admins = Arrays.asList(adminList.split(","));
60 | postCasAuthenticationFilter.setAdmins(admins);
61 | }
62 | return postCasAuthenticationFilter;
63 | }
64 |
65 |
66 | }
67 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/java/org/surfnet/oaaas/logging/LogbackConfigLocationListener.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.logging;
2 |
3 | import ch.qos.logback.classic.BasicConfigurator;
4 | import ch.qos.logback.classic.LoggerContext;
5 | import ch.qos.logback.classic.joran.JoranConfigurator;
6 | import ch.qos.logback.core.joran.spi.JoranException;
7 | import ch.qos.logback.core.util.StatusPrinter;
8 | import org.slf4j.Logger;
9 | import org.slf4j.LoggerFactory;
10 |
11 | import javax.servlet.ServletContextEvent;
12 | import javax.servlet.ServletContextListener;
13 | import java.net.URL;
14 |
15 | public class LogbackConfigLocationListener implements ServletContextListener {
16 |
17 | private static final Logger LOG = LoggerFactory.getLogger(LogbackConfigLocationListener.class);
18 |
19 | public static final String CONFIG_FILE = "/apis-logback.xml";
20 |
21 | @Override
22 | public void contextInitialized(ServletContextEvent sce) {
23 | try {
24 | URL logbackConfigLocation = LogbackConfigLocationListener.class.getResource(CONFIG_FILE);
25 |
26 | LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
27 |
28 | if (logbackConfigLocation == null) {
29 | BasicConfigurator.configureDefaultContext();
30 | LOG.info("No context-specific configuration file found, will use Logback's default configuration");
31 | } else {
32 | LOG.debug("Found logback configuration file at {}", logbackConfigLocation);
33 | JoranConfigurator configurator = new JoranConfigurator();
34 | configurator.setContext(lc);
35 | // the context was probably already configured by default configuration rules
36 | lc.reset();
37 | try {
38 | configurator.doConfigure(logbackConfigLocation);
39 | } catch (JoranException je) {
40 | // StatusPrinter will handle this
41 | }
42 |
43 | }
44 | StatusPrinter.printInCaseOfErrorsOrWarnings(lc);
45 | } catch (Exception ex) {
46 | //Failed to load the custom log file, we log an error and use the default log config.
47 | LOG.error("Unable to initialize context", ex);
48 | }
49 |
50 | }
51 |
52 | @Override
53 | public void contextDestroyed(ServletContextEvent sce) {
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/resources/db/migration/mysql_content/V1__auth-server-admin.sql:
--------------------------------------------------------------------------------
1 | /*
2 | Local administration application
3 | */
4 | INSERT INTO resourceserver (id, contactEmail, contactName, resourceServerName, resourceServerKey, secret, owner, thumbNailUrl)
5 | VALUES
6 | (99998, 'localadmin@example.com','local admin','Authorization Server Apis',
7 | 'authorization-server-admin', 'cafebabe-cafe-babe-cafe-babecafebabe', null, 'https://raw.github.com/OpenConextApps/apis/master/apis-images/surf-oauth.png');
8 | INSERT INTO ResourceServer_scopes values (99998, 'read'),(99998, 'write') ;
9 |
10 | INSERT INTO client (id, contactEmail, contactName, description, clientName, thumbNailUrl, resourceserver_id,
11 | clientId, includePrincipal, allowedImplicitGrant)
12 | VALUES
13 | (99998, 'client@coolapp.com', 'john.doe', 'Javascript application for authorization server administration',
14 | 'Authorization Server Admin Client',
15 | 'https://raw.github.com/OpenConextApps/apis/master/apis-images/surf-oauth-client.png', 99998,
16 | 'authorization-server-admin-js-client', 1, 1);
17 | INSERT INTO Client_scopes values (99998, 'read'), (99998, 'write');
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/resources/spring-repositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
24 |
25 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/WEB-INF/jsp/login.jsp:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Login
11 |
20 |
21 |
SURF OAuth
6 |
24 |
25 |
27 |
18 |
19 |
Access Tokens
20 | {{#if accessTokens}}
21 |
22 |
23 |
24 | Token
25 | Resource server
26 | Client
27 | Scopes
28 | Resource owner ID
29 | Issue date
30 | Valid until
31 | Actions
32 |
33 |
34 |
35 | {{#each accessTokens}}
36 |
37 | {{token}}
38 | todo
39 | {{clientId}}
40 | {{scopes}}
41 | {{resourceOwnerId}}
42 | {{creationDate}}
43 | {{expiresIn}}
44 | Delete
46 | {{/each}}
47 |
48 |
49 | {{else}}
50 |
No access tokens found for current user.
51 | {{/if}}
52 |
2 | ×
3 | {{title}}! {{text}}
4 |
5 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplClientAttribute.html:
--------------------------------------------------------------------------------
1 |
2 |
6 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplClientGrid.html:
--------------------------------------------------------------------------------
1 |
42 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplClientRedirectUri.html:
--------------------------------------------------------------------------------
1 |
2 |
5 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplDeleteScopeWarning.html:
--------------------------------------------------------------------------------
1 |
2 | x
3 | Changing existing scopes might have effect on configured
4 | client apps. Make sure all client app configurations reflect the
5 | changes made here prior to deleting scopes.
6 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplLanding.html:
--------------------------------------------------------------------------------
1 |
2 |
OAuth 2.0. But dead simple.
3 |
Can you imagine getting an OAuth2 compliant Authorization Server (and this client apparently;-) up in a matter of minutes? Wait and see. By the way, the Apis Authorization Server lets you authenticate against any possible backend of your choice and is totally agnostic as it comes to the flavor of your Resource Server.
4 |
5 |
6 | Login
7 |
8 |
9 |
2 |
3 |
Add another server
4 |
Resource servers
5 | {{#if resourceServers}}
6 |
38 | {{else}}
39 |
No resource servers yet. Add one .
40 |
After you have added a resource server, you can start adding client applications that actually do something with the protected resources of your resource server.
41 | {{/if}}
42 |
2 |
5 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/main/webapp/client/templates/tplStatisticsGrid.html:
--------------------------------------------------------------------------------
1 |
2 |
17 |
18 |
19 |
Statistics
20 | {{#if resourceServers}}
21 |
24 | {{#each resourceServers}}
25 |
Resource Server name: {{name}}
26 | {{#if description}}
27 |
Description: {{description}}
28 | {{/if}}
29 |
30 |
31 |
32 | Client App name
33 | Description
34 | #Unique clients
35 |
36 |
37 |
38 | {{#each clients}}
39 |
40 | {{name}}
41 | {{description}}
42 | {{tokenCount}}
43 |
44 | {{/each}}
45 |
46 |
47 | {{/each}}
48 | {{else}}
49 |
No resource servers configured.
50 | {{/if}}
51 |
18 |
19 |
20 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
21 |
22 |
23 |
24 |
26 |
27 |
29 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/test/resources/apis.application.test.properties:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2012 SURFnet bv, The Netherlands
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 |
17 | # The database settings
18 | jdbc.driverClassName=org.hsqldb.jdbcDriver
19 | #jdbc.url=jdbc:hsqldb:hsq://localhost/xdb
20 | #jdbc.url=jdbc:hsqldb:hsql//localhost/target/db;ifexists=false
21 | jdbc.url=jdbc:hsqldb:file:target/db;hsqldb.lock_file=false
22 | jdbc.username=sa
23 | jdbc.password=
24 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/test/resources/jetty-context.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
18 |
19 |
20 |
21 |
22 | org.eclipse.jetty.server.webapp.WebInfIncludeJarPattern
23 | .*/.*jsp-api-[^/]\.jar$|./.*jsp-[^/]\.jar$|./.*taglibs[^/]*\.jar$
24 |
25 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/test/resources/logback.xml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
18 |
19 |
20 |
21 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
22 |
23 |
24 |
25 |
27 |
--------------------------------------------------------------------------------
/apis-authorization-server-war/src/test/resources/mujina-idp.properties:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2012 SURFnet bv, The Netherlands
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 |
17 | ASSERTION_VALIDITY_TIME_INS_SECONDS=90
18 |
19 | REPLAY_CACHE_LIFE_IN_MILLIS=14400000
20 | ISSUE_INSTANT_CHECK_CLOCK_SKEW_IN_SECONDS=90
21 | ISSUE_INSTANT_CHECK_VALIDITY_TIME_IN_SECONDS=300
22 |
23 | MAX_PARSER_POOL_SIZE=2
24 | AUTHN_RESPONDER_URI=/AuthnResponder
25 | SSO_SERVICE_URI=/SingleSignOnService
26 |
--------------------------------------------------------------------------------
/apis-authorization-server/README.md:
--------------------------------------------------------------------------------
1 | Authorization Server jar
2 | ======
3 | The Authorization Server jar module contains all of the main code of the actual Authorization Server war module. It is compliant with the [the draft v2-31 OAuth specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-31).
4 |
5 | The main building blocks of the Authorization Server are:
6 |
7 | * [JAX-RS](http://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services) endpoints (by default using the [Jersey](http://jersey.java.net/) implementation).
8 | * CRUD interface for Resource Servers and Client apps
9 | * OAuth2 authorization and token resources for obtaining access (and optionally refresh) tokens
10 | * An endpoint/ resource for validating access tokens (to be leveraged by a Resource Server)
11 | * Pluggable [Filters](http://docs.oracle.com/javaee/1.3/api/javax/servlet/Filter.html) for Resource Owner authentication and user consent handling.
12 | * See `org.surfnet.oaaas.auth.AbstractAuthenticator` and the default implementation `org.surfnet.oaaas.authentication.FormLoginAuthenticator`
13 | * See `org.surfnet.oaaas.auth.AbstractUserConsentHandler` and the default implementation `org.surfnet.oaaas.consent.FormUserConsentHandler`
14 | * Spring configuration to wire everything together
15 | * The main components are annotated using `org.springframework.stereotype@Repository`, `javax.inject.@Named` and `javax.inject.@Inject`
16 | * See `/apis-authorization-server-war/src/main/java/org/surfnet/oaaas/config/SpringConfiguration.java`
17 | * [OpenJPA](http://openjpa.apache.org/) persistence layer
18 | * See `/apis-authorization-server/src/main/resources/META-INF/persistence.xml`
19 | * See `/apis-authorization-server/src/main/resources/db/migration/mysql/V1__auth-server-admin.sql`
20 |
21 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for overall documentation.
22 |
23 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.auth;
20 |
21 | import org.apache.commons.lang.StringUtils;
22 |
23 | import javax.servlet.Filter;
24 | import javax.servlet.ServletRequest;
25 |
26 | /**
27 | * Shared functionality of the different authorization and userconsent Filters
28 | *
29 | */
30 | public abstract class AbstractFilter implements Filter {
31 |
32 | /**
33 | * Constant to get the return uri when the control should be returned to the
34 | * implementor
35 | */
36 | public static final String RETURN_URI = "RETURN_URI";
37 |
38 | /**
39 | * The constant used to keep 'session' state when we give flow control to the
40 | * authenticator filter. Part of the contract with the authenticator Filter is
41 | * that we expect to get the value back when authentication is done.
42 | */
43 | public static final String AUTH_STATE = "AUTH_STATE";
44 |
45 | /**
46 | * Get the attribute value that serves as session state.
