diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/JWTBroker.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/JWTBroker.java index 71ea0d0548..2779f5a586 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/JWTBroker.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/JWTBroker.java @@ -49,10 +49,15 @@ public abstract class JWTBroker implements TokenBroker { private static final String CLAIM_KEY_SCOPE = "scope"; private final PolarisMetaStoreManager metaStoreManager; + private final PolarisCallContext polarisCallContext; private final int maxTokenGenerationInSeconds; - JWTBroker(PolarisMetaStoreManager metaStoreManager, int maxTokenGenerationInSeconds) { + JWTBroker( + PolarisMetaStoreManager metaStoreManager, + PolarisCallContext polarisCallContext, + int maxTokenGenerationInSeconds) { this.metaStoreManager = metaStoreManager; + this.polarisCallContext = polarisCallContext; this.maxTokenGenerationInSeconds = maxTokenGenerationInSeconds; } @@ -86,7 +91,6 @@ public TokenResponse generateFromToken( String subjectToken, String grantType, String scope, - PolarisCallContext polarisCallContext, TokenType requestedTokenType) { if (requestedTokenType != null && !TokenType.ACCESS_TOKEN.equals(requestedTokenType)) { return TokenResponse.of(OAuthError.invalid_request); @@ -125,7 +129,6 @@ public TokenResponse generateFromClientSecrets( String clientSecret, String grantType, String scope, - PolarisCallContext polarisCallContext, TokenType requestedTokenType) { // Initial sanity checks TokenRequestValidator validator = new TokenRequestValidator(); @@ -135,8 +138,7 @@ public TokenResponse generateFromClientSecrets( return TokenResponse.of(initialValidationResponse.get()); } - Optional principal = - findPrincipalEntity(clientId, clientSecret, polarisCallContext); + Optional principal = findPrincipalEntity(clientId, clientSecret); if (principal.isEmpty()) { return TokenResponse.of(OAuthError.unauthorized_client); } @@ -176,8 +178,7 @@ private String scopes(String scope) { return scope == null || scope.isBlank() ? DefaultAuthenticator.PRINCIPAL_ROLE_ALL : scope; } - private Optional findPrincipalEntity( - String clientId, String clientSecret, PolarisCallContext polarisCallContext) { + private Optional findPrincipalEntity(String clientId, String clientSecret) { // Validate the principal is present and secrets match PrincipalSecretsResult principalSecrets = metaStoreManager.loadPrincipalSecrets(polarisCallContext, clientId); diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBroker.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBroker.java index a2d903f6e7..f70623f02a 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBroker.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBroker.java @@ -21,6 +21,7 @@ import com.auth0.jwt.algorithms.Algorithm; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; +import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; /** Generates a JWT using a Public/Private RSA Key */ @@ -30,9 +31,10 @@ public class RSAKeyPairJWTBroker extends JWTBroker { RSAKeyPairJWTBroker( PolarisMetaStoreManager metaStoreManager, + PolarisCallContext polarisCallContext, int maxTokenGenerationInSeconds, KeyProvider keyProvider) { - super(metaStoreManager, maxTokenGenerationInSeconds); + super(metaStoreManager, polarisCallContext, maxTokenGenerationInSeconds); this.keyProvider = keyProvider; } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerFactory.java index 74b4f90ef8..6a6c81bb0f 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerFactory.java @@ -25,8 +25,8 @@ import java.time.Duration; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; +import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.context.RealmContext; -import org.apache.polaris.core.persistence.MetaStoreManagerFactory; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; import org.apache.polaris.service.auth.AuthenticationConfiguration; import org.apache.polaris.service.auth.AuthenticationRealmConfiguration; @@ -36,38 +36,32 @@ @Identifier("rsa-key-pair") public class RSAKeyPairJWTBrokerFactory implements TokenBrokerFactory { - private final MetaStoreManagerFactory metaStoreManagerFactory; private final AuthenticationConfiguration authenticationConfiguration; - private final ConcurrentMap tokenBrokers = new ConcurrentHashMap<>(); + private final ConcurrentMap keyProviders = new ConcurrentHashMap<>(); @Inject - public RSAKeyPairJWTBrokerFactory( - MetaStoreManagerFactory metaStoreManagerFactory, - AuthenticationConfiguration authenticationConfiguration) { - this.metaStoreManagerFactory = metaStoreManagerFactory; + public RSAKeyPairJWTBrokerFactory(AuthenticationConfiguration authenticationConfiguration) { this.authenticationConfiguration = authenticationConfiguration; } @Override - public TokenBroker apply(RealmContext realmContext) { - return tokenBrokers.computeIfAbsent( - realmContext.getRealmIdentifier(), k -> createTokenBroker(realmContext)); - } - - private RSAKeyPairJWTBroker createTokenBroker(RealmContext realmContext) { + public TokenBroker create( + PolarisMetaStoreManager metaStoreManager, PolarisCallContext polarisCallContext) { + RealmContext realmContext = polarisCallContext.getRealmContext(); AuthenticationRealmConfiguration config = authenticationConfiguration.forRealm(realmContext); Duration maxTokenGeneration = config.tokenBroker().maxTokenGeneration(); KeyProvider keyProvider = - config - .tokenBroker() - .rsaKeyPair() - .map(this::fileSystemKeyPair) - .orElseGet(this::generateEphemeralKeyPair); - PolarisMetaStoreManager metaStoreManager = - metaStoreManagerFactory.getOrCreateMetaStoreManager(realmContext); + keyProviders.computeIfAbsent( + realmContext.getRealmIdentifier(), + k -> + config + .tokenBroker() + .rsaKeyPair() + .map(this::fileSystemKeyPair) + .orElseGet(this::generateEphemeralKeyPair)); return new RSAKeyPairJWTBroker( - metaStoreManager, (int) maxTokenGeneration.toSeconds(), keyProvider); + metaStoreManager, polarisCallContext, (int) maxTokenGeneration.toSeconds(), keyProvider); } private KeyProvider fileSystemKeyPair(RSAKeyPairConfiguration config) { diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBroker.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBroker.java index 0ca456f264..98315fdd04 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBroker.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBroker.java @@ -20,6 +20,7 @@ import com.auth0.jwt.algorithms.Algorithm; import java.util.function.Supplier; +import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; /** Generates a JWT using a Symmetric Key. */ @@ -28,9 +29,10 @@ public class SymmetricKeyJWTBroker extends JWTBroker { public SymmetricKeyJWTBroker( PolarisMetaStoreManager metaStoreManager, + PolarisCallContext polarisCallContext, int maxTokenGenerationInSeconds, Supplier secretSupplier) { - super(metaStoreManager, maxTokenGenerationInSeconds); + super(metaStoreManager, polarisCallContext, maxTokenGenerationInSeconds); this.secretSupplier = secretSupplier; } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBrokerFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBrokerFactory.java index 302b32393f..b8fb3176ce 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBrokerFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/SymmetricKeyJWTBrokerFactory.java @@ -27,11 +27,13 @@ import java.nio.file.Files; import java.nio.file.Path; import java.time.Duration; +import java.util.Objects; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; import java.util.function.Supplier; +import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.context.RealmContext; -import org.apache.polaris.core.persistence.MetaStoreManagerFactory; +import org.apache.polaris.core.persistence.PolarisMetaStoreManager; import org.apache.polaris.service.auth.AuthenticationConfiguration; import org.apache.polaris.service.auth.AuthenticationRealmConfiguration; import org.apache.polaris.service.auth.AuthenticationRealmConfiguration.TokenBrokerConfiguration.SymmetricKeyConfiguration; @@ -40,51 +42,46 @@ @Identifier("symmetric-key") public class SymmetricKeyJWTBrokerFactory implements TokenBrokerFactory { - private final MetaStoreManagerFactory metaStoreManagerFactory; private final AuthenticationConfiguration authenticationConfiguration; - private final ConcurrentMap tokenBrokers = - new ConcurrentHashMap<>(); + private final ConcurrentMap> secretSuppliers = new ConcurrentHashMap<>(); @Inject - public SymmetricKeyJWTBrokerFactory( - MetaStoreManagerFactory metaStoreManagerFactory, - AuthenticationConfiguration authenticationConfiguration) { - this.metaStoreManagerFactory = metaStoreManagerFactory; + public SymmetricKeyJWTBrokerFactory(AuthenticationConfiguration authenticationConfiguration) { this.authenticationConfiguration = authenticationConfiguration; } @Override - public TokenBroker apply(RealmContext realmContext) { - return tokenBrokers.computeIfAbsent( - realmContext.getRealmIdentifier(), k -> createTokenBroker(realmContext)); - } - - private SymmetricKeyJWTBroker createTokenBroker(RealmContext realmContext) { + public TokenBroker create( + PolarisMetaStoreManager metaStoreManager, PolarisCallContext polarisCallContext) { + RealmContext realmContext = polarisCallContext.getRealmContext(); AuthenticationRealmConfiguration config = authenticationConfiguration.forRealm(realmContext); Duration maxTokenGeneration = config.tokenBroker().maxTokenGeneration(); - SymmetricKeyConfiguration symmetricKeyConfiguration = - config - .tokenBroker() - .symmetricKey() - .orElseThrow(() -> new