aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authn-sts
diff options
context:
space:
mode:
authorDUVAL Thomas <thomas.duval@orange.com>2016-06-16 14:49:55 +0200
committerDUVAL Thomas <thomas.duval@orange.com>2016-06-16 14:49:55 +0200
commit506a1fc1252268fa31ba89882ea55b7665579965 (patch)
treeb7f83bb4578e227e3b7a2dbe938864e27f38156f /odl-aaa-moon/aaa-authn-sts
parent4bc079a2664f9a407e332291f34d174625a9d5ea (diff)
Delete old files
Change-Id: I35cf053f404ba4134eeef46ef177259340634d4f
Diffstat (limited to 'odl-aaa-moon/aaa-authn-sts')
-rw-r--r--odl-aaa-moon/aaa-authn-sts/pom.xml112
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/Activator.java207
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousPasswordValidator.java30
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousRefreshTokenValidator.java29
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/OAuthRequest.java42
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/ServiceLocator.java141
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenAuthFilter.java148
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenEndpoint.java242
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/main/resources/WEB-INF/web.xml23
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java34
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java94
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java164
12 files changed, 0 insertions, 1266 deletions
diff --git a/odl-aaa-moon/aaa-authn-sts/pom.xml b/odl-aaa-moon/aaa-authn-sts/pom.xml
deleted file mode 100644
index 25ac0fe6..00000000
--- a/odl-aaa-moon/aaa-authn-sts/pom.xml
+++ /dev/null
@@ -1,112 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.opendaylight.aaa</groupId>
- <artifactId>aaa-parent</artifactId>
- <version>0.3.1-Beryllium-SR1</version>
- <relativePath>../parent</relativePath>
- </parent>
-
- <artifactId>aaa-authn-sts</artifactId>
- <packaging>bundle</packaging>
-
- <dependencies>
- <dependency>
- <groupId>org.opendaylight.aaa</groupId>
- <artifactId>aaa-authn</artifactId>
- </dependency>
- <dependency>
- <groupId>org.opendaylight.aaa</groupId>
- <artifactId>aaa-authn-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>com.sun.jersey</groupId>
- <artifactId>jersey-server</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.oltu.oauth2</groupId>
- <artifactId>org.apache.oltu.oauth2.authzserver</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.oltu.oauth2</groupId>
- <artifactId>org.apache.oltu.oauth2.common</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.oltu.oauth2</groupId>
- <artifactId>org.apache.oltu.oauth2.resourceserver</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.dependencymanager</artifactId>
- <scope>provided</scope>
- </dependency>
- <!-- Testing Dependencies -->
- <dependency>
- <groupId>com.sun.jersey.jersey-test-framework</groupId>
- <artifactId>jersey-test-framework-grizzly2</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlet-tester</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- <Import-Package>
- *,
- com.sun.jersey.spi.container.servlet
- </Import-Package>
- <Web-ContextPath>/oauth2</Web-ContextPath>
- <Bundle-Activator>org.opendaylight.aaa.sts.Activator</Bundle-Activator>
- <manifestLocation>${project.basedir}/META-INF</manifestLocation>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
-</project>
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/Activator.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/Activator.java
deleted file mode 100644
index 1bf4591d..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/Activator.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import com.google.common.base.Function;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableList.Builder;
-import com.google.common.collect.Lists;
-import java.util.List;
-import org.apache.felix.dm.DependencyActivatorBase;
-import org.apache.felix.dm.DependencyManager;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.ClaimAuth;
-import org.opendaylight.aaa.api.ClientService;
-import org.opendaylight.aaa.api.CredentialAuth;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.aaa.api.TokenAuth;
-import org.opendaylight.aaa.api.TokenStore;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceReference;
-import org.osgi.util.tracker.ServiceTracker;
-import org.osgi.util.tracker.ServiceTrackerCustomizer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * An activator for the secure token server to inject in a
- * {@link CredentialAuth} implementation.