47 | * @param request the HttpServletRequest
48 | */
49 | public final String getAuthStateValue(ServletRequest request) {
50 | String authStateValue = (String) request.getAttribute(AUTH_STATE);
51 | if (StringUtils.isEmpty(authStateValue)) {
52 | authStateValue = request.getParameter(AUTH_STATE);
53 | }
54 | return authStateValue;
55 | }
56 |
57 | public final String getReturnUri(ServletRequest request) {
58 | String returnUri = (String) request.getAttribute(RETURN_URI);
59 | if (StringUtils.isEmpty(returnUri)) {
60 | returnUri = request.getParameter(RETURN_URI);
61 | }
62 |
63 | return returnUri;
64 | }
65 |
66 | protected final void setAuthStateValue(ServletRequest request, String authState) {
67 | request.setAttribute(AUTH_STATE, authState);
68 | }
69 |
70 | }
71 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/LocalResourceOwnerAuthenticator.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.auth;
2 |
3 | import javax.inject.Inject;
4 |
5 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
6 | import org.surfnet.oaaas.model.ResourceOwner;
7 | import org.surfnet.oaaas.repository.ResourceOwnerRepository;
8 |
9 | /**
10 | * Implementation of {@link ResourceOwnerAuthenticator} which uses the local auth server model
11 | * to authenticate.
12 | *
13 | * @author sfitts
14 | *
15 | */
16 | public class LocalResourceOwnerAuthenticator implements ResourceOwnerAuthenticator {
17 |
18 | @Inject
19 | private ResourceOwnerRepository resourceOwnerRepository;
20 |
21 | @Override
22 | public AuthenticatedPrincipal authenticate(String username, String password) {
23 | ResourceOwner user = resourceOwnerRepository.findByUsername(username);
24 | if (user == null) {
25 | return null;
26 | }
27 |
28 | // Validate password
29 | if (!user.checkPassword(password)) {
30 | return null;
31 | }
32 | return new AuthenticatedPrincipal(username);
33 | }
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/ResourceOwnerAuthenticator.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.auth;
2 |
3 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
4 |
5 | /**
6 | * Defines the service contract for authentication of resource owners.
7 | *
8 | * @author sfitts
9 | *
10 | */
11 | public interface ResourceOwnerAuthenticator {
12 |
13 | /**
14 | * Authenticate the given resource owner credentials.
15 | *
16 | * @param username
17 | * the user name of the resource owner
18 | * @param password
19 | * the password of the resource owner
20 | * @return the {@link AuthenticatedPrincipal} associated with the given credentials. Will
21 | * return {@code null} if the credentials could not be authenticated.
22 | */
23 | AuthenticatedPrincipal authenticate(String username, String password);
24 |
25 | }
26 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/ValidationResponseException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.auth;
20 |
21 | import org.surfnet.oaaas.auth.OAuth2Validator.ValidationResponse;
22 |
23 | @SuppressWarnings("serial")
24 | public class ValidationResponseException extends RuntimeException {
25 | public final ValidationResponse v;
26 |
27 | public ValidationResponseException(ValidationResponse v) {
28 | this.v = v;
29 | }
30 | }
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/CasAuthenticator.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.cas;
2 |
3 | import org.surfnet.oaaas.auth.AbstractAuthenticator;
4 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
5 |
6 | import javax.servlet.FilterChain;
7 | import javax.servlet.ServletException;
8 | import javax.servlet.http.HttpServletRequest;
9 | import javax.servlet.http.HttpServletResponse;
10 | import java.io.IOException;
11 |
12 | /**
13 | * Created by bourges on 05/08/14.
14 | */
15 | public class CasAuthenticator extends AbstractAuthenticator {
16 | @Override
17 | public boolean canCommence(HttpServletRequest request) {
18 | return getAuthStateValue(request) != null;
19 | }
20 |
21 | @Override
22 | public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String authStateValue, String returnUri) throws IOException, ServletException {
23 | CasUser casUser = (CasUser) request.getSession().getAttribute(PostCasAuthenticationFilter.POST_CAS_AUTHENTICATION_INFO);
24 | if (casUser == null) {
25 | String uri = request.getRequestURI();
26 | String queryString = request.getQueryString();
27 | request.getSession().setAttribute(PostCasAuthenticationFilter.REDIRECT_URL, uri + "?" + queryString);
28 | response.sendRedirect("/cas");
29 | return;
30 | }
31 | else {
32 | AuthenticatedPrincipal principal = new AuthenticatedPrincipal(casUser.getUid());
33 | principal.setAdminPrincipal(casUser.isAdmin);
34 | super.setPrincipal(request, principal);
35 | super.setAuthStateValue(request, authStateValue);
36 | chain.doFilter(request, response);
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/CasUser.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.cas;
2 |
3 | /**
4 | * Created by bourges on 07/08/14.
5 | */
6 | public class CasUser {
7 | String uid;
8 | boolean isAdmin;
9 |
10 | public String getUid() {
11 | return uid;
12 | }
13 |
14 | public void setUid(String uid) {
15 | this.uid = uid;
16 | }
17 |
18 | public boolean isAdmin() {
19 | return isAdmin;
20 | }
21 |
22 | public void setAdmin(boolean isAdmin) {
23 | this.isAdmin = isAdmin;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/cas/PostCasAuthenticationFilter.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.cas;
2 |
3 | import javax.servlet.*;
4 | import javax.servlet.http.HttpServletRequest;
5 | import javax.servlet.http.HttpServletResponse;
6 | import java.io.IOException;
7 | import java.util.ArrayList;
8 | import java.util.Arrays;
9 | import java.util.List;
10 |
11 | /**
12 | * Created by bourges on 05/08/14.
13 | */
14 | public class PostCasAuthenticationFilter implements Filter {
15 |
16 | public static String POST_CAS_AUTHENTICATION_INFO = "casUser";
17 | public static String REDIRECT_URL = "redirectURL";
18 |
19 | private List admins = new ArrayList();
20 |
21 | @Override
22 | public void init(FilterConfig filterConfig) throws ServletException {
23 | String adminList = filterConfig.getInitParameter("admins");
24 | if (adminList != null) {
25 | admins = Arrays.asList(adminList.split(","));
26 | }
27 | }
28 |
29 | @Override
30 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
31 | HttpServletRequest httpServletRequest = (HttpServletRequest) request;
32 | HttpServletResponse httpResponse = (HttpServletResponse) response;
33 | CasUser casUser = new CasUser();
34 | String uid = httpServletRequest.getRemoteUser();
35 | casUser.setUid(uid);
36 | if (admins.contains(uid)) {
37 | casUser.setAdmin(true);
38 | }
39 | httpServletRequest.getSession().setAttribute(POST_CAS_AUTHENTICATION_INFO, casUser);
40 | String uri = (String) httpServletRequest.getSession().getAttribute(REDIRECT_URL);
41 | httpResponse.sendRedirect(uri);
42 | }
43 |
44 | @Override
45 | public void destroy() {
46 |
47 | }
48 |
49 | public void setAdmins(List admins) {
50 | this.admins = admins;
51 | }
52 |
53 | }
54 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ErrorResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model;
20 |
21 | import javax.xml.bind.annotation.XmlRootElement;
22 |
23 | import org.codehaus.jackson.annotate.JsonProperty;
24 |
25 | /**
26 | * Representation an error response conform spec
28 | *
29 | */
30 | @XmlRootElement
31 | public class ErrorResponse {
32 |
33 | private String error;
34 | @JsonProperty("error_description")
35 | private String errorDescription;
36 |
37 | public ErrorResponse() {
38 | super();
39 | }
40 |
41 | public ErrorResponse(String error, String errorDescription) {
42 | super();
43 | this.error = error;
44 | this.errorDescription = errorDescription;
45 | }
46 |
47 | /**
48 | * @return the error
49 | */
50 | public String getError() {
51 | return error;
52 | }
53 |
54 | /**
55 | * @param error
56 | * the error to set
57 | */
58 | public void setError(String error) {
59 | this.error = error;
60 | }
61 |
62 | /**
63 | * @return the errorDescription
64 | */
65 | public String getErrorDescription() {
66 | return errorDescription;
67 | }
68 |
69 | /**
70 | * @param errorDescription
71 | * the errorDescription to set
72 | */
73 | public void setErrorDescription(String errorDescription) {
74 | this.errorDescription = errorDescription;
75 | }
76 |
77 | }
78 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ResourceOwner.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.model;
18 |
19 |
20 | import javax.persistence.Column;
21 | import javax.persistence.Entity;
22 | import javax.persistence.Inheritance;
23 | import javax.persistence.InheritanceType;
24 | import javax.persistence.Table;
25 | import javax.persistence.UniqueConstraint;
26 | import javax.validation.constraints.NotNull;
27 | import javax.xml.bind.annotation.XmlRootElement;
28 |
29 | /**
30 | * Representation of the server hosting the protected resources, capable of
31 | * accepting and responding to protected resource requests using access tokens.
32 | */
33 | @SuppressWarnings("serial")
34 | @Entity
35 | @Table(name="resourceowner", uniqueConstraints =
36 | @UniqueConstraint(columnNames = {"username"})
37 | )
38 | @XmlRootElement
39 | @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
40 | public class ResourceOwner extends AbstractEntity {
41 |
42 | @Column
43 | @NotNull
44 | private String username;
45 |
46 | @Column
47 | @NotNull
48 | private String password; // TODO -- store encrypted
49 |
50 | public String getUsername() {
51 | return username;
52 | }
53 |
54 | public void setUsername(String name) {
55 | this.username = name;
56 | }
57 |
58 | public void setPassword(String password) {
59 | this.password = password;
60 | }
61 |
62 | public boolean checkPassword(String password) {
63 | return this.password.equals(password);
64 | }
65 | }
66 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/model/ValidationErrorResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.model;
18 |
19 | import java.util.ArrayList;
20 | import java.util.List;
21 | import java.util.Set;
22 |
23 | import javax.validation.ConstraintViolation;
24 | import javax.xml.bind.annotation.XmlRootElement;
25 |
26 | import org.codehaus.jackson.annotate.JsonProperty;
27 | import org.codehaus.jackson.map.annotate.JsonSerialize;
28 |
29 | /**
30 | * POJO representing an error response used when dealing with resources.
31 | *
32 | */
33 | @XmlRootElement
34 | @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
35 | public class ValidationErrorResponse {
36 |
37 | @JsonProperty
38 | private List violations = new ArrayList();
39 |
40 | public ValidationErrorResponse() {
41 | }
42 |
43 | public ValidationErrorResponse(Set> violations) {
44 | for (ConstraintViolation v : violations) {
45 | this.violations.add(v.getMessage());
46 | }
47 | }
48 |
49 | public List getViolations() {
50 | return violations;
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/model/validation/AbstractEntityValid.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model.validation;
20 | import java.lang.annotation.Documented;
21 | import java.lang.annotation.Retention;
22 | import java.lang.annotation.Target;
23 |
24 | import javax.validation.Constraint;
25 | import javax.validation.Payload;
26 |
27 | import static java.lang.annotation.ElementType.TYPE;
28 | import static java.lang.annotation.RetentionPolicy.RUNTIME;
29 |
30 | /**
31 | * Ensures the {@link org.surfnet.oaaas.model.AbstractEntity} is validated.
