Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 4e070f41d -> bf3e0eb2d
Adding some audience system tests # Conflicts: # systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8e905c6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8e905c6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8e905c6 Branch: refs/heads/3.0.x-fixes Commit: f8e905c67aaf98c90c8e1a62c59d56191be2cb11 Parents: 4e070f4 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Jan 26 16:58:18 2016 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Jan 26 17:06:50 2016 +0000 ---------------------------------------------------------------------- .../oauth2/common/CallbackHandlerImpl.java | 3 +- .../security/oauth2/common/OAuth2TestUtils.java | 18 ++++- .../oauth2/common/OAuthDataProviderImpl.java | 27 ++++++- .../oauth2/filters/OAuth2FiltersTest.java | 80 ++++++++++++++++++++ .../grants/AuthorizationGrantNegativeTest.java | 35 +++++++++ .../oauth2/grants/AuthorizationGrantTest.java | 35 +++++++++ .../security/oauth2/filters/oauth20-server.xml | 4 +- .../oauth2/grants/grants-negative-server.xml | 4 +- .../security/oauth2/grants/grants-server.xml | 4 +- .../jaxrs/security/oauth2/grants/server.xml | 4 +- 10 files changed, 206 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java index 159740c..c8ce14d 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/CallbackHandlerImpl.java @@ -39,7 +39,8 @@ public class CallbackHandlerImpl implements CallbackHandler { } else if ("bob".equals(pc.getIdentifier())) { pc.setPassword("security"); break; - } else if ("consumer-id".equals(pc.getIdentifier())) { + } else if (pc.getIdentifier() != null + && pc.getIdentifier().startsWith("consumer-id")) { pc.setPassword("this-is-a-secret"); break; } else if ("service".equals(pc.getIdentifier())) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index bef919e..166f996 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -50,9 +50,13 @@ public final class OAuth2TestUtils { } public static String getAuthorizationCode(WebClient client, String scope) { + return getAuthorizationCode(client, scope, "consumer-id"); + } + + public static String getAuthorizationCode(WebClient client, String scope, String consumerId) { // Make initial authorization request client.type("application/json").accept("application/json"); - client.query("client_id", "consumer-id"); + client.query("client_id", consumerId); client.query("redirect_uri", "http://www.blah.apache.org"); client.query("response_type", "code"); if (scope != null) { @@ -82,13 +86,23 @@ public final class OAuth2TestUtils { } public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, String code) { + return getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null); + } + + public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, + String code, + String consumerId, + String audience) { client.type("application/x-www-form-urlencoded").accept("application/json"); client.path("token"); Form form = new Form(); form.param("grant_type", "authorization_code"); form.param("code", code); - form.param("client_id", "consumer-id"); + form.param("client_id", consumerId); + if (audience != null) { + form.param("audience", audience); + } Response response = client.post(form); return response.readEntity(ClientAccessToken.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java index 67bcde6..41bff6e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java @@ -37,7 +37,7 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; */ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { - public OAuthDataProviderImpl() throws Exception { + public OAuthDataProviderImpl(String servicePort) throws Exception { // filters/grants test client Client client = new Client("consumer-id", "this-is-a-secret", true); client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); @@ -59,6 +59,31 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { this.setClient(client); + // Audience test client + client = new Client("consumer-id-aud", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/secured/bookstore/books"); + client.getRegisteredAudiences().add("https://127.0.0.1/test"); + + this.setClient(client); + + // Audience test client 2 + client = new Client("consumer-id-aud2", "this-is-a-secret", true); + client.setRedirectUris(Collections.singletonList("http://www.blah.apache.org")); + + client.getAllowedGrantTypes().add("authorization_code"); + client.getAllowedGrantTypes().add("refresh_token"); + + client.getRegisteredAudiences().add("https://localhost:" + servicePort + + "/securedxyz/bookstore/books"); + + this.setClient(client); + // JAXRSOAuth2Test clients client = new Client("alice", "alice", true); client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT); http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java index f79ba49..bae918e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.java @@ -286,5 +286,85 @@ public class OAuth2FiltersTest extends AbstractBusClientServerTestBase { assertEquals(returnedBook.getName(), "book"); assertEquals(returnedBook.getId(), 123L); } + + @org.junit.Test + public void testServiceWithTokenUsingAudience() throws Exception { + URL busFile = OAuth2FiltersTest.class.getResource("client.xml"); + + // Get Authorization Code + String oauthService = "https://localhost:" + OAUTH_PORT + "/services/"; + + WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String address = "https://localhost:" + PORT + "/secured/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code, + "consumer-id-aud", address); + assertNotNull(accessToken.getTokenKey()); + + // Now invoke on the service with the access token + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + busFile.toString()); + client.header("Authorization", "Bearer " + accessToken.getTokenKey()); + + Response response = client.post(new Book("book", 123L)); + assertEquals(response.getStatus(), 200); + + Book returnedBook = response.readEntity(Book.class); + assertEquals(returnedBook.getName(), "book"); + assertEquals(returnedBook.getId(), 123L); + } + + @org.junit.Test + public void testServiceWithTokenUsingIncorrectAudience() throws Exception { + URL busFile = OAuth2FiltersTest.class.getResource("client.xml"); + + // Get Authorization Code + String oauthService = "https://localhost:" + OAUTH_PORT + "/services/"; + + WebClient oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String code = OAuth2TestUtils.getAuthorizationCode(oauthClient, null, "consumer-id-aud2"); + assertNotNull(code); + + // Now get the access token + oauthClient = WebClient.create(oauthService, OAuth2TestUtils.setupProviders(), + "consumer-id-aud2", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(oauthClient).