- *
- * @author liemmn
- * @author Ryan Goulding (ryandgoulding@gmail.com)
- */
-public class Activator extends DependencyActivatorBase {
-
- private static final Logger LOG = LoggerFactory.getLogger(Activator.class);
-
- // Definition of several methods called in the ServiceLocator through
- // Reflection
- private static final String AUTHENTICATION_SERVICE_REMOVED = "authenticationServiceRemoved";
- private static final String AUTHENTICATION_SERVICE_ADDED = "authenticationServiceAdded";
- private static final String TOKEN_STORE_REMOVED = "tokenStoreRemoved";
- private static final String TOKEN_STORE_ADDED = "tokenStoreAdded";
- private static final String TOKEN_AUTH_REMOVED = "tokenAuthRemoved";
- private static final String TOKEN_AUTH_ADDED = "tokenAuthAdded";
- private static final String CLAIM_AUTH_REMOVED = "claimAuthRemoved";
- private static final String CLAIM_AUTH_ADDED = "claimAuthAdded";
- private static final String CREDENTIAL_AUTH_REMOVED = "credentialAuthRemoved";
- private static final String CREDENTIAL_AUTH_ADDED = "credentialAuthAdded";
-
- // A collection of all services, which is used for closing ServiceTrackers
- private ImmutableList<ServiceTracker<?, ?>> services;
-
- @Override
- public void init(BundleContext context, DependencyManager manager) throws Exception {
-
- LOG.info("STS Activator initializing");
- manager.add(createComponent().setImplementation(ServiceLocator.getInstance())
- .add(createServiceDependency().setService(CredentialAuth.class)
- .setRequired(true)
- .setCallbacks(
- CREDENTIAL_AUTH_ADDED,
- CREDENTIAL_AUTH_REMOVED))
- .add(createServiceDependency().setService(ClaimAuth.class)
- .setRequired(false)
- .setCallbacks(CLAIM_AUTH_ADDED,
- CLAIM_AUTH_REMOVED))
- .add(createServiceDependency().setService(TokenAuth.class)
- .setRequired(false)
- .setCallbacks(TOKEN_AUTH_ADDED,
- TOKEN_AUTH_REMOVED))
- .add(createServiceDependency().setService(TokenStore.class)
- .setRequired(true)
- .setCallbacks(TOKEN_STORE_ADDED,
- TOKEN_STORE_REMOVED))
- .add(createServiceDependency().setService(TokenStore.class)
- .setRequired(true))
- .add(createServiceDependency().setService(
- AuthenticationService.class)
- .setRequired(true)
- .setCallbacks(
- AUTHENTICATION_SERVICE_ADDED,
- AUTHENTICATION_SERVICE_REMOVED))
- .add(createServiceDependency().setService(IdMService.class)
- .setRequired(true))
- .add(createServiceDependency().setService(ClientService.class)
- .setRequired(true)));
-
- final Builder<ServiceTracker<?, ?>> servicesBuilder = new ImmutableList.Builder<ServiceTracker<?, ?>>();
-
- // Async ServiceTrackers to track and load AAA STS bundles
- final ServiceTracker<AuthenticationService, AuthenticationService> authenticationService = new ServiceTracker<>(
- context, AuthenticationService.class,
- new AAAServiceTrackerCustomizer<AuthenticationService>(
- new Function<AuthenticationService, Void>() {
- @Override
- public Void apply(AuthenticationService authenticationService) {
- ServiceLocator.getInstance().setAuthenticationService(
- authenticationService);
- return null;
- }
- }));
- servicesBuilder.add(authenticationService);
- authenticationService.open();
-
- final ServiceTracker<IdMService, IdMService> idmService = new ServiceTracker<>(context,
- IdMService.class, new AAAServiceTrackerCustomizer<IdMService>(
- new Function<IdMService, Void>() {
- @Override
- public Void apply(IdMService idmService) {
- ServiceLocator.getInstance().setIdmService(idmService);
- return null;
- }
- }));
- servicesBuilder.add(idmService);
- idmService.open();
-
- final ServiceTracker<TokenAuth, TokenAuth> tokenAuthService = new ServiceTracker<>(context,
- TokenAuth.class, new AAAServiceTrackerCustomizer<TokenAuth>(
- new Function<TokenAuth, Void>() {
- @Override
- public Void apply(TokenAuth tokenAuth) {
- final List<TokenAuth> tokenAuthCollection = (List<TokenAuth>) Lists.newArrayList(tokenAuth);
- ServiceLocator.getInstance().setTokenAuthCollection(
- tokenAuthCollection);
- return null;
- }
- }));
- servicesBuilder.add(tokenAuthService);
- tokenAuthService.open();
-
- final ServiceTracker<TokenStore, TokenStore> tokenStoreService = new ServiceTracker<>(
- context, TokenStore.class, new AAAServiceTrackerCustomizer<TokenStore>(
- new Function<TokenStore, Void>() {
- @Override
- public Void apply(TokenStore tokenStore) {
- ServiceLocator.getInstance().setTokenStore(tokenStore);
- return null;
- }
- }));
- servicesBuilder.add(tokenStoreService);
- tokenStoreService.open();
-
- final ServiceTracker<ClientService, ClientService> clientService = new ServiceTracker<>(
- context, ClientService.class, new AAAServiceTrackerCustomizer<ClientService>(
- new Function<ClientService, Void>() {
- @Override
- public Void apply(ClientService clientService) {
- ServiceLocator.getInstance().setClientService(clientService);
- return null;
- }
- }));
- servicesBuilder.add(clientService);
- clientService.open();
-
- services = servicesBuilder.build();
-
- LOG.info("STS Activator initialized; ServiceTracker may still be processing");
- }
-
- /**
- * Wrapper for AAA generic service loading.
