Example 6 with OAuth2ContextConfiguration
use of org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration in project spring-security-oauth by spring-projects.
the class AuthorizationCodeProviderTests method testInsufficientScopeInResourceRequest.
@Test
@OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false)
public void testInsufficientScopeInResourceRequest() throws Exception {
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
resource.setScope(Arrays.asList("trust"));
approveAccessTokenGrant("http://anywhere?key=value", true);
assertNotNull(context.getAccessToken());
try {
serverRunning.getForString("/sparklr2/photos?format=json");
fail("Should have thrown exception");
} catch (InsufficientScopeException ex) {
// ignore / all good
}
}
Also used :
InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)
AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 7 with OAuth2ContextConfiguration
use of org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration in project spring-security-oauth by spring-projects.
the class ImplicitProviderTests method testPostForAutomaticApprovalToken.
@Test
@OAuth2ContextConfiguration(resource = AutoApproveImplicit.class, initialize = false)
public void testPostForAutomaticApprovalToken() throws Exception {
final ImplicitAccessTokenProvider implicitProvider = new ImplicitAccessTokenProvider();
implicitProvider.setInterceptors(Arrays.<ClientHttpRequestInterceptor>asList(new ClientHttpRequestInterceptor() {
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
ClientHttpResponse result = execution.execute(request, body);
latestHeaders = result.getHeaders();
return result;
}
}));
context.setAccessTokenProvider(implicitProvider);
context.getAccessTokenRequest().setCookie(cookie);
assertNotNull(context.getAccessToken());
assertTrue("Wrong location header: " + latestHeaders.getLocation().getFragment(), latestHeaders.getLocation().getFragment().contains("scope=read write trust"));
}
Also used :
HttpRequest(org.springframework.http.HttpRequest)
ImplicitAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider)
ClientHttpRequestExecution(org.springframework.http.client.ClientHttpRequestExecution)
ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)
ClientHttpRequestInterceptor(org.springframework.http.client.ClientHttpRequestInterceptor)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 8 with OAuth2ContextConfiguration
use of org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordProviderTests method testTokenObtainedWithHeaderAuthentication.
@Test
@OAuth2ContextConfiguration(ResourceOwner.class)
public void testTokenObtainedWithHeaderAuthentication() throws Exception {
assertEquals(HttpStatus.OK, serverRunning.getStatusCode("/sparklr2/photos?format=json"));
int expiry = context.getAccessToken().getExpiresIn();
assertTrue("Expiry not overridden in config: " + expiry, expiry < 1000);
assertEquals(new MediaType("application", "json", Charset.forName("UTF-8")), tokenEndpointResponse.getHeaders().getContentType());
}
Also used :
MediaType(org.springframework.http.MediaType)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 9 with OAuth2ContextConfiguration
use of org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration in project spring-security-oauth by spring-projects.
the class AbstractResourceOwnerPasswordProviderTests method testTokenEndpointWrongPassword.
@Test
@OAuth2ContextConfiguration(value = ResourceOwner.class, initialize = false)
public void testTokenEndpointWrongPassword() throws Exception {
ResourceOwnerPasswordResourceDetails resource = (ResourceOwnerPasswordResourceDetails) context.getResource();
resource.setPassword("bogus");
try {
new OAuth2RestTemplate(resource).getAccessToken();
} catch (OAuth2AccessDeniedException e) {
String summary = ((OAuth2Exception) e.getCause()).getSummary();
assertTrue("Wrong summary: " + summary, summary.contains("Bad credentials"));
}
}
Also used :
ResourceOwnerPasswordResourceDetails(org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails)
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
OAuth2RestTemplate(org.springframework.security.oauth2.client.OAuth2RestTemplate)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 10 with OAuth2ContextConfiguration
use of org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration in project spring-security-oauth by spring-projects.
the class ImplicitProviderTests method parallelGrants.
@Test
@OAuth2ContextConfiguration(ResourceOwner.class)
public void parallelGrants() throws Exception {
getToken();
Collection<Future<?>> futures = new HashSet<Future<?>>();
ExecutorService pool = Executors.newFixedThreadPool(2);
for (int i = 0; i < 100; i++) {
futures.add(pool.submit(new Runnable() {
@Override
public void run() {
getToken();
}
}));
}
for (Future<?> future : futures) {
future.get();
}
}
Also used :
ExecutorService(java.util.concurrent.ExecutorService)
Future(java.util.concurrent.Future)
HashSet(java.util.HashSet)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)28
OAuth2ContextConfiguration (org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)28
AccessTokenRequest (org.springframework.security.oauth2.client.token.AccessTokenRequest)9
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)7
HttpHeaders (org.springframework.http.HttpHeaders)4
ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)4
IOException (java.io.IOException)3
ClientCredentialsAccessTokenProvider (org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider)3
InsufficientScopeException (org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)3
DefaultResponseErrorHandler (org.springframework.web.client.DefaultResponseErrorHandler)3
ResponseErrorHandler (org.springframework.web.client.ResponseErrorHandler)3
TestRestTemplate (org.springframework.boot.test.web.client.TestRestTemplate)2
MediaType (org.springframework.http.MediaType)2
OAuth2RestTemplate (org.springframework.security.oauth2.client.OAuth2RestTemplate)2
UserRedirectRequiredException (org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)2
AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)2
RedirectMismatchException (org.springframework.security.oauth2.common.exceptions.RedirectMismatchException)2
HashSet (java.util.HashSet)1
Map (java.util.Map)1
ExecutorService (java.util.concurrent.ExecutorService)1
