ 22 | * context: window, 23 | * clientId: "myClientId", 24 | * redirectUri: "http://myredirecturi", // (optional) 25 | * authorizationEndpoint: "http://localhost/oauth2/authorize" 26 | * }); 27 | * 28 | * if (auth.isTokenPresent()) { 29 | * accessToken = auth.extractTokenInfo(); 30 | * } else { 31 | * auth.authorize(); 32 | * } 33 | * 34 | * @param opt 35 | * @return {Object} 36 | * @constructor 37 | */ 38 | var OAuth = function(opt) { 39 | var 40 | options = opt || {}, 41 | context = options.context, 42 | oauthTokenInfo = {}; 43 | 44 | function buildAuthorizationUrl() { 45 | return options.authorizationEndpoint 46 | + "?" 47 | + "response_type=token" 48 | + "&client_id=" + options.clientId 49 | + "&scope=" + options.scope 50 | // TODO: add scope 51 | + "&redirect_uri=" + options.redirectUri || context.location 52 | } 53 | 54 | 55 | 56 | return { 57 | authorize: function() { 58 | // redirect to authorization endpoint 59 | context.location = buildAuthorizationUrl(); 60 | }, 61 | 62 | isTokenPresent: function() { 63 | return /access_token=/.test(context.location.hash); 64 | }, 65 | 66 | extractTokenInfo: function() { 67 | var hash = context.location.hash.substring(1); 68 | var split = hash.split('&'); 69 | 70 | var obj = {}; 71 | for(var i = 0; i < split.length; i++){ 72 | var kv = split[i].split('='); 73 | obj[kv[0]] = decodeURIComponent(kv[1] ? kv[1].replace(/\+/g, ' ') : kv[1]); 74 | } 75 | oauthTokenInfo = { 76 | accessToken: obj["access_token"], 77 | expires: obj["expires_in"], 78 | scope: obj["scope"], 79 | principal: obj["principal"] 80 | }; 81 | context.location.hash = ""; 82 | return oauthTokenInfo.accessToken; 83 | }, 84 | 85 | principalName: function() { 86 | return oauthTokenInfo.principal; 87 | } 88 | } 89 | }; 90 | 91 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 19 | 20 | apis-parent 21 | nl.surfnet.apis 22 | 1.3.6-SNAPSHOT 23 | 24 | 4.0.0 25 | apis-authorization-server-dist 26 | pom 27 | API Secure - authorization server webapp dist 28 | 29 | 30 | 31 | 32 | maven-antrun-plugin 33 | 1.6 34 | 35 | 36 | replace-version 37 | test 38 | 39 | run 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | maven-assembly-plugin 52 | 2.2.1 53 | 54 | 55 | 56 | attached 57 | 58 | package 59 | 60 | 61 | 62 | src/main/assembly/dep.xml 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | nl.surfnet.apis 71 | apis-authorization-server-war 72 | war 73 | ${project.version} 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /apis-example-resource-server-war/pom.xml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 4.0.0 11 | 12 | 13 | ../pom.xml 14 | nl.surfnet.apis 15 | apis-parent 16 | 1.3.6-SNAPSHOT 17 | 18 | 19 | apis-example-resource-server-war 20 | war 21 | API Secure - example resource server war 22 | 23 | 24 | 8082 25 | 26 | 27 | 28 | 29 | nl.surfnet.apis 30 | apis-authorization-server 31 | 32 | 33 | commons-io 34 | commons-io 35 | 36 | 37 | junit 38 | junit 39 | 40 | 41 | 42 | 43 | 44 | 48 | 49 | org.mortbay.jetty 50 | jetty-maven-plugin 51 | ${jetty-maven-plugin.version} 52 | 53 | 54 | / 55 | ${basedir}/src/test/resources/ 56 | 57 | 58 | 59 | ${servlet.port} 60 | 0.0.0.0 61 | 62 | 63 | manual 64 | true 65 | 66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /apis-openconext-mock-war/pom.xml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 4.0.0 11 | 12 | 13 | ../pom.xml 14 | nl.surfnet.apis 15 | apis-parent 16 | 1.3.6-SNAPSHOT 17 | 18 | 19 | apis-openconext-mock-war 20 | war 21 | API Secure - mock openconext group api 22 | 23 | 24 | 8080 25 | 26 | 27 | 28 | 29 | org.surfnet.coin 30 | coin-api-client 