Search in sources :

Example 6 with BearerTokenError

use of org.springframework.security.oauth2.server.resource.BearerTokenError in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPointTests method commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails.

@Test
public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorDetails() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, "The access token expired", null, null);
    this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
    assertThat(response.getStatus()).isEqualTo(400);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\", error_description=\"The access token expired\"");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 7 with BearerTokenError

use of org.springframework.security.oauth2.server.resource.BearerTokenError in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPointTests method commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri.

@Test
public void commenceWhenInvalidRequestErrorThenStatus400AndHeaderWithErrorUri() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_REQUEST, HttpStatus.BAD_REQUEST, null, "https://example.com", null);
    this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
    assertThat(response.getStatus()).isEqualTo(400);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_request\", error_uri=\"https://example.com\"");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 8 with BearerTokenError

use of org.springframework.security.oauth2.server.resource.BearerTokenError in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPointTests method commenceWhenInsufficientScopeAndRealmSetThenStatus403AndHeaderWithErrorAndAllDetails.

@Test
public void commenceWhenInsufficientScopeAndRealmSetThenStatus403AndHeaderWithErrorAndAllDetails() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, "Insufficient scope", "https://example.com", "test.read test.write");
    this.authenticationEntryPoint.setRealmName("test");
    this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
    assertThat(response.getStatus()).isEqualTo(403);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\", error=\"insufficient_scope\", error_description=\"Insufficient scope\", " + "error_uri=\"https://example.com\", scope=\"test.read test.write\"");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 9 with BearerTokenError

use of org.springframework.security.oauth2.server.resource.BearerTokenError in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPointTests method commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError.

@Test
public void commenceWhenInsufficientScopeErrorThenStatus403AndHeaderWithError() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INSUFFICIENT_SCOPE, HttpStatus.FORBIDDEN, null, null);
    this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
    assertThat(response.getStatus()).isEqualTo(403);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\"");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 10 with BearerTokenError

use of org.springframework.security.oauth2.server.resource.BearerTokenError in project spring-security by spring-projects.

the class BearerTokenAuthenticationEntryPointTests method commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError.

@Test
public void commenceWhenInvalidTokenErrorThenStatus401AndHeaderWithError() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    BearerTokenError error = new BearerTokenError(BearerTokenErrorCodes.INVALID_TOKEN, HttpStatus.UNAUTHORIZED, null, null);
    this.authenticationEntryPoint.commence(request, response, new OAuth2AuthenticationException(error));
    assertThat(response.getStatus()).isEqualTo(401);
    assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"invalid_token\"");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BearerTokenError(org.springframework.security.oauth2.server.resource.BearerTokenError) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

BearerTokenError (org.springframework.security.oauth2.server.resource.BearerTokenError)24 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)20 Test (org.junit.jupiter.api.Test)14 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)6 LinkedHashMap (java.util.LinkedHashMap)3 MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)3 Matcher (java.util.regex.Matcher)2 HttpStatus (org.springframework.http.HttpStatus)2 BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)2 BearerTokenError (com.nimbusds.oauth2.sdk.token.BearerTokenError)1 ExceptionHandler (org.springframework.web.bind.annotation.ExceptionHandler)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1