32 | *
33 | */
34 | @Target( { TYPE })
35 | @Retention(RUNTIME)
36 | @Constraint(validatedBy = AbstractEntityValidator.class)
37 | @Documented
38 | public @interface AbstractEntityValid {
39 |
40 | String message() default "";
41 |
42 | Class[] groups() default {};
43 |
44 | Class[] payload() default {};
45 | }
46 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/model/validation/AbstractEntityValidator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model.validation;
20 |
21 | import javax.validation.ConstraintValidator;
22 | import javax.validation.ConstraintValidatorContext;
23 |
24 | import org.surfnet.oaaas.model.AbstractEntity;
25 |
26 | /**
27 | * {@link ConstraintValidator} that validates {@link org.surfnet.oaaas.model.AbstractEntity} by calling
28 | * the {@link org.surfnet.oaaas.model.AbstractEntity#validate(javax.validation.ConstraintValidatorContext)}
29 | *
30 | */
31 | public class AbstractEntityValidator implements ConstraintValidator {
32 |
33 | @Override
34 | public void initialize(AbstractEntityValid constraintAnnotation) {
35 | }
36 |
37 | @Override
38 | public boolean isValid(AbstractEntity entity, ConstraintValidatorContext context) {
39 | return entity.validate(context);
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopAdminAuthenticator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.noop;
18 |
19 | import java.io.IOException;
20 |
21 | import javax.servlet.FilterChain;
22 | import javax.servlet.ServletException;
23 | import javax.servlet.http.HttpServletRequest;
24 | import javax.servlet.http.HttpServletResponse;
25 |
26 | import org.surfnet.oaaas.auth.AbstractAuthenticator;
27 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
28 |
29 | /**
30 | * Grants isAdmin authority to the Principal
31 | */
32 | public class NoopAdminAuthenticator extends NoopAuthenticator {
33 |
34 | @Override
35 | protected AuthenticatedPrincipal getAuthenticatedPrincipal() {
36 | AuthenticatedPrincipal principal = super.getAuthenticatedPrincipal();
37 | principal.setAdminPrincipal(true);
38 | return principal;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopAuthenticator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.noop;
18 |
19 | import java.io.IOException;
20 |
21 | import javax.servlet.FilterChain;
22 | import javax.servlet.ServletException;
23 | import javax.servlet.http.HttpServletRequest;
24 | import javax.servlet.http.HttpServletResponse;
25 |
26 | import org.surfnet.oaaas.auth.AbstractAuthenticator;
27 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
28 |
29 | /**
30 | * A minimalistic implementation of AbstractAuthenticator that contains no authentication but only fulfills the
31 | * contract of Authenticators.
32 | * Useful for testing and demonstration purposes only, of course not safe for production.
33 | */
34 | public class NoopAuthenticator extends AbstractAuthenticator {
35 |
36 | @Override
37 | public boolean canCommence(HttpServletRequest request) {
38 | return getAuthStateValue(request) != null;
39 | }
40 |
41 | @Override
42 | public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
43 | String authStateValue, String returnUri) throws IOException, ServletException {
44 | super.setAuthStateValue(request, authStateValue);
45 | AuthenticatedPrincipal principal = getAuthenticatedPrincipal();
46 | super.setPrincipal(request, principal);
47 | chain.doFilter(request, response);
48 | }
49 |
50 | protected AuthenticatedPrincipal getAuthenticatedPrincipal() {
51 | return new AuthenticatedPrincipal("noop");
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopResourceOwnerAuthenticator.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.noop;
2 |
3 | import org.surfnet.oaaas.auth.ResourceOwnerAuthenticator;
4 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
5 |
6 | /**
7 | * Minimal implementation of {@link ResourceOwnerAuthenticator} designed to satisfy the contract.
8 | * Useful for testing or demonstration purposes, but clearly not fit for production.
9 | *
10 | * @author sfitts
11 | *
12 | */
13 | public class NoopResourceOwnerAuthenticator implements ResourceOwnerAuthenticator {
14 |
15 | public static final String BAD_USER = "xxxBAD USERxxx";
16 |
17 | @Override
18 | public AuthenticatedPrincipal authenticate(String username, String password) {
19 | if (username == null) {
20 | throw new IllegalArgumentException("Must supply a non-null user name");
21 | }
22 |
23 | if (password == null) {
24 | throw new IllegalArgumentException("Must supply a non-null password.");
25 | }
26 |
27 | // Is this our bad user?
28 | if (BAD_USER.equals(username)) {
29 | return null;
30 | }
31 | return new AuthenticatedPrincipal(username);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/noop/NoopUserConsentHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.noop;
20 |
21 | import java.io.IOException;
22 |
23 | import javax.servlet.FilterChain;
24 | import javax.servlet.ServletException;
25 | import javax.servlet.http.HttpServletRequest;
26 | import javax.servlet.http.HttpServletResponse;
27 |
28 | import org.surfnet.oaaas.auth.AbstractUserConsentHandler;
29 | import org.surfnet.oaaas.auth.UserConsentFilter;
30 | import org.surfnet.oaaas.model.Client;
31 |
32 | /**
33 | * A noop implementation of {@link AbstractUserConsentHandler} that
34 | * contains no consent handling but only fulfills the contract of the
35 | * {@link UserConsentFilter}. Useful for testing and demonstration purposes
36 | * only, of course not safe for production.
37 | *
38 | */
39 | public class NoopUserConsentHandler extends AbstractUserConsentHandler {
40 |
41 | @Override
42 | public void handleUserConsent(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
43 | String authStateValue, String returnUri, Client client) throws IOException, ServletException {
44 | super.setAuthStateValue(request, authStateValue);
45 | super.setGrantedScopes(request, client.getScopes().isEmpty() ? new String[]{ } : client.getScopes().toArray(new
46 | String[client.getScopes().size()]));
47 | chain.doFilter(request, response);
48 |
49 | }
50 |
51 | }
52 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/AccessTokenRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import java.util.List;
20 |
21 | import org.springframework.data.jpa.repository.Query;
22 | import org.springframework.data.repository.CrudRepository;
23 | import org.springframework.stereotype.Repository;
24 | import org.springframework.transaction.annotation.Transactional;
25 | import org.surfnet.oaaas.model.AccessToken;
26 | import org.surfnet.oaaas.model.Client;
27 |
28 | @Repository
29 | public interface AccessTokenRepository extends CrudRepository {
30 |
31 | AccessToken findByToken(String token);
32 |
33 | AccessToken findByTokenAndClient(String token, Client client);
34 |
35 | AccessToken findByRefreshToken(String refreshToken);
36 |
37 | List findByResourceOwnerIdAndClient(String resourceOwnerId, Client client);
38 |
39 | List findByResourceOwnerId(String resourceOwnerId);
40 |
41 | AccessToken findByIdAndResourceOwnerId(Long id, String owner);
42 |
43 | @Query(value = "select count(distinct resourceOwnerId) from accesstoken where client_id = ?1", nativeQuery = true)
44 | Number countByUniqueResourceOwnerIdAndClientId(long clientId);
45 |
46 | @Transactional
47 | void delete(AccessToken token);
48 |
49 | @Query(value="select * from accesstoken where expires > 0 and expires < ?1", nativeQuery = true)
50 | List findByMaxExpires(long expiresBoundary);
51 | }
52 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/AuthorizationRequestRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import org.springframework.data.repository.CrudRepository;
20 | import org.springframework.stereotype.Repository;
21 | import org.surfnet.oaaas.model.AuthorizationRequest;
22 |
23 | @Repository
24 | public interface AuthorizationRequestRepository extends CrudRepository {
25 |
26 | AuthorizationRequest findByAuthState(String authState);
27 |
28 | AuthorizationRequest findByAuthorizationCode(String authorizationCode);
29 |
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import java.util.List;
20 |
21 | import org.springframework.data.repository.CrudRepository;
22 | import org.springframework.stereotype.Repository;
23 | import org.surfnet.oaaas.model.Client;
24 | import org.surfnet.oaaas.model.ResourceServer;
25 |
26 | @Repository
27 | public interface ClientRepository extends CrudRepository {
28 |
29 | List findByResourceServer(ResourceServer resourceServer);
30 |
31 | Client findByIdAndResourceServer(Long id, ResourceServer resourceServer);
32 |
33 | Client findByClientId(String clientId);
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ExceptionTranslator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | public interface ExceptionTranslator {
20 |
21 | Exception translate(Throwable e);
22 | }
23 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/OpenJPAExceptionTranslator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import javax.persistence.PersistenceException;
20 |
21 | import org.apache.openjpa.lib.jdbc.ReportingSQLException;
22 | import org.slf4j.Logger;
23 | import org.slf4j.LoggerFactory;
24 |
25 | public class OpenJPAExceptionTranslator implements ExceptionTranslator {
26 |
27 | private static final Logger LOG = LoggerFactory.getLogger(OpenJPAExceptionTranslator.class);
28 |
29 | @Override
30 | public Exception translate(Throwable e) {
31 | if (e.getCause() != null && isRelevantCause(e.getCause())) {
32 | return translate(e.getCause());
33 | }
34 | Class c = e.getClass();
35 | if (c.equals(org.apache.openjpa.persistence.EntityExistsException.class)) {
36 | return new javax.persistence.EntityExistsException(e.getMessage(), e);
37 | } else if (c.equals(javax.validation.ConstraintViolationException.class)) {
38 | return (Exception) e;
39 | }
40 | LOG.info("Cannot translate '{}' to specific subtype, will return generic PersistenceException",
41 | e.getClass().getName());
42 | return new PersistenceException(e);
43 | }
44 |
45 | /**
46 | * OpenJPA starts with an irrelevant ReportingSQLException....
