From fd7c6cbaf8b525271e039e9b75c456ef79cf93c8 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Thu, 4 Feb 2021 21:13:54 +0200 Subject: [PATCH] (4.2.3) added basic and post client authentication for stat https://github.com/GluuFederation/oxAuth/issues/1512 --- .../oxauth/client/service/StatService.java | 9 +++++---- .../oxauth/ws/rs/internal/StatWSTest.java | 19 ++++++++++++++++++- .../oxauth/auth/AuthenticationFilter.java | 1 + .../org/gluu/oxauth/auth/Authenticator.java | 1 + 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java b/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java index 34e0e41f92..cbbf8b0751 100644 --- a/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java +++ b/Client/src/main/java/org/gluu/oxauth/client/service/StatService.java @@ -2,10 +2,7 @@ import com.fasterxml.jackson.databind.JsonNode; -import javax.ws.rs.GET; -import javax.ws.rs.HeaderParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.MediaType; /** @@ -15,4 +12,8 @@ public interface StatService { @GET @Produces({MediaType.APPLICATION_JSON}) JsonNode stat(@HeaderParam("Authorization") String authorization, @QueryParam("month") String month); + + @POST + @Produces({MediaType.APPLICATION_JSON}) + JsonNode stat(@HeaderParam("Authorization") String authorization, @FormParam("month") String month, @FormParam("client_id") String clientId, @FormParam("client_secret") String clientSecret); } diff --git a/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java b/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java index 04929b5cf9..74e1c36b87 100644 --- a/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java +++ b/Client/src/test/java/org/gluu/oxauth/ws/rs/internal/StatWSTest.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.databind.JsonNode; import org.gluu.oxauth.BaseTest; +import org.gluu.oxauth.client.BaseRequest; import org.gluu.oxauth.client.service.ClientFactory; import org.gluu.oxauth.client.service.StatService; import org.gluu.oxauth.client.uma.wrapper.UmaClient; @@ -23,6 +24,22 @@ public void stat(final String umaPatClientId, final String umaPatClientSecret) t final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat"); final JsonNode node = service.stat("Bearer " + authorization.getAccessToken(), "202101"); - assertTrue(node != null && node.isArray()); + assertTrue(node != null && node.hasNonNull("response")); + } + + @Test + @Parameters({"umaPatClientId", "umaPatClientSecret"}) + public void statBasic(final String umaPatClientId, final String umaPatClientSecret) throws Exception { + final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat"); + final JsonNode node = service.stat("Basic " + BaseRequest.getEncodedCredentials(umaPatClientId, umaPatClientSecret), "202101"); + assertTrue(node != null && node.hasNonNull("response")); + } + + @Test + @Parameters({"umaPatClientId", "umaPatClientSecret"}) + public void statPost(final String umaPatClientId, final String umaPatClientSecret) throws Exception { + final StatService service = ClientFactory.instance().createStatService(issuer + "/oxauth/restv1/internal/stat"); + final JsonNode node = service.stat(null, "202101", umaPatClientId, umaPatClientSecret); + assertTrue(node != null && node.hasNonNull("response")); } } diff --git a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java index eeee456343..b3f2304c80 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java @@ -323,6 +323,7 @@ private void processBasicAuth(HttpServletRequest servletRequest, HttpServletResp || servletRequest.getRequestURI().endsWith("/revoke_session") || servletRequest.getRequestURI().endsWith("/userinfo") || servletRequest.getRequestURI().endsWith("/bc-authorize") + || servletRequest.getRequestURI().endsWith("/stat") || servletRequest.getRequestURI().endsWith("/device_authorization")) { Client client = clientService.getClient(username); if (client == null diff --git a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java index 3b238c379f..0d4a3f003f 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java @@ -194,6 +194,7 @@ public String authenticateImpl(HttpServletRequest servletRequest, boolean intera || servletRequest.getRequestURI().endsWith("/revoke") || servletRequest.getRequestURI().endsWith("/revoke_session") || servletRequest.getRequestURI().endsWith("/userinfo") + || servletRequest.getRequestURI().endsWith("/stat") || servletRequest.getRequestURI().endsWith("/bc-authorize") || servletRequest.getRequestURI().endsWith("/device_authorization")))) { boolean authenticated = clientAuthentication(credentials, interactive, skipPassword);