MLE-18712 Can now authenticate with an OAuth token

Author: rjrudin

ml-app-deployer/src/main/java/com/marklogic/appdeployer/AppConfig.java

@@ -102,6 +102,7 @@ public class AppConfig {
 	private String restCertPassword;
 	private String restExternalName;
 	private String restSamlToken;
+	private String restOauthToken;
 	private X509TrustManager restTrustManager;
 	private boolean restUseDefaultKeystore;
 	private String restSslProtocol;
@@ -134,6 +135,7 @@ public class AppConfig {
 	private String appServicesCertPassword;
 	private String appServicesExternalName;
 	private String appServicesSamlToken;
+	private String appServicesOauthToken;
 	private X509TrustManager appServicesTrustManager;
 	private boolean appServicesUseDefaultKeystore;
 	private String appServicesSslProtocol;
@@ -421,6 +423,7 @@ public DatabaseClientConfig newRestDatabaseClientConfig(int port) {
 		config.setConnectionType(restConnectionType);
 		config.setExternalName(restExternalName);
 		config.setSamlToken(restSamlToken);
+		config.setOauthToken(restOauthToken);
 		config.setSecurityContextType(restSecurityContextType);
 		config.setCloudApiKey(cloudApiKey);
 		config.setBasePath(restBasePath);
@@ -473,6 +476,7 @@ public DatabaseClient newAppServicesDatabaseClient(String databaseName) {
 		config.setDatabase(databaseName);
 		config.setExternalName(appServicesExternalName);
 		config.setSamlToken(appServicesSamlToken);
+		config.setOauthToken(appServicesOauthToken);
 		config.setSecurityContextType(appServicesSecurityContextType);
 		config.setCloudApiKey(cloudApiKey);
 		config.setBasePath(appServicesBasePath);
@@ -1568,6 +1572,34 @@ public void setAppServicesSamlToken(String appServicesSamlToken) {
 		this.appServicesSamlToken = appServicesSamlToken;
 	}
 
+	/**
+	 * @since 6.0.0
+	 */
+	public String getRestOauthToken() {
+		return restOauthToken;
+	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public void setRestOauthToken(String restOauthToken) {
+		this.restOauthToken = restOauthToken;
+	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public String getAppServicesOauthToken() {
+		return appServicesOauthToken;
+	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public void setAppServicesOauthToken(String appServicesOauthToken) {
+		this.appServicesOauthToken = appServicesOauthToken;
+	}
+
 	public boolean isCascadeCollections() {
 		return cascadeCollections;
 	}

ml-app-deployer/src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -291,6 +291,9 @@ public void initialize() {
 		propertyConsumerMap.put("mlAppServicesSamlToken", (config, prop) -> {
 			config.setAppServicesSamlToken(prop);
 		});
+		propertyConsumerMap.put("mlAppServicesOauthToken", (config, prop) -> {
+			config.setAppServicesOauthToken(prop);
+		});
 
 		propertyConsumerMap.put("mlAppServicesSimpleSsl", (config, prop) -> {
 			if (StringUtils.hasText(prop) && !"false".equalsIgnoreCase(prop)) {
@@ -423,6 +426,9 @@ public void initialize() {
 		propertyConsumerMap.put("mlRestSamlToken", (config, prop) -> {
 			config.setRestSamlToken(prop);
 		});
+		propertyConsumerMap.put("mlRestOauthToken", (config, prop) -> {
+			config.setRestOauthToken(prop);
+		});
 		propertyConsumerMap.put("mlRestBasePath", (config, prop) -> {
 			String cloudBasePath = getProperty("mlCloudBasePath");
 			String restPath = StringUtils.hasText(cloudBasePath) ? cloudBasePath + prop : prop;

ml-app-deployer/src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java

@@ -114,6 +114,9 @@ public void initialize() {
 		propertyConsumerMap.put("mlManageSamlToken", (config, prop) -> {
 			config.setSamlToken(prop);
 		});
+		propertyConsumerMap.put("mlManageOauthToken", (config, prop) -> {
+			config.setOauthToken(prop);
+		});
 
 		propertyConsumerMap.put("mlCloudBasePath", (config, prop) -> {
 			String defaultManagePath = prop + "/manage";

ml-app-deployer/src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java

@@ -111,6 +111,9 @@ public void initialize() {
 		propertyConsumerMap.put("mlAdminSamlToken", (config, prop) -> {
 			config.setSamlToken(prop);
 		});
+		propertyConsumerMap.put("mlAdminOauthToken", (config, prop) -> {
+			config.setOauthToken(prop);
+		});
 