47 | */
48 | private boolean isRelevantCause(Throwable cause) {
49 | return ! (cause instanceof ReportingSQLException);
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceOwnerRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import org.springframework.data.repository.CrudRepository;
20 | import org.springframework.stereotype.Repository;
21 | import org.surfnet.oaaas.model.ResourceOwner;
22 |
23 | @Repository
24 | public interface ResourceOwnerRepository extends CrudRepository {
25 |
26 | ResourceOwner findByUsername(String username);
27 | }
28 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.repository;
18 |
19 | import java.util.List;
20 |
21 | import org.springframework.data.repository.CrudRepository;
22 | import org.springframework.stereotype.Repository;
23 | import org.surfnet.oaaas.model.ResourceServer;
24 |
25 | @Repository
26 | public interface ResourceServerRepository extends CrudRepository {
27 |
28 | List findByOwner(String owner);
29 |
30 | ResourceServer findByIdAndOwner(Long id, String owner);
31 |
32 | ResourceServer findByKey(String key);
33 | }
34 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/java/org/surfnet/oaaas/support/Cleaner.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.support;
2 |
3 | import org.slf4j.Logger;
4 | import org.slf4j.LoggerFactory;
5 | import org.springframework.scheduling.annotation.Scheduled;
6 | import org.surfnet.oaaas.model.AccessToken;
7 | import org.surfnet.oaaas.repository.AccessTokenRepository;
8 |
9 | import javax.inject.Inject;
10 | import java.util.Date;
11 |
12 | /**
13 | * Helper class that contains scheduled tasks for database cleanup
14 | */
15 | public class Cleaner {
16 | private static final Logger LOG = LoggerFactory.getLogger(Cleaner.class);
17 |
18 | @Inject
19 | private AccessTokenRepository accessTokenRepository;
20 |
21 | /**
22 | * Interval in ms between cleanup jobs
23 | */
24 | private static final long CLEANUP_INTERVAL = 1000 * 3600;
25 |
26 | /**
27 | * Throw away expired tokens after 30 days
28 | */
29 | private static final long EXPIRED_TOKEN_CLEANUP_AGE = 1000L * 3600 * 24 * 30;
30 |
31 | @Scheduled(fixedDelay = CLEANUP_INTERVAL)
32 | public void cleanupExpiredAccessTokens() {
33 | LOG.debug("Cleaning up expired access tokens");
34 | for (AccessToken at : accessTokenRepository.findByMaxExpires(System.currentTimeMillis() - EXPIRED_TOKEN_CLEANUP_AGE)) {
35 | LOG.debug("Deleting expired access token {} (created: {}, expired: {})", at.getToken(), at.getCreationDate(), new Date(at.getExpires()));
36 | accessTokenRepository.delete(at);
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/main/resources/META-INF/persistence.xml:
--------------------------------------------------------------------------------
1 |
16 |
19 |
20 |
21 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/LocalResourceOwnerAuthenticatorTest.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.auth;
2 |
3 | import static org.junit.Assert.assertEquals;
4 | import static org.junit.Assert.assertNotNull;
5 | import static org.junit.Assert.assertNull;
6 | import static org.mockito.Mockito.when;
7 |
8 | import org.junit.Before;
9 | import org.junit.Test;
10 | import org.mockito.InjectMocks;
11 | import org.mockito.Mock;
12 | import org.mockito.MockitoAnnotations;
13 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
14 | import org.surfnet.oaaas.model.ResourceOwner;
15 | import org.surfnet.oaaas.repository.ResourceOwnerRepository;
16 |
17 | public class LocalResourceOwnerAuthenticatorTest {
18 |
19 | private static final String PASSWORD = "password";
20 |
21 | @Mock
22 | private ResourceOwnerRepository resourceOwnerRepository;
23 |
24 | @InjectMocks
25 | private LocalResourceOwnerAuthenticator authenticator = new LocalResourceOwnerAuthenticator();
26 |
27 | private ResourceOwner resourceOwner;
28 |
29 | @Before
30 | public void before() {
31 | MockitoAnnotations.initMocks(this);
32 | this.resourceOwner = createResourceOwner("username");
33 | when(resourceOwnerRepository.findByUsername(this.resourceOwner.getUsername())).thenReturn(resourceOwner);
34 | }
35 |
36 | @Test
37 | public void testAuthenticate() {
38 | AuthenticatedPrincipal principal =
39 | this.authenticator.authenticate(this.resourceOwner.getUsername(), PASSWORD);
40 | assertNotNull(principal);
41 | assertEquals("Principal does not have expected name", this.resourceOwner.getUsername(),
42 | principal.getName());
43 | }
44 |
45 | @Test
46 | public void testAuthenticateBadUser() {
47 | AuthenticatedPrincipal principal = this.authenticator.authenticate("foo", PASSWORD);
48 | assertNull(principal);
49 | }
50 |
51 | @Test
52 | public void testAuthenticateBadPassword() {
53 | AuthenticatedPrincipal principal =
54 | this.authenticator.authenticate(this.resourceOwner.getUsername(), "bad");
55 | assertNull(principal);
56 | }
57 |
58 | private ResourceOwner createResourceOwner(String username) {
59 | ResourceOwner resourceOwner = new ResourceOwner();
60 | resourceOwner.setUsername(username);
61 | resourceOwner.setPassword(PASSWORD);
62 | return resourceOwner;
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/model/AbstractEntityTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model;
20 |
21 | import javax.validation.Validation;
22 | import javax.validation.Validator;
23 | import javax.validation.ValidatorFactory;
24 |
25 | import org.junit.BeforeClass;
26 | import org.junit.Test;
27 |
28 | /**
29 | * {@link Test} for {@link AbstractEntity} subclasses for validation
30 | *
31 | */
32 | public abstract class AbstractEntityTest {
33 |
34 | protected static Validator validator;
35 |
36 | @BeforeClass
37 | public static void setUp() {
38 | ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
39 | validator = factory.getValidator();
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/model/ClientTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model;
20 |
21 | import java.util.Arrays;
22 | import java.util.List;
23 | import java.util.Set;
24 |
25 | import javax.validation.ConstraintViolation;
26 |
27 | import org.junit.Before;
28 | import org.junit.Test;
29 |
30 | import static org.junit.Assert.assertEquals;
31 |
32 | /**
33 | * Test for validation of Client
34 | */
35 | public class ClientTest extends AbstractEntityTest {
36 |
37 | private Client client;
38 |
39 | private List uris = Arrays.asList("http://uri1", "http://uri2");
40 |
41 | @Before
42 | public void setup() {
43 | client = new Client();
44 | client.setName("not-null");
45 | client.setClientId("not-null");
46 | client.setUseRefreshTokens(true);
47 | client.setExpireDuration(60 * 60);
48 | client.setRedirectUris(uris);
49 |
50 | ResourceServer resourceServer = new ResourceServer();
51 | resourceServer.setScopes(Arrays.asList("read", "delete"));
52 | client.setScopes(Arrays.asList("read", "delete"));
53 | client.setResourceServer(resourceServer);
54 |
55 | }
56 |
57 | @Test
58 | public void noErrors() {
59 | Set> violations = validator.validate(client);
60 | assertEquals(0, violations.size());
61 | assertEquals(uris, client.getRedirectUris());
62 | }
63 |
64 | @Test
65 | public void arbitraryScopes() {
66 |
67 | client.setScopes(Arrays.asList("arbitrary", "scopes"));
68 | Set> violations = validator.validate(client);
69 | assertEquals("Client should only be able to use scopes that the resource server defines", 1, violations.size());
70 | }
71 |
72 | @Test
73 | public void redirectUris() {
74 | client.setRedirectUris(Arrays.asList("invalid-uri"));
75 | Set> violations = validator.validate(client);
76 | assertEquals("Client should have valid redirectUris", 1, violations.size());
77 | }
78 | }
79 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/model/ResourceOwnerTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.model;
18 |
19 | import static org.junit.Assert.assertEquals;
20 | import static org.junit.Assert.assertFalse;
21 | import static org.junit.Assert.assertTrue;
22 |
23 | import java.util.Set;
24 |
25 | import javax.validation.ConstraintViolation;
26 |
27 | import org.junit.Before;
28 | import org.junit.Test;
29 |
30 | public class ResourceOwnerTest extends AbstractEntityTest {
31 |
32 | private ResourceOwner resourceOwner;
33 |
34 | private static final String PASSWORD = "password";
35 |
36 | @Before
37 | public void before() {
38 | resourceOwner = new ResourceOwner();
39 | resourceOwner.setUsername("user");
40 | resourceOwner.setPassword(PASSWORD);
41 | }
42 |
43 | @Test
44 | public void validateMinimalistic() {
45 | Set> violations = validator.validate(resourceOwner);
46 | assertEquals("minimal resource owner should have no violations", 0, violations.size());
47 | }
48 |
49 | @Test
50 | public void validateLessThanMinimal() {
51 | resourceOwner = new ResourceOwner();
52 | Set> violations = validator.validate(resourceOwner);
53 | assertEquals("Empty resource owner fails on 2 NotNull-fields", 2, violations.size());
54 | }
55 |
56 | @Test
57 | public void validateCheckPassword() {
58 | assertTrue(resourceOwner.checkPassword(PASSWORD));
59 | assertFalse(resourceOwner.checkPassword("bad"));
60 | }
61 |
62 | }
63 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/repository/AccessTokenRepositoryTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.repository;
20 |
21 | import static org.junit.Assert.assertEquals;
22 |
23 | import org.junit.Test;
24 | import org.surfnet.oaaas.model.AccessToken;
25 |
26 | /**
27 | * {@link Test} for {@link AccessTokenRepository}
28 | *
29 | */
30 | public class AccessTokenRepositoryTest extends AbstractTestRepository {
31 |
32 | @Test
33 | public void testPrincipal() {
34 | AccessTokenRepository repo = getRepository(AccessTokenRepository.class);
35 | AccessToken token = repo.findByToken("00-11-22-33");
36 | assertEquals("it-test-enduser",token.getPrincipal().getName());
37 | }
38 |
39 | @Test
40 | public void testCountByResourceOwnerid() {
41 | AccessTokenRepository repo = getRepository(AccessTokenRepository.class);
42 | Number countByResourceOwnerId = repo.countByUniqueResourceOwnerIdAndClientId(99999);
43 | assertEquals(1L,countByResourceOwnerId.longValue());
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/repository/ResourceOwnerRepositoryTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.repository;
20 |
21 | import static org.junit.Assert.assertEquals;
22 | import static org.junit.Assert.assertNotNull;
23 | import static org.junit.Assert.assertNull;
24 |
25 | import org.junit.Test;
26 | import org.surfnet.oaaas.model.ResourceOwner;
27 |
28 | /**
29 | * {@link Test} for {@link ResourceServerRepository}
30 | *
31 | */
32 | public class ResourceOwnerRepositoryTest extends AbstractTestRepository {
33 |
34 | @Test
35 | public void test() {
36 | ResourceOwnerRepository repo = getRepository(ResourceOwnerRepository.class);
37 |
38 | ResourceOwner ro = repo.findByUsername("emma.blunt");
39 | assertNotNull("Did not find expected resource owner", ro);
40 |
41 | ro = repo.findByUsername("not.here");
42 | assertNull("Found user that shouldn't be there", ro);
43 | }
44 |
45 | @Test
46 | public void findAll() {
47 | ResourceOwnerRepository repo = getRepository(ResourceOwnerRepository.class);
48 | Iterable all = repo.findAll();
49 | int i = 0;
50 | for (ResourceOwner resourceOwner : all) {
51 | assertNotNull(resourceOwner);
52 | i++;
53 | }
54 | assertEquals(1, i);
55 | }
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/AccessTokenResourceTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.resource.resourceserver;
18 |
19 | import org.junit.Before;
20 | import org.junit.Test;
21 | import org.mockito.InjectMocks;
22 | import org.mockito.Mock;
23 | import org.mockito.MockitoAnnotations;
24 | import org.surfnet.oaaas.auth.AuthorizationServerFilter;
25 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
26 | import org.surfnet.oaaas.model.VerifyTokenResponse;
27 | import org.surfnet.oaaas.repository.AccessTokenRepository;
28 | import org.surfnet.oaaas.resource.resourceserver.AccessTokenResource;
29 |
30 | import javax.servlet.http.HttpServletRequest;
31 | import javax.ws.rs.core.Response;
32 | import java.util.Arrays;
33 | import java.util.List;
34 |
35 | import static junit.framework.Assert.assertEquals;
36 | import static org.mockito.Mockito.when;
37 |
38 | public class AccessTokenResourceTest {
39 |
40 | @InjectMocks
41 | private AccessTokenResource accessTokenResource;
42 |
43 | @Mock
44 | private HttpServletRequest request;
45 |
46 | @Mock
47 | private AccessTokenRepository accessTokenRepository;
48 |
49 | @Before
50 | public void before() {
51 | MockitoAnnotations.initMocks(this);
52 | VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse();
53 | verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user"));
54 | verifyTokenResponse.setScopes(Arrays.asList("read"));
55 | when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse);
56 | }
57 |
58 | @Test
59 | public void getAllWhenNoneFound() {
60 |
61 | Response response = accessTokenResource.getAll(request);
62 |
63 | assertEquals(200, response.getStatus());
64 | List tokens = (List) response.getEntity();
65 | assertEquals(0, tokens.size());
66 | }
67 |
68 | }
69 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/ResourceOwnerResourceTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.resource.resourceserver;
18 |
19 | import static junit.framework.Assert.assertEquals;
20 | import static org.mockito.Mockito.when;
21 |
22 | import java.util.Arrays;
23 | import java.util.List;
24 |
25 | import javax.servlet.http.HttpServletRequest;
26 | import javax.ws.rs.core.Response;
27 |
28 | import org.junit.Before;
29 | import org.junit.Test;
30 | import org.mockito.InjectMocks;
31 | import org.mockito.Mock;
32 | import org.mockito.MockitoAnnotations;
