Package org.springframework.security.oauth2.provider

Source Code of org.springframework.security.oauth2.provider.ImplicitProviderTests

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
package org.springframework.security.oauth2.provider;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

import java.io.IOException;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.junit.Rule;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.test.BeforeOAuth2Context;
import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
import org.springframework.security.oauth2.client.test.OAuth2ContextSetup;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitResourceDetails;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/**
* @author Ryan Heaton
* @author Dave Syer
*/
public class ImplicitProviderTests {

  @Rule
  public ServerRunning serverRunning = ServerRunning.isRunning();

  @Rule
  public OAuth2ContextSetup context = OAuth2ContextSetup.standard(serverRunning);

  private String cookie;

  private HttpHeaders latestHeaders = null;

  @BeforeOAuth2Context
  public void loginAndExtractCookie() {

    ResponseEntity<String> page = serverRunning.getForString("/sparklr2/login.jsp");
    String cookie = page.getHeaders().getFirst("Set-Cookie");
    Matcher matcher = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*").matcher(page.getBody());

    MultiValueMap<String, String> formData;
    formData = new LinkedMultiValueMap<String, String>();
    formData.add("j_username", "marissa");
    formData.add("j_password", "koala");
    if (matcher.matches()) {
      formData.add("_csrf", matcher.group(1));
    }

    String location = "/sparklr2/login.do";
    ResponseEntity<Void> result = serverRunning.postForStatus(location, formData);
    assertEquals(HttpStatus.FOUND, result.getStatusCode());
    cookie = result.getHeaders().getFirst("Set-Cookie");

    assertNotNull("Expected cookie in " + result.getHeaders(), cookie);
    this.cookie = cookie;

  }

  @Test(expected = UserRedirectRequiredException.class)
  @OAuth2ContextConfiguration(resource = AutoApproveImplicit.class, initialize = false)
  public void testRedirectRequiredForAuthentication() throws Exception {
    context.getAccessToken();
  }

  @Test
  @OAuth2ContextConfiguration(resource = AutoApproveImplicit.class, initialize = false)
  public void testPostForAutomaticApprovalToken() throws Exception {
    final ImplicitAccessTokenProvider implicitProvider = new ImplicitAccessTokenProvider();
    implicitProvider.setInterceptors(Arrays
        .<ClientHttpRequestInterceptor> asList(new ClientHttpRequestInterceptor() {
          public ClientHttpResponse intercept(HttpRequest request, byte[] body,
              ClientHttpRequestExecution execution) throws IOException {
            ClientHttpResponse result = execution.execute(request, body);
            latestHeaders = result.getHeaders();
            return result;
          }
        }));
    context.setAccessTokenProvider(implicitProvider);
    context.getAccessTokenRequest().setCookie(cookie);
    assertNotNull(context.getAccessToken());
    assertTrue("Wrong location header: " + latestHeaders.getLocation().getFragment(), latestHeaders.getLocation().getFragment()
        .contains("scope=read write trust"));
  }

  @Test
  @OAuth2ContextConfiguration(resource = NonAutoApproveImplicit.class, initialize = false)
  public void testPostForNonAutomaticApprovalToken() throws Exception {
    context.getAccessTokenRequest().setCookie(cookie);
    try {
      assertNotNull(context.getAccessToken());
      fail("Expected UserRedirectRequiredException");
    }
    catch (UserRedirectRequiredException e) {
      // ignore
    }
    // add user approval parameter for the second request
    context.getAccessTokenRequest().add(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
    context.getAccessTokenRequest().add("scope.read", "true");
    assertNotNull(context.getAccessToken());
  }

  static class AutoApproveImplicit extends ImplicitResourceDetails {
    public AutoApproveImplicit(Object target) {
      super();
      setClientId("my-less-trusted-autoapprove-client");
      setId(getClientId());
      setPreEstablishedRedirectUri("http://anywhere");
      ImplicitProviderTests test = (ImplicitProviderTests) target;
      setAccessTokenUri(test.serverRunning.getUrl("/sparklr2/oauth/authorize"));
      setUserAuthorizationUri(test.serverRunning.getUrl("/sparklr2/oauth/authorize"));
    }
  }

  static class NonAutoApproveImplicit extends AutoApproveImplicit {
    public NonAutoApproveImplicit(Object target) {
      super(target);
      setClientId("my-less-trusted-client");
    }
  }

}
TOP

Related Classes of org.springframework.security.oauth2.provider.ImplicitProviderTests

  • client.ClientServerInteractionTests
  • com.springsource.greenhouse.settings.SettingsControllerTest
  • demo.Application
  • demo.Application$OAuth2Config
  • demo.Application$TokenEndpointSecurity
  • OAuth2AuthenticationReadConverter
  • org.codehaus.jackson.map.ObjectMapper
  • org.mitre.oauth2.introspectingfilter.IntrospectingTokenService
  • org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository
  • org.mitre.oauth2.service.impl.DefaultIntrospectionResultAssembler
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.
    yTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-20639858-1', 'auto'); ga('send', 'pageview');