 		propertyConsumerMap.put("mlCloudBasePath", (config, prop) -> {
 			String defaultAdminPath = prop + "/admin";

ml-app-deployer/src/main/java/com/marklogic/rest/util/RestConfig.java

@@ -40,6 +40,7 @@ public class RestConfig {
 	private String certPassword;
 	private String externalName;
 	private String samlToken;
+	private String oauthToken;
 
 	private String basePath;
 	private String scheme = "http";
@@ -116,6 +117,7 @@ public DatabaseClientBuilder newDatabaseClientBuilder() {
 			.withCertificatePassword(getCertPassword())
 			.withKerberosPrincipal(getExternalName())
 			.withSAMLToken(getSamlToken())
+			.withOAuthToken(getOauthToken())
 			.withSSLHostnameVerifier(getSslHostnameVerifier())
 			// These 8 were added in 4.7.0. They do not conflict with the SSL config below; if the user is setting
 			// these, they won't have a reason to provide their own SSLContext nor request that the default keystore
@@ -464,4 +466,18 @@ public String getTrustStoreAlgorithm() {
 	public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
 		this.trustStoreAlgorithm = trustStoreAlgorithm;
 	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public String getOauthToken() {
+		return oauthToken;
+	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public void setOauthToken(String oauthToken) {
+		this.oauthToken = oauthToken;
+	}
 }

ml-app-deployer/src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java

@@ -782,6 +782,29 @@ void samlTokens() {
 		assertEquals("my-app-token", ((DatabaseClientFactory.SAMLAuthContext) context).getToken());
 	}
 
+	@Test
+	void oauthTokens() {
+		AppConfig config = configure(
+			"mlRestAuthentication", "oauth",
+			"mlRestOauthToken", "my-rest-token",
+			"mlAppServicesAuthentication", "oauth",
+			"mlAppServicesOauthToken", "my-app-token"
+		);
+
+		assertEquals(SecurityContextType.OAUTH, config.getRestSecurityContextType());
+		assertEquals("my-rest-token", config.getRestOauthToken());
+		assertEquals(SecurityContextType.OAUTH, config.getAppServicesSecurityContextType());
+		assertEquals("my-app-token", config.getAppServicesOauthToken());
+
+		DatabaseClientFactory.SecurityContext context = config.newDatabaseClient().getSecurityContext();
+		assertTrue(context instanceof DatabaseClientFactory.OAuthContext);
+		assertEquals("my-rest-token", ((DatabaseClientFactory.OAuthContext) context).getToken());
+
+		context = config.newAppServicesDatabaseClient("Documents").getSecurityContext();
+		assertTrue(context instanceof DatabaseClientFactory.OAuthContext);
+		assertEquals("my-app-token", ((DatabaseClientFactory.OAuthContext) context).getToken());
+	}
+
 	@Test
 	void mlAuthentication() {
 		AppConfig config = configure(

ml-app-deployer/src/test/java/com/marklogic/mgmt/DefaultManageConfigFactoryTest.java

@@ -20,11 +20,9 @@
 import com.marklogic.mgmt.util.SimplePropertySource;
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
-public class DefaultManageConfigFactoryTest  {
+class DefaultManageConfigFactoryTest {
 
 	@Test
 	public void mlUsername() {
@@ -134,7 +132,7 @@ void cloudApiKeyAndBasePath() {
 
 		DatabaseClientFactory.Bean bean = config.newDatabaseClientBuilder().buildBean();
 		assertTrue(bean.getSecurityContext() instanceof DatabaseClientFactory.MarkLogicCloudAuthContext);
-		assertEquals("my-key", ((DatabaseClientFactory.MarkLogicCloudAuthContext)bean.getSecurityContext()).getApiKey());
+		assertEquals("my-key", ((DatabaseClientFactory.MarkLogicCloudAuthContext) bean.getSecurityContext()).getApiKey());
 	}
 
 	@Test
@@ -162,7 +160,7 @@ void kerberosAuth() {
 
 		DatabaseClientFactory.Bean bean = config.newDatabaseClientBuilder().buildBean();
 		assertTrue(bean.getSecurityContext() instanceof DatabaseClientFactory.KerberosAuthContext);
-		assertEquals("my-name", ((DatabaseClientFactory.KerberosAuthContext)bean.getSecurityContext()).getKrbOptions().get("principal"));
+		assertEquals("my-name", ((DatabaseClientFactory.KerberosAuthContext) bean.getSecurityContext()).getKrbOptions().get("principal"));
 	}
 
