use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.
the class AbstractAuthorizationCodeProviderTests method getAuthenticatedHeaders.
private HttpHeaders getAuthenticatedHeaders() {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
headers.set("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes())));
if (context.getRestTemplate() != null) {
context.getAccessTokenRequest().setHeaders(headers);
}
return headers;
}
use of org.springframework.http.HttpHeaders in project spring-mvc-showcase by spring-projects.
the class ResponseController method responseEntityCustomHeaders.
@RequestMapping("/entity/headers")
public ResponseEntity<String> responseEntityCustomHeaders() {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.TEXT_PLAIN);
return new ResponseEntity<String>("The String ResponseBody with custom header Content-Type=text/plain", headers, HttpStatus.OK);
}
use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.
the class PhotoController method getJsonPhotos.
@RequestMapping(value = "/photos", params = "format=json")
public ResponseEntity<String> getJsonPhotos(Principal principal) {
Collection<PhotoInfo> photos = getPhotoService().getPhotosForCurrentUser(principal.getName());
StringBuilder out = new StringBuilder();
out.append("{ \"photos\" : [ ");
Iterator<PhotoInfo> photosIt = photos.iterator();
while (photosIt.hasNext()) {
PhotoInfo photo = photosIt.next();
out.append(String.format("{ \"id\" : \"%s\" , \"name\" : \"%s\" }", photo.getId(), photo.getName()));
if (photosIt.hasNext()) {
out.append(" , ");
}
}
out.append("] }");
HttpHeaders headers = new HttpHeaders();
headers.set("Content-Type", "application/javascript");
return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
}
use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.
the class AdminEndpointsTests method testRevokeTokenByUser.
@Test
@OAuth2ContextConfiguration(ResourceOwnerWriteOnly.class)
public void testRevokeTokenByUser() throws Exception {
OAuth2AccessToken token = context.getAccessToken();
String tokenValueBeforeDeletion = token.getValue();
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
HttpEntity<?> request = new HttpEntity<Void>(headers);
assertEquals(HttpStatus.NO_CONTENT, serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/sparklr2/oauth/users/{user}/tokens/{token}"), HttpMethod.DELETE, request, Void.class, "marissa", token.getValue()).getStatusCode());
try {
// The request above will delete the oauth token so that the next request will initially fail. However,
// the failure will be detected and a new access token will be obtained. The new access token
// only has "write" scope and the requested resource needs "read" scope. So, an insufficient_scope
// exception should be thrown.
ResponseEntity<String> result = serverRunning.getForString("/sparklr2/oauth/clients/my-client-with-registered-redirect/users/marissa/tokens", headers);
fail("Should have thrown an exception");
assertNotNull(result);
} catch (InsufficientScopeException ex) {
assertEquals(HttpStatus.FORBIDDEN.value(), ex.getHttpErrorCode());
assertEquals("insufficient_scope", ex.getOAuth2ErrorCode());
String secondTokenWithWriteOnlyScope = context.getOAuth2ClientContext().getAccessToken().getValue();
assertNotNull(secondTokenWithWriteOnlyScope);
assertFalse(secondTokenWithWriteOnlyScope.equals(tokenValueBeforeDeletion));
}
}
use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.
the class AuthorizationCodeProviderTests method testInvalidAccessToken.
@Test
public void testInvalidAccessToken() throws Exception {
// now make sure an unauthorized request fails the right way.
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, "FOO"));
ResponseEntity<String> response = serverRunning.getForString("/sparklr2/photos?format=json", headers);
assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
String authenticate = response.getHeaders().getFirst("WWW-Authenticate");
assertNotNull(authenticate);
assertTrue(authenticate.startsWith("Bearer"));
// Resource Server doesn't know what scopes are required until the token can be validated
assertFalse(authenticate.contains("scope=\""));
}
Aggregations