From c396205ad49b5d77ea20e30b9ae0d6f97be9bfe5 Mon Sep 17 00:00:00 2001 From: Thiago Zanivan Felisberto Date: Fri, 22 Sep 2017 18:13:35 -0300 Subject: [PATCH 1/2] health check endpoint --- .../oaaas/resource/HealthResource.java | 42 +++++++++++++++++ .../oaaas/resource/HealthResourceTest.java | 45 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/HealthResource.java create mode 100644 apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/HealthResourceTest.java diff --git a/apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/HealthResource.java b/apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/HealthResource.java new file mode 100644 index 00000000..184a0a5f --- /dev/null +++ b/apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/HealthResource.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.surfnet.oaaas.resource; + +import javax.inject.Named; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +/** + * Resource for handling simple health checks, enabling the authorization + * server to be monitored by external watchers/tools. + * + */ +@Named +@Path("/health") +@Produces(MediaType.APPLICATION_JSON) +public class HealthResource { + + @GET + public Response healthCheck() { + return Response.ok("{ \"status\": \"OK\" }").build(); + } +} diff --git a/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/HealthResourceTest.java b/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/HealthResourceTest.java new file mode 100644 index 00000000..7fe29f19 --- /dev/null +++ b/apis-authorization-server/src/test/java/org/surfnet/oaaas/resource/HealthResourceTest.java @@ -0,0 +1,45 @@ +/* + * Copyright 2012 SURFnet bv, The Netherlands + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.surfnet.oaaas.resource; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.InjectMocks; +import org.mockito.MockitoAnnotations; + +import static org.junit.Assert.assertEquals; + +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; + +public class HealthResourceTest { + + @InjectMocks + private HealthResource healthResource; + + @Before + public void before() { + MockitoAnnotations.initMocks(this); + } + + @Test + public void testHealthCheck() { + Response response = healthResource.healthCheck(); + assertEquals("{ \"status\": \"OK\" }", response.getEntity()); + assertEquals(Status.OK.getStatusCode(), response.getStatus()); + } +} From 3d3a44c6ec271c946e369b7e0cfd4c1c42076e65 Mon Sep 17 00:00:00 2001 From: Thiago Zanivan Felisberto Date: Mon, 25 Sep 2017 10:10:25 -0300 Subject: [PATCH 2/2] change on token request validations for password grant type --- .../oaaas/auth/OAuth2ValidatorImpl.java | 19 ++++++++++++------- .../oaaas/auth/OAuth2ValidatorImplTest.java | 16 ++++++++++++++++ 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java b/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java index 5e39feb6..355b82bd 100644 --- a/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java +++ b/apis-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java @@ -199,6 +199,7 @@ protected void validateAttributes(AccessTokenRequest request) { protected void validateClient(AccessTokenRequest accessTokenRequest, BasicAuthCredentials clientCredentials) { Client client = null; + String grantType = accessTokenRequest.getGrantType(); // Were we given client credentials via basic auth? if (!clientCredentials.isNull()) { @@ -208,30 +209,34 @@ protected void validateClient(AccessTokenRequest accessTokenRequest, } client = getClient(clientCredentials.getUsername(), clientCredentials.getPassword(), UNAUTHORIZED_CLIENT); - } else if (!StringUtils.isBlank(accessTokenRequest.getClientId())) { + } else /* if (!StringUtils.isBlank(accessTokenRequest.getClientId())) */ { // Use the request parameters to obtain the client client = getClient(accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret(), - UNKNOWN_CLIENT_ID); + UNKNOWN_CLIENT_ID, !GRANT_TYPE_PASSWORD.equals(grantType)); } // Record the associated client accessTokenRequest.setClient(client); } - - private Client getClient(String clientId, String clientSecret, ValidationResponse error) { + + private Client getClient(String clientId, String clientSecret, ValidationResponse error, boolean isClientSecretRequired) { // Find the indicated client Client client = clientRepository.findByClientId(clientId); if (client == null) { throw new ValidationResponseException(error); } - - // Confirm that the credentials match those for the client - if (!client.verifySecret(clientSecret)) { + + // Confirm that the credentials match those for the client, if required + if (isClientSecretRequired && !client.verifySecret(clientSecret)) { throw new ValidationResponseException(error); } return client; } + private Client getClient(String clientId, String clientSecret, ValidationResponse error) { + return getClient(clientId, clientSecret, error, true); + } + protected void validateAccessTokenRequest(AccessTokenRequest accessTokenRequest) { if (accessTokenRequest.getGrantType().equals(GRANT_TYPE_CLIENT_CREDENTIALS)) { // We must have a client diff --git a/apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java b/apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java index 3e3d97ad..51c0f294 100644 --- a/apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java +++ b/apis-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java @@ -208,4 +208,20 @@ private AuthorizationRequest getAuthorizationRequest(Client client) { return request; } + @Test + public void testPasswordTokenRequest() { + AccessTokenRequest invalidAccessTokenRequest = new AccessTokenRequest(); + invalidAccessTokenRequest.setGrantType(OAuth2Validator.GRANT_TYPE_PASSWORD); + invalidAccessTokenRequest.setClientId(client.getClientId()); + ValidationResponse invalidResponse = validator.validate(invalidAccessTokenRequest, BasicAuthCredentials.createCredentialsFromHeader(null)); + assertEquals(ValidationResponse.INVALID_GRANT_PASSWORD, invalidResponse); + + AccessTokenRequest validAccessTokenRequest = new AccessTokenRequest(); + validAccessTokenRequest.setGrantType(OAuth2Validator.GRANT_TYPE_PASSWORD); + validAccessTokenRequest.setClientId(client.getClientId()); + validAccessTokenRequest.setUsername("username"); + validAccessTokenRequest.setPassword("password"); + ValidationResponse validResponse = validator.validate(validAccessTokenRequest, BasicAuthCredentials.createCredentialsFromHeader(null)); + assertEquals(ValidationResponse.VALID, validResponse); + } }