IllegalStateException("Symmetric key configuration is missing")); - String secret = symmetricKeyConfiguration.secret().orElse(null); - Path file = symmetricKeyConfiguration.file().orElse(null); - checkState(secret != null || file != null, "Either file or secret must be set"); - Supplier secretSupplier = secret != null ? () -> secret : readSecretFromDisk(file); + Supplier secretSupplier = + secretSuppliers.computeIfAbsent( + realmContext.getRealmIdentifier(), + k -> { + SymmetricKeyConfiguration symmetricKeyConfiguration = + config + .tokenBroker() + .symmetricKey() + .orElseThrow( + () -> + new IllegalStateException("Symmetric key configuration is missing")); + String secret = symmetricKeyConfiguration.secret().orElse(null); + Path file = symmetricKeyConfiguration.file().orElse(null); + checkState(secret != null || file != null, "Either file or secret must be set"); + return () -> Objects.requireNonNullElseGet(secret, () -> readSecretFromDisk(file)); + }); return new SymmetricKeyJWTBroker( - metaStoreManagerFactory.getOrCreateMetaStoreManager(realmContext), - (int) maxTokenGeneration.toSeconds(), - secretSupplier); + metaStoreManager, polarisCallContext, (int) maxTokenGeneration.toSeconds(), secretSupplier); } - private static Supplier readSecretFromDisk(Path file) { - return () -> { - try { - return Files.readString(file); - } catch (IOException e) { - throw new RuntimeException("Failed to read secret from file: " + file, e); - } - }; + private static String readSecretFromDisk(Path file) { + try { + return Files.readString(file); + } catch (IOException e) { + throw new RuntimeException("Failed to read secret from file: " + file, e); + } } } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBroker.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBroker.java index e35561b073..50597b006e 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBroker.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBroker.java @@ -18,7 +18,6 @@ */ package org.apache.polaris.service.auth.internal.broker; -import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.service.auth.PolarisCredential; import org.apache.polaris.service.types.TokenType; @@ -39,7 +38,6 @@ TokenResponse generateFromClientSecrets( final String clientSecret, final String grantType, final String scope, - PolarisCallContext polarisCallContext, TokenType requestedTokenType); /** @@ -52,7 +50,6 @@ TokenResponse generateFromToken( String subjectToken, final String grantType, final String scope, - PolarisCallContext polarisCallContext, TokenType requestedTokenType); /** Decodes and verifies the token, then returns the associated {@link PolarisCredential}. */ diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBrokerFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBrokerFactory.java index 52d8aa1b72..9d32267010 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBrokerFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/broker/TokenBrokerFactory.java @@ -18,11 +18,14 @@ */ package org.apache.polaris.service.auth.internal.broker; -import java.util.function.Function; -import org.apache.polaris.core.context.RealmContext; +import org.apache.polaris.core.PolarisCallContext; +import org.apache.polaris.core.persistence.PolarisMetaStoreManager; /** * Factory that creates a {@link TokenBroker} for generating and parsing. The {@link TokenBroker} is * created based on the realm context. */ -public interface TokenBrokerFactory extends Function {} +public interface TokenBrokerFactory { + TokenBroker create( + PolarisMetaStoreManager metaStoreManager, PolarisCallContext polarisCallContext); +} diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiService.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiService.java index e02f938882..8400bd327e 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiService.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiService.java @@ -27,7 +27,6 @@ import jakarta.ws.rs.core.SecurityContext; import java.util.Base64; import org.apache.iceberg.rest.responses.OAuthTokenResponse; -import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.service.auth.internal.broker.TokenBroker; import org.apache.polaris.service.auth.internal.broker.TokenResponse; @@ -49,12 +48,10 @@ public class DefaultOAuth2ApiService implements IcebergRestOAuth2ApiService { private static final String BEARER = "bearer"; private final TokenBroker tokenBroker; - private final CallContext callContext; @Inject - public DefaultOAuth2ApiService(TokenBroker tokenBroker, CallContext callContext) { + public DefaultOAuth2ApiService(TokenBroker tokenBroker) { this.tokenBroker = tokenBroker; - this.callContext = callContext; } @Override @@ -104,21 +101,11 @@ public Response getToken( if (clientSecret != null) { tokenResponse = tokenBroker.generateFromClientSecrets( - clientId, - clientSecret, - grantType, - scope, - callContext.getPolarisCallContext(), - requestedTokenType); + clientId, clientSecret, grantType, scope, requestedTokenType); } else if (subjectToken != null) { tokenResponse = tokenBroker.generateFromToken( - subjectTokenType, - subjectToken, - grantType, - scope, - callContext.getPolarisCallContext(), - requestedTokenType); + subjectTokenType, subjectToken, grantType, scope, requestedTokenType); } else { return OAuthUtils.getResponseFromError(OAuthError.invalid_request); } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java b/runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java index 13768f2ba3..080cbc5ba7 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java @@ -398,13 +398,14 @@ public IcebergRestOAuth2ApiService icebergRestOAuth2ApiService( @RequestScoped public TokenBroker tokenBroker( AuthenticationRealmConfiguration config, - RealmContext realmContext, - @Any Instance tokenBrokerFactories) { + @Any Instance tokenBrokerFactories, + PolarisMetaStoreManager polarisMetaStoreManager, + CallContext callContext) { String type = config.type() == AuthenticationType.EXTERNAL ? "none" : config.tokenBroker().type(); TokenBrokerFactory tokenBrokerFactory = tokenBrokerFactories.select(Identifier.Literal.of(type)).get(); - return tokenBrokerFactory.apply(realmContext); + return tokenBrokerFactory.create(polarisMetaStoreManager, callContext.getPolarisCallContext()); } // other beans diff --git a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/JWTSymmetricKeyGeneratorTest.java b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/JWTSymmetricKeyGeneratorTest.java index 651fc1a9d9..058542d35d 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/JWTSymmetricKeyGeneratorTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/JWTSymmetricKeyGeneratorTest.java @@ -52,14 +52,14 @@ public void testJWTSymmetricKeyGenerator() { new PrincipalEntity.Builder().setId(principalId).setName("principal").build(); Mockito.when(metastoreManager.findPrincipalById(polarisCallContext, principalId)) .thenReturn(Optional.of(principal)); - TokenBroker generator = new SymmetricKeyJWTBroker(metastoreManager, 666, () -> "polaris"); + TokenBroker generator = + new SymmetricKeyJWTBroker(metastoreManager, polarisCallContext, 666, () -> "polaris"); TokenResponse token = generator.generateFromClientSecrets( clientId, mainSecret, TokenRequestValidator.CLIENT_CREDENTIALS, "PRINCIPAL_ROLE:TEST", - polarisCallContext, TokenType.ACCESS_TOKEN); assertThat(token).isNotNull(); diff --git a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerTest.java b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerTest.java index 13bd7f3df2..32d45c1ee2 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/broker/RSAKeyPairJWTBrokerTest.java @@ -64,14 +64,14 @@ public void testSuccessfulTokenGeneration() throws Exception { Mockito.when(metastoreManager.findPrincipalById(polarisCallContext, principalId)) .thenReturn(Optional.of(principal)); KeyProvider provider = new LocalRSAKeyProvider(keyPair); - TokenBroker tokenBroker = new RSAKeyPairJWTBroker(metastoreManager, 420, provider); + TokenBroker tokenBroker = + new RSAKeyPairJWTBroker(metastoreManager, polarisCallContext, 420, provider); TokenResponse token = tokenBroker.generateFromClientSecrets( clientId, mainSecret, TokenRequestValidator.CLIENT_CREDENTIALS, scope, - polarisCallContext, TokenType.ACCESS_TOKEN); assertThat(token).isNotNull(); assertThat(token.getExpiresIn()).isEqualTo(420); diff --git a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiServiceTest.java b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiServiceTest.java index 14bcc45bb3..f8dff0269b 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiServiceTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/auth/internal/service/DefaultOAuth2ApiServiceTest.java @@ -24,15 +24,12 @@ import java.nio.charset.Charset; import java.util.Base64; import org.apache.iceberg.rest.responses.OAuthTokenResponse; -import org.apache.polaris.core.PolarisCallContext; -import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.service.auth.internal.broker.TokenBroker; import org.apache.polaris.service.auth.internal.broker.TokenResponse; import org.apache.polaris.service.types.TokenType; import org.assertj.core.api.Assertions; import org.assertj.core.api.InstanceOfAssertFactories; -import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; @@ -41,14 +38,6 @@ class DefaultOAuth2ApiServiceTest { private static final String CLIENT_CREDENTIALS = "client_credentials"; private static final String TOKEN_EXCHANGE = "urn:ietf:params:oauth:grant-type:token-exchange"; - private CallContext