- *
- * @param <S>
- */
- static final class AAAServiceTrackerCustomizer<S> implements ServiceTrackerCustomizer<S, S> {
-
- private Function<S, Void> callback;
-
- public AAAServiceTrackerCustomizer(final Function<S, Void> callback) {
- this.callback = callback;
- }
-
- @Override
- public S addingService(ServiceReference<S> reference) {
- S service = reference.getBundle().getBundleContext().getService(reference);
- LOG.info("Unable to resolve {}", service.getClass());
- try {
- callback.apply(service);
- } catch (Exception e) {
- LOG.error("Unable to resolve {}", service.getClass(), e);
- }
- return service;
- }
-
- @Override
- public void modifiedService(ServiceReference<S> reference, S service) {
- }
-
- @Override
- public void removedService(ServiceReference<S> reference, S service) {
- }
- }
-
- @Override
- public void destroy(BundleContext context, DependencyManager manager) throws Exception {
-
- for (ServiceTracker<?, ?> serviceTracker : services) {
- serviceTracker.close();
- }
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousPasswordValidator.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousPasswordValidator.java
deleted file mode 100644
index 55b5b61f..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousPasswordValidator.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import javax.servlet.http.HttpServletRequest;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-/**
- * A password validator that does not enforce client identification.
- *
- * @author liemmn
- *
- */
-public class AnonymousPasswordValidator extends AbstractValidator<HttpServletRequest> {
-
- public AnonymousPasswordValidator() {
- requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
- requiredParams.add(OAuth.OAUTH_USERNAME);
- requiredParams.add(OAuth.OAUTH_PASSWORD);
-
- enforceClientAuthentication = false;
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousRefreshTokenValidator.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousRefreshTokenValidator.java
deleted file mode 100644
index 5b50c7da..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/AnonymousRefreshTokenValidator.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import javax.servlet.http.HttpServletRequest;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-/**
- * A refresh token validator that does not enforce client identification.
- *
- * @author liemmn
- *
- */
-public class AnonymousRefreshTokenValidator extends AbstractValidator<HttpServletRequest> {
-
- public AnonymousRefreshTokenValidator() {
- requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
- requiredParams.add(OAuth.OAUTH_REFRESH_TOKEN);
-
- enforceClientAuthentication = false;
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/OAuthRequest.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/OAuthRequest.java
deleted file mode 100644
index 2a2b34b6..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/OAuthRequest.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import javax.servlet.http.HttpServletRequest;
-import org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest;
-import org.apache.oltu.oauth2.as.validator.UnauthenticatedAuthorizationCodeValidator;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-/**
- * OAuth request wrapper.
- *
- * @author liemmn
- *
- */
-public class OAuthRequest extends AbstractOAuthTokenRequest {
-
- public OAuthRequest(HttpServletRequest request) throws OAuthSystemException,
- OAuthProblemException {
- super(request);
- }
-
- @Override
- public OAuthValidator<HttpServletRequest> initValidator() throws OAuthProblemException,
- OAuthSystemException {
- validators.put(GrantType.PASSWORD.toString(), AnonymousPasswordValidator.class);
- validators.put(GrantType.REFRESH_TOKEN.toString(), AnonymousRefreshTokenValidator.class);
- validators.put(GrantType.AUTHORIZATION_CODE.toString(),
- UnauthenticatedAuthorizationCodeValidator.class);
- return super.initValidator();
- }
-
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/ServiceLocator.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/ServiceLocator.java
deleted file mode 100644
index 2c1f84c3..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/ServiceLocator.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import java.util.List;
-import java.util.Vector;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.ClientService;
-import org.opendaylight.aaa.api.CredentialAuth;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.aaa.api.PasswordCredentials;
-import org.opendaylight.aaa.api.TokenAuth;
-import org.opendaylight.aaa.api.TokenStore;
-
-/**
- * A service locator to bridge between the web world and OSGi world.
- *
- * @author liemmn
- *
- */
-public class ServiceLocator {
-
- private static final ServiceLocator instance = new ServiceLocator();
-
- protected volatile List<TokenAuth> tokenAuthCollection = new Vector<>();
-
- protected volatile CredentialAuth<PasswordCredentials> credentialAuth;
-
- protected volatile TokenStore tokenStore;
-
- protected volatile AuthenticationService authenticationService;
-
- protected volatile IdMService idmService;
-
- protected volatile ClientService clientService;
-
- private ServiceLocator() {
- }
-
- public static ServiceLocator getInstance() {
- return instance;
- }
-
- /**
- * Called through reflection by the sts activator.
- *
- * @see org.opendaylight.aaa.sts.Activator
- * @param ta
- */
- protected void tokenAuthAdded(TokenAuth ta) {
- this.tokenAuthCollection.add(ta);
- }
-
- /**
- * Called through reflection by the sts activator.