31 | 32 | 33 | javax.servlet 34 | javax.servlet-api 35 | 36 | 37 | junit 38 | junit 39 | 40 | 41 | 42 | 43 | 44 | 45 | 49 | 50 | org.mortbay.jetty 51 | jetty-maven-plugin 52 | ${jetty-maven-plugin.version} 53 | 54 | 55 | / 56 | ${basedir}/src/test/resources/ 57 | 58 | 59 | 60 | ${servlet.port} 61 | 0.0.0.0 62 | 63 | 64 | manual 65 | true 66 | 67 | 68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /apis-authorization-server/src/test/java/org/surfnet/oaaas/model/ClientTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model; 20 | 21 | import java.util.Arrays; 22 | import java.util.List; 23 | import java.util.Set; 24 | 25 | import javax.validation.ConstraintViolation; 26 | 27 | import org.junit.Before; 28 | import org.junit.Test; 29 | 30 | import static org.junit.Assert.assertEquals; 31 | 32 | /** 33 | * Test for validation of Client 34 | */ 35 | public class ClientTest extends AbstractEntityTest { 36 | 37 | private Client client; 38 | 39 | private List uris = Arrays.asList("http://uri1", "http://uri2"); 40 | 41 | @Before 42 | public void setup() { 43 | client = new Client(); 44 | client.setName("not-null"); 45 | client.setClientId("not-null"); 46 | client.setUseRefreshTokens(true); 47 | client.setExpireDuration(60 * 60); 48 | client.setRedirectUris(uris); 49 | 50 | ResourceServer resourceServer = new ResourceServer(); 51 | resourceServer.setScopes(Arrays.asList("read", "delete")); 52 | client.setScopes(Arrays.asList("read", "delete")); 53 | client.setResourceServer(resourceServer); 54 | 55 | } 56 | 57 | @Test 58 | public void noErrors() { 59 | Set> violations = validator.validate(client); 60 | assertEquals(0, violations.size()); 61 | assertEquals(uris, client.getRedirectUris()); 62 | } 63 | 64 | @Test 65 | public void arbitraryScopes() { 66 | 67 | client.setScopes(Arrays.asList("arbitrary", "scopes")); 68 | Set> violations = validator.validate(client); 69 | assertEquals("Client should only be able to use scopes that the resource server defines", 1, violations.size()); 70 | } 71 | 72 | @Test 73 | public void redirectUris() { 74 | client.setRedirectUris(Arrays.asList("invalid-uri")); 75 | Set> violations = validator.validate(client); 76 | assertEquals("Client should have valid redirectUris", 1, violations.size()); 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /apis-authorization-server-war/src/test/java/org/surfnet/oaaas/it/VerifyResourceTestIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012 SURFnet bv, The Netherlands 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package org.surfnet.oaaas.it; 18 | 19 | import static org.junit.Assert.assertEquals; 20 | 21 | import org.codehaus.jackson.JsonParseException; 22 | import org.junit.Test; 23 | import org.surfnet.oaaas.model.VerifyTokenResponse; 24 | 25 | import com.sun.jersey.api.client.Client; 26 | import com.sun.jersey.api.client.ClientResponse; 27 | 28 | import java.io.IOException; 29 | 30 | public class VerifyResourceTestIT extends AbstractAuthorizationServerTest { 31 | 32 | @Test 33 | public void withNoParams() { 34 | final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).get(ClientResponse.class); 35 | assertEquals(401, response.getStatus()); 36 | } 37 | 38 | @Test 39 | public void withNoAuthorizationHeader() { 40 | final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "boobaa") 41 | .get(ClientResponse.class); 42 | assertEquals(401, response.getStatus()); 43 | } 44 | 45 | @Test 46 | public void withInvalidAuthorizationHeader() { 47 | final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "boobaa") 48 | .header("Authorization", "NotBasicButGarbage