33 | import org.surfnet.oaaas.auth.AuthorizationServerFilter;
34 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
35 | import org.surfnet.oaaas.model.ResourceOwner;
36 | import org.surfnet.oaaas.model.VerifyTokenResponse;
37 | import org.surfnet.oaaas.repository.ResourceOwnerRepository;
38 |
39 | public class ResourceOwnerResourceTest {
40 |
41 | @InjectMocks
42 | private ResourceOwnerResource resourceOwnerResource;
43 |
44 | @Mock
45 | private HttpServletRequest request;
46 |
47 | @Mock
48 | private ResourceOwnerRepository resourceOwnerRepository;
49 |
50 | @Before
51 | public void before() throws Exception {
52 | MockitoAnnotations.initMocks(this);
53 | VerifyTokenResponse verifyTokenResponse = new VerifyTokenResponse();
54 | verifyTokenResponse.setPrincipal(new AuthenticatedPrincipal("user"));
55 | verifyTokenResponse.setScopes(Arrays.asList("read"));
56 | when(request.getAttribute(AuthorizationServerFilter.VERIFY_TOKEN_RESPONSE)).thenReturn(verifyTokenResponse);
57 | }
58 |
59 | @Test
60 | public void getAllWhenNoneFound() {
61 |
62 | Response response = resourceOwnerResource.getAll(request);
63 |
64 | assertEquals(200, response.getStatus());
65 | List owners = (List) response.getEntity();
66 | assertEquals(0, owners.size());
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/resourceserver/ResourceServerResourceTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012 SURFnet bv, The Netherlands
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.surfnet.oaaas.resource.resourceserver;
18 |
19 | import static junit.framework.Assert.assertEquals;
20 |
21 | import java.util.Arrays;
22 | import java.util.HashSet;
23 | import java.util.List;
24 | import java.util.Set;
25 |
26 | import org.junit.Before;
27 | import org.junit.Test;
28 | import org.surfnet.oaaas.model.Client;
29 | import org.surfnet.oaaas.resource.resourceserver.ResourceServerResource;
30 |
31 | public class ResourceServerResourceTest {
32 | private ResourceServerResource resourceServerResource;
33 |
34 | @Before
35 | public void setUp() throws Exception {
36 | resourceServerResource = new ResourceServerResource();
37 | }
38 |
39 | @Test
40 | public void pruneScopes() {
41 | Client client1 = new Client();
42 | client1.setScopes(Arrays.asList("scope1"));
43 | Client client2 = new Client();
44 | client2.setScopes(Arrays.asList("scope1", "scope2"));
45 |
46 | Set clients = new HashSet(Arrays.asList(client1, client2));
47 |
48 | List oldScopes = Arrays.asList("scope1");
49 | List newScopes = Arrays.asList("scope2");
50 |
51 | resourceServerResource.pruneClientScopes(newScopes, oldScopes, clients);
52 |
53 | assertEquals(0, client1.getScopes().size());
54 | assertEquals(1, client2.getScopes().size());
55 | assertEquals("scope2", client2.getScopes().get(0));
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/resources/db/migration/hsqldb/V2_1__add_resowner.sql:
--------------------------------------------------------------------------------
1 | CREATE MEMORY TABLE PUBLIC.RESOURCEOWNER(ID BIGINT NOT NULL PRIMARY KEY,CREATIONDATE TIMESTAMP,MODIFICATIONDATE TIMESTAMP,USERNAME VARCHAR(255),PASSWORD VARCHAR(255),CONSTRAINT U_ROWN_USERNAME UNIQUE(USERNAME));
2 | CREATE INDEX I_RSCOWN_USERNAME ON PUBLIC.RESOURCEOWNER(USERNAME);
3 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/resources/db/migration/hsqldb/V2_2__insert_resowner.sql:
--------------------------------------------------------------------------------
1 | /*
2 | emma.blunt
3 | */
4 | INSERT INTO resourceowner (id, username, password)
5 | VALUES (99999,'emma.blunt', 'cafebabe');
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/resources/db/migration/mysql/V1__auth-server-admin.sql:
--------------------------------------------------------------------------------
1 | /*
2 | Local administration application
3 | */
4 | INSERT INTO resourceserver (id, contactEmail, contactName, name, key0, secret, owner, thumbNailUrl)
5 | VALUES
6 | (99998, 'localadmin@example.com','local admin','Authorization Server Apis',
7 | 'authorization-server-admin', 'cafebabe-cafe-babe-cafe-babecafebabe', null, 'https://static.surfconext.nl/media/logo-surfnet-small.png');
8 | INSERT INTO Resourceserver_scopes values (99998, 'read'),(99998, 'write') ;
9 |
10 | INSERT INTO client (id, contactEmail, contactName, description, name, thumbNailUrl, resourceserver_id,
11 | clientId, secret)
12 | VALUES
13 | (99998, 'client@coolapp.com', 'john.doe', 'Javascript application for authorization server administration',
14 | 'Authorization Server Admin Client',
15 | 'https://static.surfconext.nl/media/logo-surfnet-small.png', 99998,
16 | 'authorization-server-admin-js-client', '');
17 | INSERT INTO Client_scopes values (99998, 'read'), (99998, 'write');
18 |
--------------------------------------------------------------------------------
/apis-authorization-server/src/test/resources/logback.xml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
18 |
19 |
20 |
21 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
22 |
23 |
24 |
25 |
26 |
27 |
30 |
31 |
32 |
35 |
36 |
39 |
40 |
41 |
44 |
45 |
48 |
49 |
50 |
52 |
--------------------------------------------------------------------------------
/apis-example-client-app/.gitignore:
--------------------------------------------------------------------------------
1 | .classpath
2 | .project
3 | .settings
4 | .idea
5 | *.iml
6 | target
7 |
--------------------------------------------------------------------------------
/apis-example-client-app/README.md:
--------------------------------------------------------------------------------
1 | Example Client App
2 | ======
3 | The Example Client App is a very simple Spring web application that is developed for demo purposes. With the client app you can see what the typical flow is for real clients of your Resource Server. The prerequisites for seeing the client app in action are:
4 |
5 | - The Authorization Server up and running
6 | - The Example Resource Server up and running
7 |
8 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for detailed instructions.
9 |
10 |
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/java/org/surfnet/oaaas/config/SpringConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.config;
20 |
21 | import javax.inject.Inject;
22 |
23 | import org.springframework.context.annotation.Bean;
24 | import org.springframework.context.annotation.Configuration;
25 | import org.springframework.context.annotation.PropertySource;
26 | import org.springframework.core.env.Environment;
27 | import org.springframework.web.servlet.ViewResolver;
28 | import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
29 | import org.springframework.web.servlet.config.annotation.EnableWebMvc;
30 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
31 | import org.springframework.web.servlet.view.InternalResourceViewResolver;
32 | import org.surfnet.oaaas.web.ClientController;
33 |
34 | /**
35 | * Main spring configuration class. See this link
37 | *
38 | */
39 | @Configuration
40 | @PropertySource("classpath:client.apis.properties")
41 | @EnableWebMvc
42 | public class SpringConfiguration extends WebMvcConfigurerAdapter {
43 |
44 | @Inject
45 | private Environment env;
46 |
47 | @Bean
48 | public ViewResolver viewResolver() {
49 | InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
50 | viewResolver.setPrefix("/WEB-INF/jsp/");
51 | viewResolver.setSuffix(".jsp");
52 | return viewResolver;
53 | }
54 |
55 | @Bean
56 | public ClientController clientController() {
57 | return new ClientController(env);
58 | }
59 |
60 | @Override
61 | public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
62 | configurer.enable();
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
9 |
12 |
13 |
14 | mvc
15 | org.springframework.web.servlet.DispatcherServlet
16 |
17 | contextClass
18 | org.springframework.web.context.support.AnnotationConfigWebApplicationContext
19 |
20 |
21 | contextConfigLocation
22 | org.surfnet.oaaas.config.SpringConfiguration
23 |
24 |
25 | 1
26 |
27 |
28 |
29 |
30 | mvc
31 | /
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.eot
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.svgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.svgz
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.ttf
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/awesome-1.0.0/font/fontawesome-webfont.woff
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings-white.png
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/img/glyphicons-halflings.png
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/bootstrap-2.0.2/readme:
--------------------------------------------------------------------------------
1 | http://twitter.github.com/bootstrap/download.html
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/css/client.css:
--------------------------------------------------------------------------------
1 | .subcontent {
2 | margin: auto;
3 | padding-left: 20px;
4 | }
5 |
6 | .form-horizontal .help-block {
7 | font-size: 0.9em;
8 | }
9 |
10 | .input-xxlarge {
11 | width: 290px;
12 | }
13 |
14 | .alert-http {
15 | margin-bottom: 5px;
16 | }
17 |
18 | .pre-json {
19 | font-size: 10px;
20 | line-height: 14px;
21 | }
22 |
23 | .break-word {
24 | word-wrap: break-word;
25 | width: 350px;
26 | }
27 |
28 | form.horizontal input[readonly="readonly"] {
29 | font-size: 0.85em;
30 | }
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/css/style-additional.css:
--------------------------------------------------------------------------------
1 | div#editResourceServerView { display:none; }
2 |
3 |
4 | /* bootstrap alert */
5 |
6 | .clearfix {
7 | *zoom: 1;
8 | }
9 | .clearfix:before,
10 | .clearfix:after {
11 | display: table;
12 | content: "";
13 | }
14 | .clearfix:after {
15 | clear: both;
16 | }
17 | .hide-text {
18 | font: 0/0 a;
19 | color: transparent;
20 | text-shadow: none;
21 | background-color: transparent;
22 | border: 0;
23 | }
24 | .input-block-level {
25 | display: block;
26 | width: 100%;
27 | min-height: 28px;
28 | -webkit-box-sizing: border-box;
29 | -moz-box-sizing: border-box;
30 | -ms-box-sizing: border-box;
31 | box-sizing: border-box;
32 | }
33 | .alert {
34 | padding: 8px 35px 8px 14px;
35 | margin-bottom: 18px;
36 | text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
37 | background-color: #fcf8e3;
38 | border: 1px solid #fbeed5;
39 | -webkit-border-radius: 4px;
40 | -moz-border-radius: 4px;
41 | border-radius: 4px;
42 | color: #c09853;
43 | }
44 | .alert-heading {
45 | color: inherit;
46 | }
47 | .alert .close {
48 | position: relative;
49 | top: -2px;
50 | right: -21px;
51 | line-height: 18px;
52 | }
53 | .alert-success {
54 | background-color: #dff0d8;
55 | border-color: #d6e9c6;
56 | color: #468847;
57 | }
58 | .alert-danger,
59 | .alert-error {
60 | background-color: #f2dede;
61 | border-color: #eed3d7;
62 | color: #b94a48;
63 | }
64 | .alert-info {
65 | background-color: #d9edf7;
66 | border-color: #bce8f1;
67 | color: #3a87ad;
68 | }
69 | .alert-block {
70 | padding-top: 14px;
71 | padding-bottom: 14px;
72 | }
73 | .alert-block > p,
74 | .alert-block > ul {
75 | margin-bottom: 0;
76 | }
77 | .alert-block p + p {
78 | margin-top: 5px;
79 | }
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/img/surf-oauth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-example-client-app/src/main/webapp/assets/img/surf-oauth.png
--------------------------------------------------------------------------------
/apis-example-client-app/src/main/webapp/assets/js/client.js:
--------------------------------------------------------------------------------
1 | $(function() {
2 | // show the correct step
3 | $('#' + $('input#step').val()).collapse('show');
4 |
5 | // we are in step 3 of implicit grant
6 | // if ($('#parseAnchorForAccesstoken').val() == 'true') {
7 | // value = window.location.hash.replace("#", "");
8 | // $('#parseAnchorForAccesstoken').val('');
9 | // $.get('/v1/test/parseAnchor.shtml?' + value, function(data) {
10 | // $('#responseInfo').html(data);
11 | // $.each(data.split("&"), function(i, value) {
12 | // param = value.split("=");
13 | // if (param[0] == 'access_token') {
14 | // $('#accessTokenValue').html(param[1]);
15 | // }
16 | // });
17 | // });
18 | // }
19 | });
20 |
--------------------------------------------------------------------------------
/apis-example-client-app/src/test/resources/client.apis.properties:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2012 SURFnet bv, The Netherlands
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 |
17 | redirect_uri = http://localhost:8084/redirect
18 | token_uri = http://localhost:8080/oauth2/token
19 | client_id = cool_app_id
20 | client_secret = secret
21 | authorize_url = http://localhost:8080/oauth2/authorize
22 | resource_server_api_url = http://localhost:8180/v1/api/course
--------------------------------------------------------------------------------
/apis-example-resource-server-war/.gitignore:
--------------------------------------------------------------------------------
1 | .classpath
2 | .project
3 | .settings
4 | .idea
5 | *.iml
6 | target
7 |
--------------------------------------------------------------------------------
/apis-example-resource-server-war/README.md:
--------------------------------------------------------------------------------
1 | Example Resource Server War
2 | ======
3 | The Example Resource Server War is a very simple Spring MVC web application that demonstrates how a Resource Server can communicate with the Authorization Server using the `org.surfnet.oaaas.auth.AuthorizationServerFilter` (which is a simple `javax.servlet.Filter`). The `AuthorizationServerFilter` only protects a single JSP page in the apis-example-resource-server-war module.