 	@Test
@@ -177,7 +175,22 @@ void samlAuth() {
 
 		DatabaseClientFactory.Bean bean = config.newDatabaseClientBuilder().buildBean();
 		assertTrue(bean.getSecurityContext() instanceof DatabaseClientFactory.SAMLAuthContext);
-		assertEquals("my-token", ((DatabaseClientFactory.SAMLAuthContext)bean.getSecurityContext()).getToken());
+		assertEquals("my-token", ((DatabaseClientFactory.SAMLAuthContext) bean.getSecurityContext()).getToken());
+	}
+
+	@Test
+	void oauth() {
+		ManageConfig config = configure(
+			"mlManageAuthentication", "oauth",
+			"mlManageOauthToken", "my-token"
+		);
+
+		assertEquals("oauth", config.getAuthType());
+		assertEquals("my-token", config.getOauthToken());
+
+		DatabaseClientFactory.Bean bean = config.newDatabaseClientBuilder().buildBean();
+		assertTrue(bean.getSecurityContext() instanceof DatabaseClientFactory.OAuthContext);
+		assertEquals("my-token", ((DatabaseClientFactory.OAuthContext) bean.getSecurityContext()).getToken());
 	}
 
 	@Test

ml-app-deployer/src/test/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactoryTest.java

@@ -15,17 +15,14 @@
  */
 package com.marklogic.mgmt.admin;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
-import org.junit.jupiter.api.Test;
-
 import com.marklogic.client.DatabaseClientFactory;
 import com.marklogic.client.DatabaseClientFactory.SSLHostnameVerifier;
 import com.marklogic.mgmt.util.SimplePropertySource;
+import org.junit.jupiter.api.Test;
 
-public class DefaultAdminConfigFactoryTest  {
+import static org.junit.jupiter.api.Assertions.*;
+
+class DefaultAdminConfigFactoryTest  {
 
 	@Test
 	public void mlUsername() {
@@ -155,6 +152,21 @@ void samlAuth() {
 		assertEquals("my-token", ((DatabaseClientFactory.SAMLAuthContext)bean.getSecurityContext()).getToken());
 	}
 
+	@Test
+	void oauth() {
+		AdminConfig config = configure(
+			"mlAdminAuthentication", "oauth",
+			"mlAdminOauthToken", "my-token"
+		);
+
+		assertEquals("oauth", config.getAuthType());
+		assertEquals("my-token", config.getOauthToken());
+
+		DatabaseClientFactory.Bean bean = config.newDatabaseClientBuilder().buildBean();
+		assertTrue(bean.getSecurityContext() instanceof DatabaseClientFactory.OAuthContext);
+		assertEquals("my-token", ((DatabaseClientFactory.OAuthContext)bean.getSecurityContext()).getToken());
+	}
+
 	@Test
 	void sslHostnameVerifier() {
 		AdminConfig config = configure("mlAdminSslHostnameVerifier", "common");

ml-javaclient-util/src/main/java/com/marklogic/client/ext/DatabaseClientConfig.java

@@ -42,6 +42,7 @@ public class DatabaseClientConfig {
 	private String certPassword;
 	private String externalName;
 	private String samlToken;
+	private String oauthToken;
 
 	private X509TrustManager trustManager;
 	private DatabaseClient.ConnectionType connectionType;
@@ -389,4 +390,18 @@ public String getTrustStoreAlgorithm() {
 	public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
 		this.trustStoreAlgorithm = trustStoreAlgorithm;
 	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public String getOauthToken() {
+		return oauthToken;
+	}
+
+	/**
+	 * @since 6.0.0
+	 */
+	public void setOauthToken(String oauthToken) {
+		this.oauthToken = oauthToken;
+	}
 }

ml-javaclient-util/src/main/java/com/marklogic/client/ext/DefaultConfiguredDatabaseClientFactory.java

@@ -46,6 +46,7 @@ public DatabaseClient newDatabaseClient(DatabaseClientConfig config) {
 			.withCertificatePassword(config.getCertPassword())
 			.withKerberosPrincipal(config.getExternalName())
 			.withSAMLToken(config.getSamlToken())
+			.withOAuth(config.getOauthToken())
 			.withCloudApiKey(config.getCloudApiKey())
 			.withSSLProtocol(config.getSslProtocol())
 			.withSSLHostnameVerifier(config.getSslHostnameVerifier())