abb ccc dd").get(ClientResponse.class); 49 | assertEquals(401, response.getStatus()); 50 | } 51 | 52 | @Test 53 | public void withValidAuthorizationHeaderButNoAccessToken() { 54 | final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")) 55 | .header("Authorization", authorizationBasic("user", "pass")).get(ClientResponse.class); 56 | assertEquals(401, response.getStatus()); 57 | } 58 | 59 | @Test 60 | public void happy() throws IOException { 61 | final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "00-11-22-33") 62 | .header("Authorization", authorizationBasic("it-test-resource-server", "somesecret")).get(ClientResponse.class); 63 | assertEquals(200, response.getStatus()); 64 | String json = response.getEntity(String.class); 65 | final VerifyTokenResponse verifyTokenResponse = objectMapper.readValue(json, VerifyTokenResponse.class); 66 | assertEquals("it-test-enduser", verifyTokenResponse.getPrincipal().getName()); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /jetty-connector/src/test/java/org/surfnet/oaaas/jetty/SelectChannelConnectorHttpsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.jetty; 20 | 21 | import java.io.IOException; 22 | import java.util.Enumeration; 23 | import java.util.Vector; 24 | 25 | import org.eclipse.jetty.server.Request; 26 | import org.eclipse.jetty.io.EndPoint; 27 | 28 | import org.junit.Test; 29 | import org.mockito.Mockito; 30 | import static org.junit.Assert.assertEquals; 31 | 32 | /** 33 | * {@link Test} that verifies the new Connector handles correctly the request schema depending on 34 | * X-Forwarded-Proto HTTP haeder. 35 | * 36 | */ 37 | public class SelectChannelConnectorHttpsTest { 38 | 39 | private static final String HTTP_SCHEME = "http"; 40 | private static final String HTTPS_SCHEME = "https"; 41 | 42 | private static final String XFORWARDED_PROTO = "X-Forwarded-Proto"; 43 | 44 | @Test 45 | public void testSchemaIsChangedAccordingToXForwardedProto() throws IOException { 46 | Request baseRequest = new Request(); 47 | final Request request = Mockito.spy(baseRequest); 48 | EndPoint endPoint = Mockito.mock(EndPoint.class); 49 | 50 | Vector headers = new Vector(); 51 | headers.add(XFORWARDED_PROTO); 52 | Mockito.doReturn(headers.elements()).when(request).getHeaderNames(); 53 | Mockito.doReturn(HTTPS_SCHEME).when(request).getHeader(XFORWARDED_PROTO); 54 | 55 | SelectChannelConnectorHttps connector = new SelectChannelConnectorHttps(); 56 | connector.customize(endPoint, request); 57 | 58 | assertEquals(HTTPS_SCHEME, request.getScheme()); 59 | } 60 | 61 | @Test 62 | public void testSchemaIsNotChangedForNoXForwardedProto() throws IOException { 63 | Request baseRequest = new Request(); 64 | final Request request = Mockito.spy(baseRequest); 65 | EndPoint endPoint = Mockito.mock(EndPoint.class); 66 | 67 | Vector headers = new Vector(); 68 | Mockito.doReturn(headers.elements()).when(request).getHeaderNames(); 69 | 70 | SelectChannelConnectorHttps connector = new SelectChannelConnectorHttps(); 71 | connector.customize(endPoint, request); 72 | 73 | assertEquals(HTTP_SCHEME, request.getScheme()); 74 | } 75 | 76 | } 77 | -------------------------------------------------------------------------------- /apis-resource-server-library/src/test/java/org/surfnet/oaaas/model/TokenResponseCacheTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | package org.surfnet.oaaas.model; 20 | 21 | import org.junit.Test; 22 | import org.junit.Before; 23 | 24 | import static org.junit.Assert.