4 |
5 | To see the in action first start the Authorization Server. Go the authorization-server-war and start the application
6 |
7 | cd apis-authorization-server-war
8 | mvn jetty:run
9 |
10 | Go the apis-example-resource-server-war and start the application (new Terminal session)
11 |
12 | cd apis-example-resource-server-war
13 | mvn jetty:run
14 |
15 | Then perform a curl (new Terminal session):
16 |
17 | curl -i -v -H "Authorization: bearer 00-11-22-33" http://localhost:8082
18 |
19 | You will see the response of the `/apis-example-resource-server-war/src/main/webapp/index.jsp` which should look this:
20 |
21 | AuthenticatedPrincipalImpl [name=it-test-enduser, roles=[user, admin], attributes={}
22 |
23 | This works because of the fact that access token '00-11-22-33' is configured in the dummy data defined in /apis-authorization-server/src/main/resources/db/migration/hsqldb/V1__auth-server-admin.sql
24 |
25 | Also configured in the dummy data defined in /apis-authorization-server/src/main/resources/db/migration/hsqldb/V1__auth-server-admin.sql are the resource server with the key-secret as defined in /apis-example-resource-server-war/src/test/resources/apis-resource-server.properties read by the `org.surfnet.oaaas.auth.AuthorizationServerFilter` configured in `/apis-example-resource-server-war/src/main/webapp/WEB-INF/web.xml`
26 |
27 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/tree/master/apis-example-resource-server) in the other Example Resource Server for detailed instructions on how to demo the entire flow.
28 |
29 |
--------------------------------------------------------------------------------
/apis-example-resource-server-war/pom.xml:
--------------------------------------------------------------------------------
1 |
8 |
9 |
10 | 4.0.0
11 |
12 |
13 | ../pom.xml
14 | nl.surfnet.apis
15 | apis-parent
16 | 1.3.6-SNAPSHOT
17 |
18 |
19 | apis-example-resource-server-war
20 | war
21 | API Secure - example resource server war
22 |
23 |
24 | 8082
25 |
26 |
27 |
28 |
29 | nl.surfnet.apis
30 | apis-authorization-server
31 |
32 |
33 | commons-io
34 | commons-io
35 |
36 |
37 | junit
38 | junit
39 |
40 |
41 |
42 |
43 |
44 |
48 |
49 | org.mortbay.jetty
50 | jetty-maven-plugin
51 | ${jetty-maven-plugin.version}
52 |
53 |
54 | /
55 | ${basedir}/src/test/resources/
56 |
57 |
58 |
59 | ${servlet.port}
60 | 0.0.0.0
61 |
62 |
63 | manual
64 | true
65 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/apis-example-resource-server-war/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
9 |
12 |
13 | oaaas-example-resource-server
14 |
15 |
16 |
17 | authorization-server
18 | org.surfnet.oaaas.auth.AuthorizationServerFilter
19 |
20 |
21 | authorization-server
22 | /*
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/apis-example-resource-server-war/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
1 | <%@page import="org.surfnet.oaaas.model.VerifyTokenResponse"%>
2 | <%= ((VerifyTokenResponse) request.getAttribute("VERIFY_TOKEN_RESPONSE")).getPrincipal() %>
--------------------------------------------------------------------------------
/apis-example-resource-server-war/src/test/java/org/surfnet/oaaas/it/AuthorizationFilterIntegration.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.it;
2 |
3 | import static org.junit.Assert.assertEquals;
4 | import static org.junit.Assert.assertTrue;
5 |
6 | import java.net.HttpURLConnection;
7 | import java.net.URL;
8 |
9 | import org.apache.commons.io.IOUtils;
10 | import org.apache.commons.lang.StringUtils;
11 | import org.junit.Before;
12 | import org.junit.Test;
13 |
14 | /**
15 | *
16 | * See http://maven.apache.org/plugins/maven-failsafe-plugin/examples/inclusion-
17 | * exclusion.html
18 | *
19 | */
20 | public class AuthorizationFilterIntegration {
21 | private String baseUrl;
22 |
23 | @Before
24 | public void setUp() throws Exception {
25 | String port = System.getProperty("servlet.port");
26 | port = (StringUtils.isBlank(port) ? port = "8082" : port);
27 | this.baseUrl = "http://localhost:" + port ;
28 | }
29 |
30 | @Test
31 | public void testCallIndexPage() throws Exception {
32 | URL url = new URL(this.baseUrl);
33 | HttpURLConnection connection = (HttpURLConnection) url.openConnection();
34 | connection.setRequestProperty("Authorization", "bearer 74eccf5f-0995-4e1c-b08c-d05dd5a0f89b");
35 | connection.connect();
36 | assertEquals(200, connection.getResponseCode());
37 | String output = IOUtils.toString(connection.getInputStream());
38 | assertTrue(output.contains("emma.blunt"));
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/apis-example-resource-server-war/src/test/resources/apis-resource-server.properties:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2012 SURFnet bv, The Netherlands
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 |
17 | # The url and key/secret that is used by the Client/Resource Server endpoints to validate the oauth access tokens
18 | adminService.tokenVerificationUrl=http://localhost:8080/v1/tokeninfo
19 | adminService.resourceServerKey=it-test-resource-server
20 | adminService.resourceServerSecret=somesecret
21 | adminService.jsonTypeInfoIncluded=true
22 |
--------------------------------------------------------------------------------
/apis-example-resource-server/.gitignore:
--------------------------------------------------------------------------------
1 | .classpath
2 | .project
3 | .settings
4 | .idea
5 | *.iml
6 | target
7 |
--------------------------------------------------------------------------------
/apis-example-resource-server/README.md:
--------------------------------------------------------------------------------
1 | Example Resource Server
2 | ======
3 | The Example Resource Server is build using [Dropwizard] (http://dropwizard.codahale.com/). It demonstrates a Resource Server depending on the Authorization Server to validate tokens.
4 |
5 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for detailed instructions on how to start the Example Resource Server.
