use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class ProtectedResourceDetailsServiceFactoryBean method createInstance.
@Override
protected ProtectedResourceDetailsService createInstance() throws Exception {
Map<String, ProtectedResourceDetails> detailsMap = BeanFactoryUtils.beansOfTypeIncludingAncestors((ListableBeanFactory) getBeanFactory(), ProtectedResourceDetails.class);
InMemoryProtectedResourceDetailsService service = new InMemoryProtectedResourceDetailsService();
service.setResourceDetailsStore(detailsMap);
return service;
}
use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class OAuthConsumerContextFilterTests method testDoFilter.
/**
* tests the filter.
*/
@Test
public void testDoFilter() throws Exception {
final OAuthRememberMeServices rememberMeServices = new NoOpOAuthRememberMeServices();
final BaseProtectedResourceDetails resource = new BaseProtectedResourceDetails();
resource.setId("dep1");
OAuthConsumerContextFilter filter = new OAuthConsumerContextFilter() {
@Override
protected String getCallbackURL(HttpServletRequest request) {
return "urn:callback";
}
@Override
protected String getUserAuthorizationRedirectURL(ProtectedResourceDetails details, OAuthConsumerToken requestToken, String callbackURL) {
return callbackURL + "&" + requestToken.getResourceId();
}
};
filter.setRedirectStrategy(new RedirectStrategy() {
public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
response.sendRedirect(url);
}
});
filter.setTokenServices(tokenServices);
filter.setConsumerSupport(support);
filter.setRememberMeServices(rememberMeServices);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(null);
when(request.getParameter("oauth_verifier")).thenReturn(null);
when(response.encodeRedirectURL("urn:callback")).thenReturn("urn:callback?query");
OAuthConsumerToken token = new OAuthConsumerToken();
token.setAccessToken(false);
token.setResourceId(resource.getId());
when(support.getUnauthorizedRequestToken("dep1", "urn:callback?query")).thenReturn(token);
filter.doFilter(request, response, filterChain);
verify(filterChain).doFilter(request, response);
verify(tokenServices).storeToken("dep1", token);
verify(response).sendRedirect("urn:callback?query&dep1");
verify(request, times(2)).setAttribute(anyString(), anyObject());
reset(request, response, filterChain);
doThrow(new AccessTokenRequiredException(resource)).when(filterChain).doFilter(request, response);
when(tokenServices.getToken("dep1")).thenReturn(token);
when(request.getParameter(OAuthProviderParameter.oauth_verifier.toString())).thenReturn("verifier");
OAuthConsumerToken accessToken = new OAuthConsumerToken();
when(support.getAccessToken(token, "verifier")).thenReturn(accessToken);
when(response.isCommitted()).thenReturn(false);
filter.doFilter(request, response, filterChain);
verify(filterChain, times(2)).doFilter(request, response);
verify(tokenServices).removeToken("dep1");
verify(tokenServices).storeToken("dep1", accessToken);
verify(request, times(2)).setAttribute(anyString(), anyObject());
}
use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupportTests method testConfigureURLForProtectedAccess.
/**
* configureURLForProtectedAccess
*/
@Test
public void testConfigureURLForProtectedAccess() throws Exception {
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {
// Inherited.
@Override
public String getOAuthQueryString(ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) {
return "myquerystring";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
assertEquals("https://myhost.com/somepath?myquerystring", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "POST", null).toString());
assertEquals("https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "PUT", null).toString());
}
use of org.springframework.security.oauth.consumer.ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupportTests method testReadResouce.
/**
* readResouce
*/
@Test
public void testReadResouce() throws Exception {
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("http://myhost.com/resource?with=some&query=params&too");
final ConnectionProps connectionProps = new ConnectionProps();
final ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
final HttpURLConnectionForTestingPurposes connectionMock = new HttpURLConnectionForTestingPurposes(url) {
@Override
public void setRequestMethod(String method) throws ProtocolException {
connectionProps.method = method;
}
@Override
public void setDoOutput(boolean dooutput) {
connectionProps.doOutput = dooutput;
}
@Override
public void connect() throws IOException {
connectionProps.connected = true;
}
@Override
public OutputStream getOutputStream() throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
connectionProps.outputStream = out;
return out;
}
@Override
public int getResponseCode() throws IOException {
return connectionProps.responseCode;
}
@Override
public String getResponseMessage() throws IOException {
return connectionProps.responseMessage;
}
@Override
public InputStream getInputStream() throws IOException {
return inputStream;
}
@Override
public String getHeaderField(String name) {
return connectionProps.headerFields.get(name);
}
};
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {
@Override
public URL configureURLForProtectedAccess(URL url, OAuthConsumerToken accessToken, ProtectedResourceDetails details, String httpMethod, Map<String, String> additionalParameters) throws OAuthRequestFailedException {
try {
return new URL(url.getProtocol(), url.getHost(), url.getPort(), url.getFile(), new StreamHandlerForTestingPurposes(connectionMock));
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@Override
public String getOAuthQueryString(ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) {
return "POSTBODY";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
when(details.getAuthorizationHeaderRealm()).thenReturn("realm1");
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 400;
connectionProps.responseMessage = "Nasty";
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 401;
connectionProps.responseMessage = "Bad Realm";
connectionProps.headerFields.put("WWW-Authenticate", "realm=\"goodrealm\"");
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (InvalidOAuthRealmException e) {
// fall through...
}
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(true);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
assertSame(inputStream, support.readResource(details, url, "GET", token, null, null));
assertFalse(connectionProps.doOutput);
assertEquals("GET", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
when(details.getAuthorizationHeaderRealm()).thenReturn(null);
when(details.isAcceptsAuthorizationHeader()).thenReturn(false);
when(details.getAdditionalRequestHeaders()).thenReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
assertSame(inputStream, support.readResource(details, url, "POST", token, null, null));
assertEquals("POSTBODY", new String(((ByteArrayOutputStream) connectionProps.outputStream).toByteArray()));
assertTrue(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
}
Aggregations