Search in sources :

Example 11 with HttpHeaders

use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.

the class AbstractAuthorizationCodeProviderTests method getAuthenticatedHeaders.

private HttpHeaders getAuthenticatedHeaders() {
    HttpHeaders headers = new HttpHeaders();
    headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
    headers.set("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes())));
    if (context.getRestTemplate() != null) {
        context.getAccessTokenRequest().setHeaders(headers);
    }
    return headers;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders)

Example 12 with HttpHeaders

use of org.springframework.http.HttpHeaders in project spring-mvc-showcase by spring-projects.

the class ResponseController method responseEntityCustomHeaders.

@RequestMapping("/entity/headers")
public ResponseEntity<String> responseEntityCustomHeaders() {
    HttpHeaders headers = new HttpHeaders();
    headers.setContentType(MediaType.TEXT_PLAIN);
    return new ResponseEntity<String>("The String ResponseBody with custom header Content-Type=text/plain", headers, HttpStatus.OK);
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 13 with HttpHeaders

use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.

the class PhotoController method getJsonPhotos.

@RequestMapping(value = "/photos", params = "format=json")
public ResponseEntity<String> getJsonPhotos(Principal principal) {
    Collection<PhotoInfo> photos = getPhotoService().getPhotosForCurrentUser(principal.getName());
    StringBuilder out = new StringBuilder();
    out.append("{ \"photos\" : [ ");
    Iterator<PhotoInfo> photosIt = photos.iterator();
    while (photosIt.hasNext()) {
        PhotoInfo photo = photosIt.next();
        out.append(String.format("{ \"id\" : \"%s\" , \"name\" : \"%s\" }", photo.getId(), photo.getName()));
        if (photosIt.hasNext()) {
            out.append(" , ");
        }
    }
    out.append("] }");
    HttpHeaders headers = new HttpHeaders();
    headers.set("Content-Type", "application/javascript");
    return new ResponseEntity<String>(out.toString(), headers, HttpStatus.OK);
}
Also used : PhotoInfo(org.springframework.security.oauth.examples.sparklr.PhotoInfo) HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 14 with HttpHeaders

use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.

the class AdminEndpointsTests method testRevokeTokenByUser.

@Test
@OAuth2ContextConfiguration(ResourceOwnerWriteOnly.class)
public void testRevokeTokenByUser() throws Exception {
    OAuth2AccessToken token = context.getAccessToken();
    String tokenValueBeforeDeletion = token.getValue();
    HttpHeaders headers = new HttpHeaders();
    headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
    HttpEntity<?> request = new HttpEntity<Void>(headers);
    assertEquals(HttpStatus.NO_CONTENT, serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/sparklr2/oauth/users/{user}/tokens/{token}"), HttpMethod.DELETE, request, Void.class, "marissa", token.getValue()).getStatusCode());
    try {
        // The request above will delete the oauth token so that the next request will initially fail. However,
        // the failure will be detected and a new access token will be obtained.  The new access token
        // only has "write" scope and the requested resource needs "read" scope.  So, an insufficient_scope
        // exception should be thrown.
        ResponseEntity<String> result = serverRunning.getForString("/sparklr2/oauth/clients/my-client-with-registered-redirect/users/marissa/tokens", headers);
        fail("Should have thrown an exception");
        assertNotNull(result);
    } catch (InsufficientScopeException ex) {
        assertEquals(HttpStatus.FORBIDDEN.value(), ex.getHttpErrorCode());
        assertEquals("insufficient_scope", ex.getOAuth2ErrorCode());
        String secondTokenWithWriteOnlyScope = context.getOAuth2ClientContext().getAccessToken().getValue();
        assertNotNull(secondTokenWithWriteOnlyScope);
        assertFalse(secondTokenWithWriteOnlyScope.equals(tokenValueBeforeDeletion));
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException) HttpEntity(org.springframework.http.HttpEntity) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration) Test(org.junit.Test)

Example 15 with HttpHeaders

use of org.springframework.http.HttpHeaders in project spring-security-oauth by spring-projects.

the class AuthorizationCodeProviderTests method testInvalidAccessToken.

@Test
public void testInvalidAccessToken() throws Exception {
    // now make sure an unauthorized request fails the right way.
    HttpHeaders headers = new HttpHeaders();
    headers.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, "FOO"));
    ResponseEntity<String> response = serverRunning.getForString("/sparklr2/photos?format=json", headers);
    assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
    String authenticate = response.getHeaders().getFirst("WWW-Authenticate");
    assertNotNull(authenticate);
    assertTrue(authenticate.startsWith("Bearer"));
    // Resource Server doesn't know what scopes are required until the token can be validated
    assertFalse(authenticate.contains("scope=\""));
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) Test(org.junit.Test)

Aggregations

HttpHeaders (org.springframework.http.HttpHeaders)484 Test (org.junit.Test)209 ResponseEntity (org.springframework.http.ResponseEntity)90 HttpEntity (org.springframework.http.HttpEntity)81 URI (java.net.URI)53 MediaType (org.springframework.http.MediaType)50 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)42 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)36 ByteArrayInputStream (java.io.ByteArrayInputStream)34 HttpStatus (org.springframework.http.HttpStatus)30 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)30 Map (java.util.Map)25 IOException (java.io.IOException)24 ArrayList (java.util.ArrayList)22 List (java.util.List)20 RestTemplate (org.springframework.web.client.RestTemplate)20 ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)19 MultiValueMap (org.springframework.util.MultiValueMap)18 ExceptionHandler (org.springframework.web.bind.annotation.ExceptionHandler)18 HttpInputMessage (org.springframework.http.HttpInputMessage)17