6 |
7 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/AuthConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api;
20 |
21 | /**
22 | * Configuration for Authorization Server
23 | *
24 | */
25 | public class AuthConfiguration {
26 | private String authorizationServerUrl;
27 | private String secret;
28 | private String key;
29 |
30 | /**
31 | * @return the authorizationServerUrl
32 | */
33 | public String getAuthorizationServerUrl() {
34 | return authorizationServerUrl;
35 | }
36 |
37 | /**
38 | * @param authorizationServerUrl
39 | * the authorizationServerUrl to set
40 | */
41 | public void setAuthorizationServerUrl(String authorizationServerUrl) {
42 | this.authorizationServerUrl = authorizationServerUrl;
43 | }
44 |
45 |
46 |
47 | /**
48 | * @return the secret
49 | */
50 | public String getSecret() {
51 | return secret;
52 | }
53 |
54 | /**
55 | * @param secret the secret to set
56 | */
57 | public void setSecret(String secret) {
58 | this.secret = secret;
59 | }
60 |
61 | /**
62 | * @return the key
63 | */
64 | public String getKey() {
65 | return key;
66 | }
67 |
68 | /**
69 | * @param key the key to set
70 | */
71 | public void setKey(String key) {
72 | this.key = key;
73 | }
74 |
75 | }
76 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/UniversityFooConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api;
20 |
21 | import javax.validation.Valid;
22 | import javax.validation.constraints.NotNull;
23 |
24 | import org.codehaus.jackson.annotate.JsonProperty;
25 |
26 | import com.yammer.dropwizard.config.Configuration;
27 |
28 | /**
29 | * Main Configuration
30 | *
31 | */
32 | public class UniversityFooConfiguration extends Configuration {
33 |
34 | @Valid
35 | @NotNull
36 | @JsonProperty
37 | private AuthConfiguration auth = new AuthConfiguration();
38 |
39 | /**
40 | * @return the auth
41 | */
42 | public AuthConfiguration getAuth() {
43 | return auth;
44 | }
45 |
46 | /**
47 | * @param auth the auth to set
48 | */
49 | public void setAuth(AuthConfiguration auth) {
50 | this.auth = auth;
51 | }
52 |
53 | }
54 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/UniversityFooService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api;
20 |
21 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
22 | import org.surfnet.oaaas.example.api.resource.UniversityResource;
23 |
24 | import com.yammer.dropwizard.Service;
25 | import com.yammer.dropwizard.auth.oauth.OAuthProvider;
26 | import com.yammer.dropwizard.config.Environment;
27 |
28 | /**
29 | * Main entry
30 | *
31 | */
32 | public class UniversityFooService extends Service {
33 |
34 | /*
35 | * Used by DropWizard to bootstrap the application. See README.md
36 | */
37 | public static void main(String[] args) throws Exception {
38 | if (args == null || args.length != 2) {
39 | args = new String[] { "server", "university-foo-local.yml" };
40 | }
41 | new UniversityFooService().run(args);
42 | }
43 |
44 | private UniversityFooService() {
45 | super("university-foo");
46 | }
47 |
48 | @Override
49 | protected void initialize(UniversityFooConfiguration configuration, Environment environment)
50 | throws ClassNotFoundException {
51 | environment
52 | .addProvider(new OAuthProvider(new OAuthAuthenticator(configuration), "protected-resources"));
53 | environment.addResource(new UniversityResource());
54 |
55 | }
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/Course.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api.domain;
20 |
21 | /**
22 | * Course representation
23 | *
24 | */
25 | public class Course {
26 | private String id;
27 | private String name;
28 | private String description;
29 |
30 | /**
31 | * @return the id
32 | */
33 | public String getId() {
34 | return id;
35 | }
36 |
37 | /**
38 | * @param id
39 | * the id to set
40 | */
41 | public void setId(String id) {
42 | this.id = id;
43 | }
44 |
45 | /**
46 | * @return the name
47 | */
48 | public String getName() {
49 | return name;
50 | }
51 |
52 | /**
53 | * @param name
54 | * the name to set
55 | */
56 | public void setName(String name) {
57 | this.name = name;
58 | }
59 |
60 | /**
61 | * @return the description
62 | */
63 | public String getDescription() {
64 | return description;
65 | }
66 |
67 | /**
68 | * @param description
69 | * the description to set
70 | */
71 | public void setDescription(String description) {
72 | this.description = description;
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/Student.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api.domain;
20 |
21 | /**
22 | * Student representation
23 | *
24 | */
25 | public class Student {
26 |
27 | private String id;
28 | private String name;
29 | private String email;
30 |
31 | /**
32 | * @return the id
33 | */
34 | public String getId() {
35 | return id;
36 | }
37 | /**
38 | * @param id the id to set
39 | */
40 | public void setId(String id) {
41 | this.id = id;
42 | }
43 | /**
44 | * @return the name
45 | */
46 | public String getName() {
47 | return name;
48 | }
49 | /**
50 | * @param name the name to set
51 | */
52 | public void setName(String name) {
53 | this.name = name;
54 | }
55 | /**
56 | * @return the email
57 | */
58 | public String getEmail() {
59 | return email;
60 | }
61 | /**
62 | * @param email the email to set
63 | */
64 | public void setEmail(String email) {
65 | this.email = email;
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/apis-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/domain/University.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.example.api.domain;
20 |
21 | import java.util.List;
22 |
23 | /**
24 | * Root domain object for our dummy API
25 | *
26 | */
27 | public class University {
28 | private String name;
29 | private List students;
30 | private List courses;
31 |
32 | /**
33 | * @return the name
34 | */
35 | public String getName() {
36 | return name;
37 | }
38 |
39 | /**
40 | * @param name
41 | * the name to set
42 | */
43 | public void setName(String name) {
44 | this.name = name;
45 | }
46 |
47 | /**
48 | * @return the students
49 | */
50 | public List getStudents() {
51 | return students;
52 | }
53 |
54 | /**
55 | * @param students
56 | * the students to set
57 | */
58 | public void setStudents(List students) {
59 | this.students = students;
60 | }
61 |
62 | /**
63 | * @return the courses
64 | */
65 | public List getCourses() {
66 | return courses;
67 | }
68 |
69 | /**
70 | * @param courses
71 | * the courses to set
72 | */
73 | public void setCourses(List courses) {
74 | this.courses = courses;
75 | }
76 |
77 | }
78 |
--------------------------------------------------------------------------------
/apis-example-resource-server/university-foo-local.yml:
--------------------------------------------------------------------------------
1 | http:
2 | port: 8180
3 | adminPort: 8181
4 |
5 | logging:
6 | level: info
7 | loggers:
8 | "org.surfnet": debug
9 | "openjpa": error
10 |
11 | auth:
12 | authorizationServerUrl: http://localhost:8080/v1/tokeninfo
13 | secret: 58b749f7-acb3-44b7-a38c-53d5ad740cf6
14 | key: university-foo
15 |
--------------------------------------------------------------------------------
/apis-images/apis-client.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/apis-client.png
--------------------------------------------------------------------------------
/apis-images/apis_deployment_diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/apis_deployment_diagram.png
--------------------------------------------------------------------------------
/apis-images/cool_app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/cool_app.png
--------------------------------------------------------------------------------
/apis-images/surf-conext-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/surf-conext-logo.png
--------------------------------------------------------------------------------
/apis-images/surf-oauth-client.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/surf-oauth-client.png
--------------------------------------------------------------------------------
/apis-images/surf-oauth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/surf-oauth.png
--------------------------------------------------------------------------------
/apis-images/university.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OAuth-Apis/apis/ec57f6e56f9cd7b497c64820259be83c39dabdb8/apis-images/university.png
--------------------------------------------------------------------------------
/apis-openconext-mock-war/README.md:
--------------------------------------------------------------------------------
1 | OpenConext Mock War
2 | ======
3 | This project can be ignored. It is used internally by the SAML Authenticator.
--------------------------------------------------------------------------------
/apis-openconext-mock-war/pom.xml:
--------------------------------------------------------------------------------
1 |
8 |
9 |
10 | 4.0.0
11 |
12 |
13 | ../pom.xml
14 | nl.surfnet.apis
15 | apis-parent
16 | 1.3.6-SNAPSHOT
17 |
18 |
19 | apis-openconext-mock-war
20 | war
21 | API Secure - mock openconext group api
22 |
23 |
24 | 8080
25 |
26 |
27 |
28 |
29 | org.surfnet.coin
30 | coin-api-client
31 |
32 |
33 | javax.servlet
34 | javax.servlet-api
35 |
36 |
37 | junit
38 | junit
39 |
40 |
41 |
42 |
43 |
44 |
45 |
49 |
50 | org.mortbay.jetty
51 | jetty-maven-plugin
52 | ${jetty-maven-plugin.version}
53 |
54 |
55 | /
56 | ${basedir}/src/test/resources/
57 |
58 |
59 |
60 | ${servlet.port}
61 | 0.0.0.0
62 |
63 |
64 | manual
65 | true
66 |
67 |
68 |
69 |
70 |
71 |
--------------------------------------------------------------------------------
/apis-openconext-mock-war/src/main/java/org/surfnet/oaaas/conext/mock/OpenConextServlet.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.conext.mock;
2 |
3 | import javax.servlet.ServletConfig;
4 | import javax.servlet.ServletException;
5 | import javax.servlet.http.HttpServlet;
6 | import javax.servlet.http.HttpServletRequest;
7 | import javax.servlet.http.HttpServletResponse;
8 | import java.io.IOException;
9 |
10 | public class OpenConextServlet extends HttpServlet {
11 |
12 | private String callBackUrl;
13 |
14 | @Override
15 | public void init(ServletConfig config) throws ServletException {
16 | super.init(config);
17 | callBackUrl = config.getInitParameter("call-back-url");
18 | }
19 |
20 | @Override
21 | protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
22 | resp.sendRedirect(callBackUrl);
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/apis-openconext-mock-war/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
23 |
24 | OpenConext Mock
25 |
26 |
27 | openconext-mock-server
28 | org.surfnet.oaaas.conext.mock.OpenConextServlet
29 |
30 | call-back-url
31 | http://localhost:8080/oauth2/authorize?apiOauthCallback=true
32 |
33 | 1
34 |
35 |
36 |
37 | openconext-mock-server
38 | /authorize/*
39 |
40 |
--------------------------------------------------------------------------------
/apis-resource-server-library/README.md:
--------------------------------------------------------------------------------
1 | Authorization Resource Server Library jar
2 | ======
3 | The Authorization Resource Server Library jar module contains the minimal dependency set for a Resource Server to include if the Resource Servers wants to leverage the Filter that checks the access-token with each API request on the Resource Server.
4 |
5 | For more information how to configure the Filter and protect your endpoints on the Resource Server(s) see:
6 |
7 | * apis/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
8 |
9 | See the documentation in the [README.md](https://github.com/OpenConextApps/apis/blob/master/README.md) in the root project for overall documentation.
10 |
11 |
--------------------------------------------------------------------------------
/apis-resource-server-library/src/main/java/org/surfnet/oaaas/auth/ObjectMapperProvider.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.auth;
20 |
21 | import javax.ws.rs.Produces;
22 | import javax.ws.rs.ext.ContextResolver;
23 | import javax.ws.rs.ext.Provider;
24 |
25 | import org.codehaus.jackson.annotate.JsonAutoDetect;
26 | import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
27 | import org.codehaus.jackson.annotate.JsonMethod;
28 | import org.codehaus.jackson.map.DeserializationConfig;
29 | import org.codehaus.jackson.map.ObjectMapper;
30 | import org.codehaus.jackson.map.annotate.JsonSerialize;
31 | import org.codehaus.jackson.mrbean.MrBeanModule;
32 |
33 | import com.sun.jersey.api.client.Client;
34 |
35 | /**
36 | * We need to be able to set the {@link ObjectMapper} on the {@link Client} to
37 | * make sure the {@link MrBeanModule} is used.
