Beispiel #1
0
  @Test
  public void testScoped() throws Exception {
    System.out.println(realmInfo.getAuthorizationUrl());
    WebTarget authUrl =
        client
            .target(realmInfo.getAuthorizationUrl())
            .queryParam("client_id", "oauthclient")
            .queryParam("redirect_uri", "http://localhost:8081/oauthclient/redirect");

    String form = authUrl.request().get(String.class);
    System.out.println(form);

    Pattern p = Pattern.compile("action=\"([^\"]+)\"");
    Matcher matcher = p.matcher(form);
    String loginUrl = null;
    if (matcher.find()) {
      loginUrl = matcher.group(1);
    }
    Assert.assertNotNull(loginUrl);

    Pattern sp = Pattern.compile("name=\"scope\" value=\"([^\"]+)\"");
    matcher = sp.matcher(form);
    String scopeParam = null;
    if (matcher.find()) {
      scopeParam = matcher.group(1);
    }
    Assert.assertNotNull(scopeParam);

    Form loginform =
        new Form()
            .param("username", "wburke")
            .param("Password", "userpassword")
            .param("client_id", "oauthclient")
            .param("scope", scopeParam)
            .param("redirect_uri", "http://localhost:8081/loginclient/redirect");

    System.out.println("LoginUrl: " + loginUrl);
    Response response = client.target(loginUrl).request().post(Entity.form(loginform));
    Assert.assertEquals(302, response.getStatus());
    URI uri = response.getLocation();
    response.close();
    Assert.assertNotNull(uri);
    System.out.println(uri);
    Pattern q = Pattern.compile("code=([^&]+)");
    matcher = q.matcher(uri.getRawQuery());
    String code = null;
    if (matcher.find()) {
      code = matcher.group(1);
    }
    System.out.println("Code: " + code);
    Assert.assertNotNull(code);
    WebTarget codes = client.target(realmInfo.getCodeUrl());
    Form codeForm =
        new Form()
            .param("code", code)
            .param("client_id", "oauthclient")
            .param("Password", "clientpassword");
    Response res = codes.request().post(Entity.form(codeForm));
    if (res.getStatus() == 400) {
      System.out.println(res.readEntity(String.class));
    }
    Assert.assertEquals(200, res.getStatus());
    AccessTokenResponse tokenResponse = res.readEntity(AccessTokenResponse.class);
    res.close();

    ResourceMetadata metadata = new ResourceMetadata();
    metadata.setRealm("test-realm");
    metadata.setResourceName("Application");
    metadata.setRealmKey(realmInfo.getPublicKey());
    SkeletonKeyToken token = RSATokenVerifier.verifyToken(tokenResponse.getToken(), metadata);
    Assert.assertEquals(token.getPrincipal(), "wburke");
    Assert.assertTrue(token.getResourceAccess("Application").getRoles().contains("user"));
  }