use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class AccessTokenProtectionFilterTest method testBeforeHandleWithoutNeedingScope.
@Test
public void testBeforeHandleWithoutNeedingScope() throws Exception {
//Given
filter = new AccessTokenProtectionFilter(null, tokenStore, requestFactory, null);
Request req = mock(Request.class);
Response resp = mock(Response.class);
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
when(requestFactory.create(req)).thenReturn(oAuth2Request);
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.HTTP_BASIC);
challengeResponse.setRawValue("tokenId");
when(req.getChallengeResponse()).thenReturn(challengeResponse);
AccessToken accessToken = new AccessToken(json(object(field("id", "tokenId"), field("tokenName", "access_token"), field("scope", asSet("a")), field("expireTime", System.currentTimeMillis() + 5000))));
when(tokenStore.readAccessToken(oAuth2Request, "tokenId")).thenReturn(accessToken);
//When
int result = filter.beforeHandle(req, resp);
//Then
assertThat(result).isEqualTo(Filter.CONTINUE);
}
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class RestletHeaderAccessTokenVerifier method obtainTokenId.
/**
* {@inheritDoc}
*/
protected String obtainTokenId(OAuth2Request request) {
final Request req = request.getRequest();
ChallengeResponse result = getChallengeResponse(req);
if (result == null) {
logger.debug("Request does not contain Authorization header.");
return null;
}
return result.getRawValue();
}
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class RestletHeaderAccessTokenVerifierTest method shouldLookupValue.
@Test
public void shouldLookupValue() throws Exception {
// Given
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.CUSTOM, "foo", "bar");
challengeResponse.setRawValue("freddy");
Request request = new Request();
request.setChallengeResponse(challengeResponse);
OAuth2Request req = new RestletOAuth2Request(null, request);
// When
AccessTokenVerifier.TokenState result = verifier.verify(req);
// Then
assertThat(result.isValid()).isFalse();
verify(tokenStore).readAccessToken(req, "freddy");
}
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method getAuthorisationApiToken.
protected AccessToken getAuthorisationApiToken() throws ServerException {
Request req = getRequest();
ChallengeResponse challengeResponse = req.getChallengeResponse();
try {
return oauth2TokenStore.readAccessToken(requestFactory.create(req), challengeResponse.getRawValue());
} catch (InvalidGrantException e) {
throw new ServerException("Unable to verify client identity.");
} catch (NotFoundException e) {
throw new ServerException(e.getMessage());
}
}
use of org.restlet.data.ChallengeResponse in project OpenAM by OpenRock.
the class ResourceSetRegistrationEndpointTest method setup.
@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
store = mock(ResourceSetStore.class);
validator = mock(ResourceSetDescriptionValidator.class);
OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
Set<ResourceSetRegistrationHook> hooks = new HashSet<>();
hook = mock(ResourceSetRegistrationHook.class);
hooks.add(hook);
labelRegistration = mock(ResourceSetLabelRegistration.class);
ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
resourceRegistrationFilter = mock(ResourceRegistrationFilter.class);
given(extensionFilterManager.getFilters(ResourceRegistrationFilter.class)).willReturn(Collections.singletonList(resourceRegistrationFilter));
OAuth2ProviderSettingsFactory providerSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
given(providerSettingsFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
given(providerSettings.getResourceSetStore()).willReturn(store);
ExceptionHandler exceptionHandler = mock(ExceptionHandler.class);
UmaLabelsStore umaLabelsStore = mock(UmaLabelsStore.class);
endpoint = spy(new ResourceSetRegistrationEndpoint(providerSettingsFactory, validator, requestFactory, hooks, labelRegistration, extensionFilterManager, exceptionHandler, umaLabelsStore, jacksonRepresentationFactory));
Request request = mock(Request.class);
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.HTTP_BASIC);
challengeResponse.setRawValue("PAT");
given(request.getChallengeResponse()).willReturn(challengeResponse);
given(endpoint.getRequest()).willReturn(request);
AccessToken accessToken = mock(AccessToken.class);
given(accessToken.getClientId()).willReturn("CLIENT_ID");
given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
response = mock(Response.class);
given(endpoint.getResponse()).willReturn(response);
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
given(requestFactory.create(Matchers.<Request>anyObject())).willReturn(oAuth2Request);
given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}
Aggregations