- *
- * @see org.opendaylight.aaa.sts.Activator
- * @param ta
- */
- protected void tokenAuthRemoved(TokenAuth ta) {
- this.tokenAuthCollection.remove(ta);
- }
-
- protected void tokenStoreAdded(TokenStore ts) {
- this.tokenStore = ts;
- }
-
- protected void tokenStoreRemoved(TokenStore ts) {
- this.tokenStore = null;
- }
-
- protected void authenticationServiceAdded(AuthenticationService as) {
- this.authenticationService = as;
- }
-
- protected void authenticationServiceRemoved(AuthenticationService as) {
- this.authenticationService = null;
- }
-
- protected void credentialAuthAdded(CredentialAuth<PasswordCredentials> da) {
- this.credentialAuth = da;
- }
-
- protected void credentialAuthAddedRemoved(CredentialAuth<PasswordCredentials> da) {
- this.credentialAuth = null;
- }
-
- public List<TokenAuth> getTokenAuthCollection() {
- return tokenAuthCollection;
- }
-
- public void setTokenAuthCollection(List<TokenAuth> tokenAuthCollection) {
- this.tokenAuthCollection = tokenAuthCollection;
- }
-
- public CredentialAuth<PasswordCredentials> getCredentialAuth() {
- return credentialAuth;
- }
-
- public synchronized void setCredentialAuth(CredentialAuth<PasswordCredentials> credentialAuth) {
- this.credentialAuth = credentialAuth;
- }
-
- public TokenStore getTokenStore() {
- return tokenStore;
- }
-
- public void setTokenStore(TokenStore tokenStore) {
- this.tokenStore = tokenStore;
- }
-
- public AuthenticationService getAuthenticationService() {
- return authenticationService;
- }
-
- public void setAuthenticationService(AuthenticationService authenticationService) {
- this.authenticationService = authenticationService;
- }
-
- public IdMService getIdmService() {
- return idmService;
- }
-
- public void setIdmService(IdMService idmService) {
- this.idmService = idmService;
- }
-
- public ClientService getClientService() {
- return clientService;
- }
-
- public void setClientService(ClientService clientService) {
- this.clientService = clientService;
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenAuthFilter.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenAuthFilter.java
deleted file mode 100644
index 3fa7a66c..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenAuthFilter.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import com.sun.jersey.spi.container.ContainerRequest;
-import com.sun.jersey.spi.container.ContainerRequestFilter;
-import java.util.List;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
-import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationException;
-import org.opendaylight.aaa.api.TokenAuth;
-
-/**
- * A token-based authentication filter for resource providers.
- *
- * Deprecated: Use <code>AAAFilter</code> instead.
- *
- * @author liemmn
- *
- */
-@Deprecated
-public class TokenAuthFilter implements ContainerRequestFilter {
-
- private final String OPTIONS = "OPTIONS";
- private final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
- private final String AUTHORIZATION = "authorization";
-
- @Context
- private HttpServletRequest httpRequest;
-
- @Override
- public ContainerRequest filter(ContainerRequest request) {
-
- // Do the CORS check first
- if (checkCORSOptionRequest(request)) {
- return request;
- }
-
- // Are we up yet?
- if (ServiceLocator.getInstance().getAuthenticationService() == null) {
- throw new WebApplicationException(
- Response.status(Status.SERVICE_UNAVAILABLE).type(MediaType.APPLICATION_JSON)
- .entity("{\"error\":\"Authentication service unavailable\"}").build());
- }
-
- // Are we doing authentication or not?
- if (ServiceLocator.getInstance().getAuthenticationService().isAuthEnabled()) {
- Map<String, List<String>> headers = request.getRequestHeaders();
-
- // Go through and invoke other TokenAuth first...
- List<TokenAuth> tokenAuthCollection = ServiceLocator.getInstance()
- .getTokenAuthCollection();
- for (TokenAuth ta : tokenAuthCollection) {
- try {
- Authentication auth = ta.validate(headers);
- if (auth != null) {
- ServiceLocator.getInstance().getAuthenticationService().set(auth);
- return request;
- }
- } catch (AuthenticationException ae) {
- throw unauthorized();
- }
- }
-
- // OK, last chance to validate token...
- try {
- OAuthAccessResourceRequest or = new OAuthAccessResourceRequest(httpRequest,
- ParameterStyle.HEADER);
- validate(or.getAccessToken());
- } catch (OAuthSystemException | OAuthProblemException e) {
- throw unauthorized();
- }
- }
-
- return request;
- }
-
- /**
- * CORS access control : when browser sends cross-origin request, it first
- * sends the OPTIONS method with a list of access control request headers,
- * which has a list of custom headers and access control method such as GET.