38 | *
39 | */
40 | public class ObjectMapperProvider implements ContextResolver {
41 |
42 | private ObjectMapper mapper;
43 |
44 | public ObjectMapperProvider(){
45 | mapper = new ObjectMapper().enable(DeserializationConfig.Feature.ACCEPT_SINGLE_VALUE_AS_ARRAY).enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL)
46 | .setSerializationInclusion(JsonSerialize.Inclusion.NON_NULL).setVisibility(JsonMethod.FIELD, Visibility.ANY);
47 | mapper.registerModule(new MrBeanModule());
48 | }
49 |
50 | /* (non-Javadoc)
51 | * @see javax.ws.rs.ext.ContextResolver#getContext(java.lang.Class)
52 | */
53 | @Override
54 | public ObjectMapper getContext(Class type) {
55 | return mapper;
56 | }
57 |
58 | }
59 |
--------------------------------------------------------------------------------
/apis-resource-server-library/src/main/java/org/surfnet/oaaas/model/TokenResponseCache.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model;
20 |
21 | public interface TokenResponseCache {
22 |
23 | VerifyTokenResponse getVerifyToken(String accessToken);
24 |
25 | void storeVerifyToken(String accessToken, VerifyTokenResponse tokenResponse);
26 | }
27 |
--------------------------------------------------------------------------------
/apis-resource-server-library/src/test/java/org/surfnet/oaaas/auth/principal/AuthenticatedPrincipalTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 |
20 | package org.surfnet.oaaas.auth.principal;
21 |
22 | import org.junit.Test;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class AuthenticatedPrincipalTest {
27 |
28 | @Test
29 | public void testSerialization() {
30 | AuthenticatedPrincipal principal = new AuthenticatedPrincipal("emma.blunt");
31 | assertEquals("emma.blunt",AuthenticatedPrincipal.deserialize(principal.serialize()).getDisplayName());
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/apis-resource-server-library/src/test/java/org/surfnet/oaaas/auth/principal/BasicAuthCredentialsTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.auth.principal;
20 |
21 | import org.junit.Test;
22 |
23 | import static org.junit.Assert.assertEquals;
24 | import static org.junit.Assert.assertTrue;
25 |
26 | public class BasicAuthCredentialsTest {
27 |
28 | @Test
29 | public void testGetAuthorizationHeaderValue() throws Exception {
30 | BasicAuthCredentials credentials = new BasicAuthCredentials("john.doe","secret");
31 | assertTrue(credentials.isValid());
32 |
33 | BasicAuthCredentials fromAuthValue =
34 | BasicAuthCredentials.createCredentialsFromHeader(credentials.getAuthorizationHeaderValue());
35 | assertEquals(credentials.getUsername(), fromAuthValue.getUsername());
36 | assertEquals(credentials.getPassword(), fromAuthValue.getPassword());
37 |
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/apis-resource-server-library/src/test/java/org/surfnet/oaaas/model/TokenResponseCacheTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.model;
20 |
21 | import org.junit.Test;
22 | import org.junit.Before;
23 |
24 | import static org.junit.Assert.*;
25 |
26 | public class TokenResponseCacheTest {
27 |
28 | private TokenResponseCache cache;
29 |
30 | @Before
31 | public void before() throws Exception {
32 | cache = new TokenResponseCacheImpl(3, 60 * 60 * 24);
33 | }
34 |
35 | @Test
36 | public void testGetVerifyToken() throws Exception {
37 | VerifyTokenResponse verifyToken = cache.getVerifyToken(null);
38 | assertNull(verifyToken);
39 |
40 | VerifyTokenResponse token = new VerifyTokenResponse();
41 | cache.storeVerifyToken("123456", token);
42 |
43 | VerifyTokenResponse res1 = cache.getVerifyToken("123456");
44 | assertEquals(token, res1);
45 |
46 | }
47 |
48 | @Test
49 | public void testStoreVerifyTokenWithMaxSize() throws Exception {
50 | for (int i = 0; i < 5; i++) {
51 | cache.storeVerifyToken(Integer.toString(i), new VerifyTokenResponse());
52 | Thread.sleep(5);
53 | }
54 | for (int i = 0; i < 2; i++) {
55 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i));
56 | assertNull(verifyToken);
57 | }
58 | for (int i = 2; i < 5; i++) {
59 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i));
60 | assertNotNull(verifyToken);
61 | }
62 | }
63 |
64 | @Test
65 | public void testStoreVerifyTokenWithExpires() throws Exception {
66 | cache = new TokenResponseCacheImpl(3, 1);
67 | for (int i = 0; i < 5; i++) {
68 | cache.storeVerifyToken(Integer.toString(i), new VerifyTokenResponse());
69 | }
70 | Thread.sleep(1500);
71 | cache.storeVerifyToken(Integer.toString(10), new VerifyTokenResponse());
72 | for (int i = 0; i < 5; i++) {
73 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(i));
74 | assertNull(verifyToken);
75 | }
76 | VerifyTokenResponse verifyToken = cache.getVerifyToken(Integer.toString(10));
77 | assertNotNull(verifyToken);
78 | }
79 | }
80 |
--------------------------------------------------------------------------------
/apis-surfconext-authn/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
12 | 4.0.0
13 |
14 |
15 | nl.surfnet.apis
16 | apis-parent
17 | 1.3.6-SNAPSHOT
18 |
19 |
20 | apis-surfconext-authn
21 | API Secure - conext authentication plugin
22 |
23 |
24 |
25 | org.surfnet.coin
26 | spring-security-opensaml
27 |
28 |
29 | commons-collections
30 | commons-collections
31 |
32 |
33 |
34 |
35 | nl.surfnet.apis
36 | apis-authorization-server
37 |
38 |
39 | org.surfnet.coin
40 | coin-api-client
41 |
42 |
43 | javax.servlet
44 | javax.servlet-api
45 |
46 |
47 | javax.inject
48 | javax.inject
49 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/apis-surfconext-authn/src/test/java/org/surfnet/oaaas/conext/SAMLAuthenticatedPrincipalTest.java:
--------------------------------------------------------------------------------
1 | package org.surfnet.oaaas.conext;
2 |
3 | import org.junit.Test;
4 | import org.springframework.security.core.GrantedAuthority;
5 | import org.surfnet.oaaas.auth.principal.AuthenticatedPrincipal;
6 |
7 | import java.io.IOException;
8 | import java.util.Arrays;
9 | import java.util.Collection;
10 | import java.util.HashMap;
11 | import java.util.Map;
12 |
13 | import static org.junit.Assert.assertEquals;
14 | import static org.junit.Assert.assertTrue;
15 |
16 | public class SAMLAuthenticatedPrincipalTest {
17 |
18 | @Test
19 | public void testSerialization() throws IOException {
20 | Map attributes = new HashMap();
21 | attributes.put("key", "value");
22 | String identityProvider = "http://universiteit-hardewijk";
23 | String displayName = "gebruiker.pi";
24 | AuthenticatedPrincipal principal = new SAMLAuthenticatedPrincipal("ud.id.name.pi", Arrays.asList(new String[]{"USER", "ADMIN"}), attributes, Arrays.asList(new String[]{"id.group.1", "id.group.2", "id.group.3"}), identityProvider, displayName, true);
25 | String json = principal.serialize();
26 | SAMLAuthenticatedPrincipal samlPrincipal = (SAMLAuthenticatedPrincipal) AuthenticatedPrincipal.deserialize(json);
27 | assertTrue(samlPrincipal.isGroupAware());
28 | assertEquals(identityProvider, samlPrincipal.getIdentityProvider());
29 | assertEquals(displayName, samlPrincipal.getDisplayName());
30 | assertTrue(samlPrincipal.isAdminPrincipal());
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/jetty-connector/README.md:
--------------------------------------------------------------------------------
1 | Jetty Connector for proxied configuration
2 | ======
3 | This project contains an extension plugin for Jetty that permits to permit a proper Apache (or Nginx) proxying.
4 | This extension permits to implement the configuration described here:
5 | ```
6 | https http
7 | ---------> Apache -------> Jetty
8 | ```
9 |
10 | To permit this workflow the request schema is retrieved from the `X-Forwarded-Proto` HTTP header.
11 | This is the standard behavior of Jetty 9, this extension makes it available also in Jetty 8.
12 |
--------------------------------------------------------------------------------
/jetty-connector/pom.xml:
--------------------------------------------------------------------------------
1 |
8 |
9 |
10 | 4.0.0
11 |
12 |
13 | ../pom.xml
14 | nl.surfnet.apis
15 | apis-parent
16 | 1.3.6-SNAPSHOT
17 |
18 |
19 | jetty-connector
20 | jar
21 | Connector to customize schema for Jetty 8
22 |
23 |
24 |
25 | org.mortbay.jetty
26 | jetty-maven-plugin
27 | ${jetty-maven-plugin.version}
28 |
29 |
30 | junit
31 | junit
32 |
33 |
34 | org.mockito
35 | mockito-all
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/jetty-connector/src/main/java/org/surfnet/oaaas/jetty/SelectChannelConnectorHttps.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.jetty;
20 |
21 | import java.util.Enumeration;
22 | import java.io.IOException;
23 | import org.eclipse.jetty.server.Request;
24 | import org.eclipse.jetty.server.nio.SelectChannelConnector;
25 | import org.eclipse.jetty.io.EndPoint;
26 |
27 | /**
28 | * {@link SelectChannelConnector} that sets the request schema according to the
29 | * value eventually specified in the HTTP header name "X-ForwardedProto.
30 | */
31 | public class SelectChannelConnectorHttps extends SelectChannelConnector {
32 |
33 | private static final String X_FORWARDED_PROTO = "x-forwarded-proto";
34 |
35 | private String getHeaderCaseInsensitive(Request request, String headerName) {
36 | Enumeration headerNames = (Enumeration) request.getHeaderNames();
37 | while (headerNames.hasMoreElements()){
38 | String curHeaderName = (String) headerNames.nextElement();
39 | if (curHeaderName.toLowerCase().equals(headerName)) {
40 | return request.getHeader(curHeaderName);
41 | }
42 | }
43 | return null;
44 | }
45 |
46 | @Override
47 | public void customize(EndPoint endpoint, Request request) throws IOException {
48 |
49 | String forwardedProtocol = getHeaderCaseInsensitive(request, X_FORWARDED_PROTO);
50 | if (forwardedProtocol != null) {
51 | if (forwardedProtocol.indexOf("https") >= 0) {
52 | request.setScheme("https");
53 | }
54 | }
55 |
56 | super.customize(endpoint, request);
57 | }
58 |
59 | }
60 |
61 |
--------------------------------------------------------------------------------
/jetty-connector/src/test/java/org/surfnet/oaaas/jetty/SelectChannelConnectorHttpsTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Licensed to the Apache Software Foundation (ASF) under one
3 | * or more contributor license agreements. See the NOTICE file
4 | * distributed with this work for additional information
5 | * regarding copyright ownership. The ASF licenses this file
6 | * to you under the Apache License, Version 2.0 (the
7 | * "License"); you may not use this file except in compliance
8 | * with the License. You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing,
13 | * software distributed under the License is distributed on an
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | * KIND, either express or implied. See the License for the
16 | * specific language governing permissions and limitations
17 | * under the License.
18 | */
19 | package org.surfnet.oaaas.jetty;
20 |
21 | import java.io.IOException;
22 | import java.util.Enumeration;
23 | import java.util.Vector;
24 |
25 | import org.eclipse.jetty.server.Request;
26 | import org.eclipse.jetty.io.EndPoint;
27 |
28 | import org.junit.Test;
29 | import org.mockito.Mockito;
30 | import static org.junit.Assert.assertEquals;
31 |
32 | /**
33 | * {@link Test} that verifies the new Connector handles correctly the request schema depending on
34 | * X-Forwarded-Proto HTTP haeder.
35 | *
36 | */
37 | public class SelectChannelConnectorHttpsTest {
38 |
39 | private static final String HTTP_SCHEME = "http";
40 | private static final String HTTPS_SCHEME = "https";
41 |
42 | private static final String XFORWARDED_PROTO = "X-Forwarded-Proto";
43 |
44 | @Test
45 | public void testSchemaIsChangedAccordingToXForwardedProto() throws IOException {
46 | Request baseRequest = new Request();
47 | final Request request = Mockito.spy(baseRequest);
48 | EndPoint endPoint = Mockito.mock(EndPoint.class);
49 |
50 | Vector headers = new Vector();
51 | headers.add(XFORWARDED_PROTO);
52 | Mockito.doReturn(headers.elements()).when(request).getHeaderNames();
53 | Mockito.doReturn(HTTPS_SCHEME).when(request).getHeader(XFORWARDED_PROTO);
54 |
55 | SelectChannelConnectorHttps connector = new SelectChannelConnectorHttps();
56 | connector.customize(endPoint, request);
57 |
58 | assertEquals(HTTPS_SCHEME, request.getScheme());
59 | }
60 |
61 | @Test
62 | public void testSchemaIsNotChangedForNoXForwardedProto() throws IOException {
63 | Request baseRequest = new Request();
64 | final Request request = Mockito.spy(baseRequest);
65 | EndPoint endPoint = Mockito.mock(EndPoint.class);
66 |
67 | Vector headers = new Vector();
68 | Mockito.doReturn(headers.elements()).when(request).getHeaderNames();
69 |
70 | SelectChannelConnectorHttps connector = new SelectChannelConnectorHttps();
71 | connector.customize(endPoint, request);
72 |
73 | assertEquals(HTTP_SCHEME, request.getScheme());
74 | }
75 |
76 | }
77 |
--------------------------------------------------------------------------------
21 | 
25 |
27 |