Example 16 with OAuthConsumerToken
use of org.springframework.security.oauth.consumer.OAuthConsumerToken in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupportTests method testReadResouce.
/**
* readResouce
*/
@Test
public void testReadResouce() throws Exception {
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("http://myhost.com/resource?with=some&query=params&too");
final ConnectionProps connectionProps = new ConnectionProps();
final ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
final HttpURLConnectionForTestingPurposes connectionMock = new HttpURLConnectionForTestingPurposes(url) {
@Override
public void setRequestMethod(String method) throws ProtocolException {
connectionProps.method = method;
}
@Override
public void setDoOutput(boolean dooutput) {
connectionProps.doOutput = dooutput;
}
@Override
public void connect() throws IOException {
connectionProps.connected = true;
}
@Override
public OutputStream getOutputStream() throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
connectionProps.outputStream = out;
return out;
}
@Override
public int getResponseCode() throws IOException {
return connectionProps.responseCode;
}
@Override
public String getResponseMessage() throws IOException {
return connectionProps.responseMessage;
}
@Override
public InputStream getInputStream() throws IOException {
return inputStream;
}
@Override
public String getHeaderField(String name) {
return connectionProps.headerFields.get(name);
}
};
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {
@Override
public URL configureURLForProtectedAccess(URL url, OAuthConsumerToken accessToken, ProtectedResourceDetails details, String httpMethod, Map<String, String> additionalParameters) throws OAuthRequestFailedException {
try {
return new URL(url.getProtocol(), url.getHost(), url.getPort(), url.getFile(), new StreamHandlerForTestingPurposes(connectionMock));
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@Override
public String getOAuthQueryString(ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) {
return "POSTBODY";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
when(details.getAuthorizationHeaderRealm()).thenReturn("realm1");
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 400;
connectionProps.responseMessage = "Nasty";
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 401;
connectionProps.responseMessage = "Bad Realm";
connectionProps.headerFields.put("WWW-Authenticate", "realm=\"goodrealm\"");
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (InvalidOAuthRealmException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
assertSame(inputStream, support.readResource(details, url, "GET", token, null, null));
assertFalse(connectionProps.doOutput);
assertEquals("GET", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
assertSame(inputStream, support.readResource(details, url, "POST", token, null, null));
assertEquals("POSTBODY", new String(((ByteArrayOutputStream) connectionProps.outputStream).toByteArray()));
assertTrue(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
}
Also used :
MalformedURLException(java.net.MalformedURLException)
DefaultOAuthURLStreamHandlerFactory(org.springframework.security.oauth.consumer.net.DefaultOAuthURLStreamHandlerFactory)
InvalidOAuthRealmException(org.springframework.security.oauth.consumer.InvalidOAuthRealmException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
URL(java.net.URL)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
ByteArrayInputStream(java.io.ByteArrayInputStream)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
Test(org.junit.Test)
Example 17 with OAuthConsumerToken
use of org.springframework.security.oauth.consumer.OAuthConsumerToken in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupportTests method testConfigureURLForProtectedAccess.
/**
* configureURLForProtectedAccess
*/
@Test
public void testConfigureURLForProtectedAccess() throws Exception {
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {
// Inherited.
@Override
public String getOAuthQueryString(ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) {
return "myquerystring";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
assertEquals("https://myhost.com/somepath?myquerystring", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "POST", null).toString());
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "PUT", null).toString());
}
Also used :
DefaultOAuthURLStreamHandlerFactory(org.springframework.security.oauth.consumer.net.DefaultOAuthURLStreamHandlerFactory)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
URL(java.net.URL)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Test(org.junit.Test)
Example 18 with OAuthConsumerToken
use of org.springframework.security.oauth.consumer.OAuthConsumerToken in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilterTests method testDoFilter.
/**
* tests the filter.
*/
@Test
public void testDoFilter() throws Exception {
final OAuthRememberMeServices rememberMeServices = new NoOpOAuthRememberMeServices();
final BaseProtectedResourceDetails resource = new BaseProtectedResourceDetails();
resource.setId("dep1");
OAuthConsumerContextFilter filter = new OAuthConsumerContextFilter() {
@Override
protected String getCallbackURL(HttpServletRequest request) {
return "urn:callback";
}
@Override
protected String getUserAuthorizationRedirectURL(ProtectedResourceDetails details, OAuthConsumerToken requestToken, String callbackURL) {
return callbackURL + "&" + requestToken.getResourceId();
}
};
filter.setRedirectStrategy(new RedirectStrategy() {
public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
response.sendRedirect(url);
}
});
filter.setTokenServices(tokenServices);
filter.setConsumerSupport(support);
filter.setRememberMeServices(rememberMeServices);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(null);
when(request.getParameter("oauth_verifier")).thenReturn(null);
when(response.encodeRedirectURL("urn:callback")).thenReturn("urn:callback?query");
OAuthConsumerToken token = new OAuthConsumerToken();
token.setAccessToken(false);
token.setResourceId(resource.getId());
when(support.getUnauthorizedRequestToken("dep1", "urn:callback?query")).thenReturn(token);
filter.doFilter(request, response, filterChain);
verify(filterChain).doFilter(request, response);
verify(tokenServices).storeToken("dep1", token);
verify(response).sendRedirect("urn:callback?query&dep1");
verify(request, times(2)).setAttribute(anyString(), anyObject());
reset(request, response, filterChain);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(token);
when(request.getParameter(OAuthProviderParameter.oauth_verifier.toString())).thenReturn("verifier");
OAuthConsumerToken accessToken = new OAuthConsumerToken();
when(support.getAccessToken(token, "verifier")).thenReturn(accessToken);
when(response.isCommitted()).thenReturn(false);
filter.doFilter(request, response, filterChain);
verify(filterChain, times(2)).doFilter(request, response);
verify(tokenServices).removeToken("dep1");
verify(tokenServices).storeToken("dep1", accessToken);
verify(request, times(2)).setAttribute(anyString(), anyObject());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.OAuthRememberMeServices)
NoOpOAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.NoOpOAuthRememberMeServices)
BaseProtectedResourceDetails(org.springframework.security.oauth.consumer.BaseProtectedResourceDetails)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NoOpOAuthRememberMeServices(org.springframework.security.oauth.consumer.rememberme.NoOpOAuthRememberMeServices)
Matchers.anyString(org.mockito.Matchers.anyString)
IOException(java.io.IOException)
RedirectStrategy(org.springframework.security.web.RedirectStrategy)
ProtectedResourceDetails(org.springframework.security.oauth.consumer.ProtectedResourceDetails)
BaseProtectedResourceDetails(org.springframework.security.oauth.consumer.BaseProtectedResourceDetails)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Test(org.junit.Test)
Aggregations
OAuthConsumerToken (org.springframework.security.oauth.consumer.OAuthConsumerToken)18
HashMap (java.util.HashMap)12
Test (org.junit.Test)12
Map (java.util.Map)9
TreeMap (java.util.TreeMap)7
ProtectedResourceDetails (org.springframework.security.oauth.consumer.ProtectedResourceDetails)7
URL (java.net.URL)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4
MockHttpSession (org.springframework.mock.web.MockHttpSession)4
LinkedHashSet (java.util.LinkedHashSet)3
Set (java.util.Set)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
AccessTokenRequiredException (org.springframework.security.oauth.consumer.AccessTokenRequiredException)3
OAuthRequestFailedException (org.springframework.security.oauth.consumer.OAuthRequestFailedException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
HttpSession (javax.servlet.http.HttpSession)2
OAuthSecurityContext (org.springframework.security.oauth.consumer.OAuthSecurityContext)2