- * POST etc. You custom header "Authorization will not be present in request
- * header, instead it will be present as a value inside
- * Access-Control-Request-Headers. We should not do any authorization
- * against such request. for more details :
- * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
- */
-
- private boolean checkCORSOptionRequest(ContainerRequest request) {
- if (OPTIONS.equals(request.getMethod())) {
- List<String> headerList = request.getRequestHeader(ACCESS_CONTROL_REQUEST_HEADERS);
- if (headerList != null && !headerList.isEmpty()) {
- String header = headerList.get(0);
- if (header != null && header.toLowerCase().contains(AUTHORIZATION)) {
- return true;
- }
- }
- }
- return false;
- }
-
- // Validate an ODL token...
- private Authentication validate(final String token) {
- Authentication auth = ServiceLocator.getInstance().getTokenStore().get(token);
- if (auth == null) {
- throw unauthorized();
- } else {
- ServiceLocator.getInstance().getAuthenticationService().set(auth);
- }
- return auth;
- }
-
- // Houston, we got a problem!
- private static final WebApplicationException unauthorized() {
- ServiceLocator.getInstance().getAuthenticationService().clear();
- return new UnauthorizedException();
- }
-
- // A custom 401 web exception that handles http basic response as well
- static final class UnauthorizedException extends WebApplicationException {
- private static final long serialVersionUID = -1732363804773027793L;
- static final String WWW_AUTHENTICATE = "WWW-Authenticate";
- static final Object OPENDAYLIGHT = "Basic realm=\"opendaylight\"";
- private static final Response response = Response.status(Status.UNAUTHORIZED)
- .header(WWW_AUTHENTICATE, OPENDAYLIGHT)
- .build();
-
- public UnauthorizedException() {
- super(response);
- }
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenEndpoint.java b/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenEndpoint.java
deleted file mode 100644
index a456d702..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/java/org/opendaylight/aaa/sts/TokenEndpoint.java
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
-import static javax.servlet.http.HttpServletResponse.SC_CREATED;
-import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
-import static javax.servlet.http.HttpServletResponse.SC_NOT_IMPLEMENTED;
-import static javax.servlet.http.HttpServletResponse.SC_NO_CONTENT;
-import static javax.servlet.http.HttpServletResponse.SC_OK;
-import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.List;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
-import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
-import org.apache.oltu.oauth2.as.issuer.UUIDValueGenerator;
-import org.apache.oltu.oauth2.as.response.OAuthASResponse;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.message.OAuthResponse;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
-import org.apache.oltu.oauth2.common.message.types.TokenType;
-import org.opendaylight.aaa.AuthenticationBuilder;
-import org.opendaylight.aaa.ClaimBuilder;
-import org.opendaylight.aaa.PasswordCredentialBuilder;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationException;
-import org.opendaylight.aaa.api.Claim;
-import org.opendaylight.aaa.api.PasswordCredentials;
-
-/**
- * Secure Token Service (STS) endpoint.
- *
- * @author liemmn
- *
- */
-public class TokenEndpoint extends HttpServlet {
- private static final long serialVersionUID = 8272453849539659999L;
-
- private static final String DOMAIN_SCOPE_REQUIRED = "Domain scope required";
- private static final String NOT_IMPLEMENTED = "not_implemented";
- private static final String UNAUTHORIZED = "unauthorized";
-
- static final String TOKEN_GRANT_ENDPOINT = "/token";
- static final String TOKEN_REVOKE_ENDPOINT = "/revoke";
- static final String TOKEN_VALIDATE_ENDPOINT = "/validate";
-
- private transient OAuthIssuer oi;
-
- @Override
- public void init(ServletConfig config) throws ServletException {
- oi = new OAuthIssuerImpl(new UUIDValueGenerator());
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- try {
- if (req.getServletPath().equals(TOKEN_GRANT_ENDPOINT)) {
- createAccessToken(req, resp);
- } else if (req.getServletPath().equals(TOKEN_REVOKE_ENDPOINT)) {
- deleteAccessToken(req, resp);
- } else if (req.getServletPath().equals(TOKEN_VALIDATE_ENDPOINT)) {
- validateToken(req, resp);
- }
- } catch (AuthenticationException e) {
- error(resp, SC_UNAUTHORIZED, e.getMessage());
- } catch (OAuthProblemException oe) {
- error(resp, oe);
- } catch (Exception e) {
- error(resp, e);
- }
- }
-
- private void validateToken(HttpServletRequest req, HttpServletResponse resp)
- throws IOException, OAuthSystemException {
- String token = req.getReader().readLine();
- if (token != null) {
- Authentication authn = ServiceLocator.getInstance().getTokenStore().get(token.trim());
- if (authn == null) {
- throw new AuthenticationException(UNAUTHORIZED);
- } else {
- ServiceLocator.getInstance().getAuthenticationService().set(authn);
- resp.setStatus(SC_OK);
- }
- } else {
- throw new AuthenticationException(UNAUTHORIZED);
- }
- }
-
- // Delete an access token
- private void deleteAccessToken(HttpServletRequest req, HttpServletResponse resp)
- throws IOException {
- String token = req.getReader().readLine();
- if (token != null) {
- if (ServiceLocator.getInstance().getTokenStore().delete(token.trim())) {
- resp.setStatus(SC_NO_CONTENT);
- } else {
- throw new AuthenticationException(UNAUTHORIZED);
- }
- } else {
- throw new AuthenticationException(UNAUTHORIZED);
- }
- }
-
- // Create an access token
- private void createAccessToken(HttpServletRequest req, HttpServletResponse resp)
- throws OAuthSystemException, OAuthProblemException, IOException {
- Claim claim = null;
- String clientId = null;
-
- OAuthRequest oauthRequest = new OAuthRequest(req);
- // Any client credentials?
