[SCB-1365]demonstrates access token & id token authentication
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
index 03ee62e..dad8891 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
@@ -22,13 +22,15 @@
public static final String HTTP_HEADER_AUTHORIZATION = "Authorization";
+ public static final String HTTP_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE";
+
public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization";
public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE";
- public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN";
+ public static final String AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN";
- public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN = "SESSION_TOKEN";
+ public static final String AUTHORIZATION_TYPE_ACCESS_TOKEN = "ACCESS_TOKEN";
public static final String CONTEXT_HEADER_CLAIMS = "Claims";
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
index e99e90c..b91d75f 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
@@ -41,7 +41,7 @@
OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
- if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
+ if (CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
JWTToken jwtToken = openIDTokenStore.createIDTokenByValue(token);
if (jwtToken == null || jwtToken.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "token expired or not valid."));
@@ -51,7 +51,7 @@
// send id_token to services to apply state less validation
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
invocation.next(asyncResponse);
- } else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) {
+ } else if (CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN.equals(tokenType)) {
CompletableFuture<OpenIDToken> openIDTokenFuture = openIDTokenStore.readTokenByAccessToken(token);
openIDTokenFuture.whenComplete((res, ex) -> {
if (openIDTokenFuture.isCompletedExceptionally() || res == null || res.isExpired()) {
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
index 8a31649..56733c3 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
@@ -32,16 +32,15 @@
@Override
public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) {
- // Now support bearer id tokens authentication
- // TODO : add support for Cookies session tokens.
String authentication = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION);
+ String type = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION_TYPE);
if (authentication != null) {
String[] tokens = authentication.split(" ");
if (tokens.length == 2) {
if (tokens[0].equals(CommonConstants.TOKEN_TYPE_BEARER)) {
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]);
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE,
- CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN);
+ type == null ? CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN : type);
}
}
}
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
index 7acb34d..357e3c1 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
@@ -31,16 +31,24 @@
public class AuthenticationTestCase implements TestCase {
@Override
public void run() {
- String idToken = idToken();
- testHanlderAuth(idToken);
- testMethodAuth(idToken);
+ TokenResponse token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), null);
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
+ testMethodAuth(token.getAccess_token(), null);
+ testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
- idToken = idTokenByRefreshToken();
- testHanlderAuth(idToken);
- testMethodAuth(idToken);
+ token = getTokenByRefreshToken();
+ testHanlderAuth(token.getAccess_token(), null);
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
+ testMethodAuth(token.getAccess_token(), null);
+ testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
}
- private String idToken() {
+ private TokenResponse getTokenByPassword() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -56,10 +64,10 @@
TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(true, token.getId_token().length() > 10);
TestMgr.check(600, token.getExpires_in());
- return token.getId_token();
+ return token;
}
- private String idTokenByRefreshToken() {
+ private TokenResponse getTokenByRefreshToken() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -89,14 +97,17 @@
TestMgr.check(token.getAccess_token().equals(tokenNew.getAccess_token()), false);
TestMgr.check(token.getId_token().equals(tokenNew.getId_token()), false);
- return tokenNew.getId_token();
+ return tokenNew;
}
- private void testHanlderAuth(String accessToken) {
+ private void testHanlderAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
headers.setContentType(MediaType.APPLICATION_JSON);
String name;
name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",
@@ -126,11 +137,14 @@
TestMgr.check(null, name);
}
- private void testMethodAuth(String accessToken) {
+ private void testMethodAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
headers.setContentType(MediaType.APPLICATION_JSON);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
String name;
name = BootEventListener.resouceServerMethodAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",
new HttpEntity<>(headers),
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
index 766aba0..2a95b1e 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
@@ -31,11 +31,18 @@
public class TokenExpireTestCase implements TestCase {
@Override
public void run() {
- String idToken = idToken();
- testHanlderAuth(idToken);
+ // This test case will wait expiration for 3 seconds per run. Do not give too much tests.
+ TokenResponse token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), null);
+ // expired. create new for next test.
+ token = getTokenByPassword();
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ // expired. create new for next test.
+ token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
}
- private String idToken() {
+ private TokenResponse getTokenByPassword() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -51,14 +58,17 @@
TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(3, token.getExpires_in());
TestMgr.check(true, token.getId_token().length() > 10);
- return token.getId_token();
+ return token;
}
- private void testHanlderAuth(String accessToken) {
+ private void testHanlderAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
headers.setContentType(MediaType.APPLICATION_JSON);
String name;
name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",