callContext; - - @BeforeEach - void setUp() { - callContext = Mockito.mock(CallContext.class); - when(callContext.getPolarisCallContext()).thenReturn(Mockito.mock(PolarisCallContext.class)); - } - @Test public void testNoSupportGrantType() { RealmContext realmContext = () -> "realm"; @@ -56,12 +45,7 @@ public void testNoSupportGrantType() { when(tokenBroker.supportsGrantType(CLIENT_CREDENTIALS)).thenReturn(false); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - "client", - "secret", - CLIENT_CREDENTIALS, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + "client", "secret", CLIENT_CREDENTIALS, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -71,7 +55,7 @@ public void testNoSupportGrantType() { .grantType(CLIENT_CREDENTIALS) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenErrorResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenErrorResponse.class)) @@ -85,12 +69,7 @@ public void testNoSupportRequestedTokenType() { when(tokenBroker.supportsGrantType(CLIENT_CREDENTIALS)).thenReturn(true); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(false); when(tokenBroker.generateFromClientSecrets( - "client", - "secret", - CLIENT_CREDENTIALS, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + "client", "secret", CLIENT_CREDENTIALS, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -100,7 +79,7 @@ public void testNoSupportRequestedTokenType() { .grantType(CLIENT_CREDENTIALS) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenErrorResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenErrorResponse.class)) @@ -114,12 +93,7 @@ public void testSupportClientIdNoSecret() { when(tokenBroker.supportsGrantType(CLIENT_CREDENTIALS)).thenReturn(true); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - null, - "secret", - CLIENT_CREDENTIALS, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + null, "secret", CLIENT_CREDENTIALS, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -128,7 +102,7 @@ public void testSupportClientIdNoSecret() { .grantType(CLIENT_CREDENTIALS) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenResponse.class)) @@ -142,12 +116,7 @@ public void testSupportClientIdAndSecret() { when(tokenBroker.supportsGrantType(CLIENT_CREDENTIALS)).thenReturn(true); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - "client", - "secret", - CLIENT_CREDENTIALS, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + "client", "secret", CLIENT_CREDENTIALS, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -157,7 +126,7 @@ public void testSupportClientIdAndSecret() { .grantType(CLIENT_CREDENTIALS) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenResponse.class)) @@ -171,12 +140,7 @@ public void testReadClientCredentialsFromAuthHeader() { when(tokenBroker.supportsGrantType(TOKEN_EXCHANGE)).thenReturn(true); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - "client", - "secret", - TOKEN_EXCHANGE, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + "client", "secret", TOKEN_EXCHANGE, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -188,7 +152,7 @@ public void testReadClientCredentialsFromAuthHeader() { .grantType(TOKEN_EXCHANGE) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenResponse.class)) @@ -202,12 +166,7 @@ public void testAuthHeaderRequiresValidCredentialPair() { when(tokenBroker.supportsGrantType(TOKEN_EXCHANGE)).thenReturn(true); when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - null, - "secret", - TOKEN_EXCHANGE, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + null, "secret", TOKEN_EXCHANGE, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -219,7 +178,7 @@ public void testAuthHeaderRequiresValidCredentialPair() { .grantType(TOKEN_EXCHANGE) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenErrorResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenErrorResponse.class)) @@ -234,12 +193,7 @@ public void testReadClientSecretFromAuthHeader() { when(tokenBroker.supportsRequestedTokenType(TokenType.ACCESS_TOKEN)).thenReturn(true); when(tokenBroker.generateFromClientSecrets( - "", - "secret", - TOKEN_EXCHANGE, - "scope", - callContext.getPolarisCallContext(), - TokenType.ACCESS_TOKEN)) + "", "secret", TOKEN_EXCHANGE, "scope", TokenType.ACCESS_TOKEN)) .thenReturn(TokenResponse.of("token", TokenType.ACCESS_TOKEN.getValue(), 3600)); Response response = new InvocationBuilder() @@ -253,7 +207,7 @@ public void testReadClientSecretFromAuthHeader() { .grantType(TOKEN_EXCHANGE) .requestedTokenType(TokenType.ACCESS_TOKEN) .realmContext(realmContext) - .invoke(new DefaultOAuth2ApiService(tokenBroker, callContext)); + .invoke(new DefaultOAuth2ApiService(tokenBroker)); Assertions.assertThat(response.getEntity()) .isInstanceOf(OAuthTokenResponse.class) .asInstanceOf(InstanceOfAssertFactories.type(OAuthTokenResponse.class))