- clientId = oauthRequest.getClientId();
- if (clientId != null) {
- ServiceLocator.getInstance().getClientService()
- .validate(clientId, oauthRequest.getClientSecret());
- }
-
- // Credential request...
- if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.PASSWORD.toString())) {
- String domain = oauthRequest.getScopes().iterator().next();
- PasswordCredentials pc = new PasswordCredentialBuilder().setUserName(
- oauthRequest.getUsername()).setPassword(oauthRequest.getPassword())
- .setDomain(domain).build();
- if (!oauthRequest.getScopes().isEmpty()) {
- claim = ServiceLocator.getInstance().getCredentialAuth().authenticate(pc);
- }
- } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(
- GrantType.REFRESH_TOKEN.toString())) {
- // Refresh token...
- String token = oauthRequest.getRefreshToken();
- if (!oauthRequest.getScopes().isEmpty()) {
- String domain = oauthRequest.getScopes().iterator().next();
- // Authenticate...
- Authentication auth = ServiceLocator.getInstance().getTokenStore().get(token);
- if (auth != null && domain != null) {
- List<String> roles = ServiceLocator.getInstance().getIdmService()
- .listRoles(auth.userId(), domain);
- if (!roles.isEmpty()) {
- ClaimBuilder cb = new ClaimBuilder(auth);
- cb.setDomain(domain); // scope domain
- // Add roles for the scoped domain
- for (String role : roles) {
- cb.addRole(role);
- }
- claim = cb.build();
- }
- }
- } else {
- error(resp, SC_BAD_REQUEST, DOMAIN_SCOPE_REQUIRED);
- }
- } else {
- // Support authorization code later...
- error(resp, SC_NOT_IMPLEMENTED, NOT_IMPLEMENTED);
- }
-
- // Respond with OAuth token
- oauthAccessTokenResponse(resp, claim, clientId);
- }
-
- // Build OAuth access token response from the given claim
- private void oauthAccessTokenResponse(HttpServletResponse resp, Claim claim, String clientId)
- throws OAuthSystemException, IOException {
- if (claim == null) {
- throw new AuthenticationException(UNAUTHORIZED);
- }
- String token = oi.accessToken();
-
- // Cache this token...
- Authentication auth = new AuthenticationBuilder(new ClaimBuilder(claim).setClientId(
- clientId).build()).setExpiration(tokenExpiration()).build();
- ServiceLocator.getInstance().getTokenStore().put(token, auth);
-
- OAuthResponse r = OAuthASResponse.tokenResponse(SC_CREATED).setAccessToken(token)
- .setTokenType(TokenType.BEARER.toString())
- .setExpiresIn(Long.toString(auth.expiration()))
- .buildJSONMessage();
- write(resp, r);
- }
-
- // Token expiration
- private long tokenExpiration() {
- return ServiceLocator.getInstance().getTokenStore().tokenExpiration();
- }
-
- // Emit an error OAuthResponse with the given HTTP code
- private void error(HttpServletResponse resp, int httpCode, String error) {
- try {
- OAuthResponse r = OAuthResponse.errorResponse(httpCode).setError(error)
- .buildJSONMessage();
- write(resp, r);
- } catch (Exception e1) {
- // Nothing to do here
- }
- }
-
- // Emit an error OAuthResponse for the given OAuth-related exception
- private void error(HttpServletResponse resp, OAuthProblemException e) {
- try {
- OAuthResponse r = OAuthResponse.errorResponse(SC_BAD_REQUEST).error(e)
- .buildJSONMessage();
- write(resp, r);
- } catch (Exception e1) {
- // Nothing to do here
- }
- }
-
- // Emit an error OAuthResponse for the given generic exception
- private void error(HttpServletResponse resp, Exception e) {
- try {
- OAuthResponse r = OAuthResponse.errorResponse(SC_INTERNAL_SERVER_ERROR)
- .setError(e.getClass().getName())
- .setErrorDescription(e.getMessage()).buildJSONMessage();
- write(resp, r);
- } catch (Exception e1) {
- // Nothing to do here
- }
- }
-
- // Write out an OAuthResponse
- private void write(HttpServletResponse resp, OAuthResponse r) throws IOException {
- resp.setStatus(r.getResponseStatus());
- PrintWriter pw = resp.getWriter();
- pw.print(r.getBody());
- pw.flush();
- pw.close();
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/main/resources/WEB-INF/web.xml b/odl-aaa-moon/aaa-authn-sts/src/main/resources/WEB-INF/web.xml
deleted file mode 100644
index 83a9fa51..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/main/resources/WEB-INF/web.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
-
- <servlet>
- <servlet-name>STS</servlet-name>
- <servlet-class>org.opendaylight.aaa.sts.TokenEndpoint</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>STS</servlet-name>
- <url-pattern>/token</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>STS</servlet-name>
- <url-pattern>/revoke</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>STS</servlet-name>
- <url-pattern>/validate</url-pattern>
- </servlet-mapping>
-</web-app>
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java
deleted file mode 100644
index 0f806d91..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-
-/**
- * Fixture for testing RESTful stuff.