*; 25 | 26 | public class TokenResponseCacheTest { 27 | 28 | private TokenResponseCache cache; 29 | 30 | @Before 31 | public void before() throws Exception { 32 | cache = new TokenResponseCacheImpl(3, 60 * 60 * 24); 33 | } 34 | 35 | @Test 36 | public void testGetVerifyToken() throws Exception { 37 | VerifyTokenResponse verifyToken = cache.getVerifyToken(null); 38 | assertNull(verifyToken); 39 | 40 | VerifyTokenResponse token = new VerifyTokenResponse(); 41 | cache.storeVerifyToken("123456", token); 42 | 43 | VerifyTokenResponse res1 = cache.getVerifyToken("123456"); 44 | assertEquals(token, res1); 45 | 46 | } 47 | 48 | @Test 49 | public void testStoreVerifyTokenWithMaxSize() throws Exception { 50 | for (int i = 0; i < 5; i++) { 51 | cache.storeVerifyToken(Integer.toString(i), new VerifyTokenResponse()); 52 | Thread.sleep(5); 53 | } 54 | for (int i = 0; i < 2; i++) { 55 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i)); 56 | assertNull(verifyToken); 57 | } 58 | for (int i = 2; i < 5; i++) { 59 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i)); 60 | assertNotNull(verifyToken); 61 | } 62 | } 63 | 64 | @Test 65 | public void testStoreVerifyTokenWithExpires() throws Exception { 66 | cache = new TokenResponseCacheImpl(3, 1); 67 | for (int i = 0; i < 5; i++) { 68 | cache.storeVerifyToken(Integer.toString(i), new VerifyTokenResponse()); 69 | } 70 | Thread.sleep(1500); 71 | cache.storeVerifyToken(Integer.toString(10), new VerifyTokenResponse()); 72 | for (int i = 0; i < 5; i++) { 73 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i)); 74 | assertNull(verifyToken); 75 | } 76 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(10)); 77 | assertNotNull(verifyToken); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /apis-authorization-server-dist/src/main/resources/tomcat/surfconext.authn.properties.acc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2012 SURFnet bv, The Netherlands 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | ########################################################################## 18 | # The following properties are the responsibility of Maintenance. The # 19 | # values depend on the environment and are unknown to the developers # 20 | ########################################################################## 21 | 22 | entityId=https\://apis.acc.surfconext.nl 23 | assertionConsumerURI=https\://apis.acc.surfconext.nl/oauth2/authorize 24 | idpUrl=https\://engine.acc.surfconext.nl/authentication/idp/single-sign-on 25 | idpCertificate=MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo 26 | idpEntityId=https\://engine.acc.surfconext.nl/authentication/idp/metadata 27 | spPrivateKey=?? 28 | spCertificate=?? 29 | 30 | # When using SURFconext, this should be: urn:oid:1.3.6.1.4.1.1076.20.40.40.1 31 | samlUuidAttribute=urn:oid:1.3.6.1.4.1.1076.20.40.40.1 32 | 33 | # The group where one need to be a member of for authorization in the JavaScript client apis admin 34 | admin.client.apis.teamname=urn\:collab\:group\:dev.surfteams.nl\:nl\:surfnet\:management\:managementvo 35 | 36 | openConextApiClient=nl.surfnet.coin.api.client.OpenConextOAuthClientImpl 37 | 38 | # Set this to true for groep enrichment and to false for not making the call to the group api 39 | api-enrich-principal=true 40 | 41 | # Optional properties only to be used when api-enrich-pricipal is set to true 42 | api-baseurl=https\://api.acc.surfconext.nl/v1/ 43 | api-consumerkey=https\://apis.acc.surfconext.nl 44 | api-consumersecret=??? 45 | api-callbackuri=https\://apis.acc.surfconext.nl/oauth2/authorize?apiOauthCallback\=true 46 | --------------------------------------------------------------------------------