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String address = "https://localhost:" + PORT + "/securedxyz/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(oauthClient, code, + "consumer-id-aud2", address); + assertNotNull(accessToken.getTokenKey()); + + // Now invoke on the service with the access token + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + busFile.toString()); + client.header("Authorization", "Bearer " + accessToken.getTokenKey()); + + Response response = client.post(new Book("book", 123L)); + assertNotEquals(response.getStatus(), 200); + } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java index 1274a3f..3bf0457 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.TestUtil; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.SAMLUtil; import org.apache.wss4j.common.saml.SamlAssertionWrapper; @@ -42,6 +43,7 @@ import org.junit.BeforeClass; */ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerOAuth2GrantsNegative.PORT; + public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2-negative"); @BeforeClass public static void startServers() throws Exception { @@ -454,6 +456,39 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB } } + @org.junit.Test + public void testAuthorizationCodeGrantWithUnknownAudience() throws Exception { + URL busFile = AuthorizationGrantTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Unknown audience (missing port number) + String audience = "https://localhost:/secured/bookstore/books"; + try { + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, + "consumer-id-aud", audience); + fail("Failure expected on an unknown audience"); + } catch (Exception ex) { + // expected + } + } + // // SAML Authorization grants // http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java index fdc8937..abdd55e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.TestUtil; import org.junit.BeforeClass; /** @@ -37,6 +38,7 @@ import org.junit.BeforeClass; */ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerOAuth2Grants.PORT; + public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-grants2"); @BeforeClass public static void startServers() throws Exception { @@ -180,6 +182,35 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code); assertNotNull(accessToken.getTokenKey()); } + + @org.junit.Test + public void testAuthorizationCodeGrantWithAudience() throws Exception { + URL busFile = AuthorizationGrantTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String code = OAuth2TestUtils.getAuthorizationCode(client, null, "consumer-id-aud"); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id-aud", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + String audience = "https://localhost:" + PORT2 + "/secured/bookstore/books"; + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, + "consumer-id-aud", audience); + assertNotNull(accessToken.getTokenKey()); + } @org.junit.Test public void testImplicitGrant() throws Exception { @@ -318,6 +349,10 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { assertNotNull(accessToken.getTokenKey()); assertNotNull(accessToken.getRefreshToken()); } +<<<<<<< HEAD */ +======= + +>>>>>>> dacc6f8... Adding some audience system tests } http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml index ce7a8d9..2697208 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-server.xml @@ -62,7 +62,9 @@ under the License. </httpj:engine> </httpj:engine-factory> - <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl" /> + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-filters}</value></constructor-arg> + </bean> <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> <property name="dataProvider" ref="oauthProvider"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml index 4fffc8a..a8e2b15 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-negative-server.xml @@ -62,7 +62,9 @@ under the License. </httpj:engine> </httpj:engine-factory> - <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl" /> + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2-negative}</value></constructor-arg> + </bean> <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> <property name="dataProvider" ref="oauthProvider"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml index e3efa09..47440fa 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml @@ -62,7 +62,9 @@ under the License. </httpj:engine> </httpj:engine-factory> - <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl" /> + <bean id="oauthProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl"> + <constructor-arg><value>${testutil.ports.jaxrs-oauth2-grants2}</value></constructor-arg> + </bean> <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> <property name="dataProvider" ref="oauthProvider"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/f8e905c6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml index 21e09b1..c494642 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/server.xml @@ -58,7 +58,9 @@ under the License. </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> - <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl"/> + <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuthDataProviderImpl"> + <constructor-arg><value>12345</value></constructor-arg> + </bean> <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"> <property name="dataProvider" ref="dataProvider"/> </bean>