- *
- * @author liemmn
- *
- */
-@Path("test")
-public class RestFixture {
-
- @Context
- private HttpServletRequest httpRequest;
-
- @GET
- @Produces("text/plain")
- public String msg() {
- return "ok";
- }
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java
deleted file mode 100644
index 7f888455..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.mockito.Matchers.anyMap;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.UniformInterfaceException;
-import com.sun.jersey.test.framework.JerseyTest;
-import com.sun.jersey.test.framework.WebAppDescriptor;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.opendaylight.aaa.AuthenticationBuilder;
-import org.opendaylight.aaa.ClaimBuilder;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.TokenAuth;
-import org.opendaylight.aaa.api.TokenStore;
-import org.opendaylight.aaa.sts.TokenAuthFilter.UnauthorizedException;
-
-public class TokenAuthTest extends JerseyTest {
-
- private static final String RS_PACKAGES = "org.opendaylight.aaa.sts";
- private static final String JERSEY_FILTERS = "com.sun.jersey.spi.container.ContainerRequestFilters";
- private static final String AUTH_FILTERS = TokenAuthFilter.class.getName();
-
- private static Authentication auth = new AuthenticationBuilder(new ClaimBuilder().setUserId(
- "1234").setUser("Bob").addRole("admin").addRole("user").setDomain("tenantX").build()).setExpiration(
- System.currentTimeMillis() + 1000).build();
-
- private static final String GOOD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a61193e2b60";
- private static final String BAD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a611badbeef";
-
- public TokenAuthTest() throws Exception {
- super(new WebAppDescriptor.Builder(RS_PACKAGES).initParam(JERSEY_FILTERS, AUTH_FILTERS)
- .build());
- }
-
- @BeforeClass
- public static void init() {
- ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class));
- ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class));
- when(ServiceLocator.getInstance().getTokenStore().get(GOOD_TOKEN)).thenReturn(auth);
- when(ServiceLocator.getInstance().getTokenStore().get(BAD_TOKEN)).thenReturn(null);
- when(ServiceLocator.getInstance().getAuthenticationService().isAuthEnabled()).thenReturn(
- Boolean.TRUE);
- }
-
- @Test()
- public void testGetUnauthorized() {
- try {
- resource().path("test").get(String.class);
- fail("Shoulda failed with 401!");
- } catch (UniformInterfaceException e) {
- ClientResponse resp = e.getResponse();
- assertEquals(401, resp.getStatus());
- assertTrue(resp.getHeaders().get(UnauthorizedException.WWW_AUTHENTICATE)
- .contains(UnauthorizedException.OPENDAYLIGHT));
- }
- }
-
- @Test
- public void testGet() {
- String resp = resource().path("test").header("Authorization", "Bearer " + GOOD_TOKEN)
- .get(String.class);
- assertEquals("ok", resp);
- }
-
- @SuppressWarnings("unchecked")
- @Test
- public void testGetWithValidator() {
- try {
- // Mock a laxed tokenauth...
- TokenAuth ta = mock(TokenAuth.class);
- when(ta.validate(anyMap())).thenReturn(auth);
- ServiceLocator.getInstance().getTokenAuthCollection().add(ta);
- testGet();
- } finally {
- ServiceLocator.getInstance().getTokenAuthCollection().clear();
- }
- }
-
-}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java
deleted file mode 100644
index 06dd6302..00000000
--- a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.sts;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.util.Arrays;
-import org.eclipse.jetty.testing.HttpTester;
-import org.eclipse.jetty.testing.ServletTester;
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.opendaylight.aaa.AuthenticationBuilder;
-import org.opendaylight.aaa.ClaimBuilder;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.api.Claim;
-import org.opendaylight.aaa.api.ClientService;
-import org.opendaylight.aaa.api.CredentialAuth;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.aaa.api.PasswordCredentials;
-import org.opendaylight.aaa.api.TokenAuth;
-import org.opendaylight.aaa.api.TokenStore;
-
-/**
- * A unit test for token endpoint.
- *
- * @author liemmn
- *
- */
-public class TokenEndpointTest {
- private static final long TOKEN_TIMEOUT_SECS = 10;
- private static final String CONTEXT = "/oauth2";
- private static final String DIRECT_AUTH = "grant_type=password&username=admin&password=admin&scope=pepsi&client_id=dlux&client_secret=secrete";
- private static final String REFRESH_TOKEN = "grant_type=refresh_token&refresh_token=whateverisgood&scope=pepsi";
-
- private static final Claim claim = new ClaimBuilder().setUser("bob").setUserId("1234")
- .addRole("admin").build();
- private final static ServletTester server = new ServletTester();
-
- @BeforeClass
- public static void init() throws Exception {
- // Set up server
- server.setContextPath(CONTEXT);
-
- // Add our servlet under test
- server.addServlet(TokenEndpoint.class, "/revoke");
- server.addServlet(TokenEndpoint.class, "/token");
-
- // Let's do dis
- server.start();
- }
-
- @AfterClass
- public static void shutdown() throws Exception {
- server.stop();
- }
-
- @Before
- public void setup() {
- mockServiceLocator();
- when(ServiceLocator.getInstance().getTokenStore().tokenExpiration()).thenReturn(
- TOKEN_TIMEOUT_SECS);
- }
-
- @After
- public void teardown() {
- ServiceLocator.getInstance().getTokenAuthCollection().clear();
- }
-
- @Test
- public void testCreateToken401() throws Exception {
- HttpTester req = new HttpTester();
- req.setMethod("POST");
- req.setHeader("Content-Type", "application/x-www-form-urlencoded");
- req.setContent(DIRECT_AUTH);
- req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
- req.setVersion("HTTP/1.0");
-
- HttpTester resp = new HttpTester();
- resp.parse(server.getResponses(req.generate()));
- assertEquals(401, resp.getStatus());
- }
-
- @Test
- public void testCreateTokenWithPassword() throws Exception {
- when(
- ServiceLocator.getInstance().getCredentialAuth()
- .authenticate(any(PasswordCredentials.class))).thenReturn(claim);
-
- HttpTester req = new HttpTester();
- req.setMethod("POST");
- req.setHeader("Content-Type", "application/x-www-form-urlencoded");
- req.setContent(DIRECT_AUTH);
- req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
- req.setVersion("HTTP/1.0");
-
- HttpTester resp = new HttpTester();
- resp.parse(server.getResponses(req.generate()));
- assertEquals(201, resp.getStatus());
- assertTrue(resp.getContent().contains("expires_in\":10"));
- assertTrue(resp.getContent().contains("Bearer"));
- }
-
- @Test
- public void testCreateTokenWithRefreshToken() throws Exception {
- when(ServiceLocator.getInstance().getTokenStore().get(anyString())).thenReturn(
- new AuthenticationBuilder(claim).build());
- when(ServiceLocator.getInstance().getIdmService().listRoles(anyString(), anyString())).thenReturn(
- Arrays.asList("admin", "user"));
-
- HttpTester req = new HttpTester();
- req.setMethod("POST");
- req.setHeader("Content-Type", "application/x-www-form-urlencoded");
- req.setContent(REFRESH_TOKEN);
- req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
- req.setVersion("HTTP/1.0");
-
- HttpTester resp = new HttpTester();
- resp.parse(server.getResponses(req.generate()));
- assertEquals(201, resp.getStatus());
- assertTrue(resp.getContent().contains("expires_in\":10"));
- assertTrue(resp.getContent().contains("Bearer"));
- }
-
- @Test
- public void testDeleteToken() throws Exception {
- when(ServiceLocator.getInstance().getTokenStore().delete("token_to_be_deleted")).thenReturn(
- true);
-
- HttpTester req = new HttpTester();
- req.setMethod("POST");
- req.setHeader("Content-Type", "application/x-www-form-urlencoded");
- req.setContent("token_to_be_deleted");
- req.setURI(CONTEXT + TokenEndpoint.TOKEN_REVOKE_ENDPOINT);
- req.setVersion("HTTP/1.0");
-
- HttpTester resp = new HttpTester();
- resp.parse(server.getResponses(req.generate()));
- assertEquals(204, resp.getStatus());
- }
-
- @SuppressWarnings("unchecked")
- private static void mockServiceLocator() {
- ServiceLocator.getInstance().setClientService(mock(ClientService.class));
- ServiceLocator.getInstance().setIdmService(mock(IdMService.class));
- ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class));
- ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class));
- ServiceLocator.getInstance().setCredentialAuth(mock(CredentialAuth.class));
- ServiceLocator.getInstance().getTokenAuthCollection().add(mock(TokenAuth.class));
- }
-}