Ejemplo n.º 1
0
  @Test
  public void testClientWildcard() throws Exception {
    BaseClientDetails theclient =
        new BaseClientDetails(
            "client",
            "zones",
            "zones.*.admin",
            "authorization_code, password",
            "scim.read, scim.write",
            "http://*****:*****@vmware.com"));

    accessToken = tokenServices.createAccessToken(authentication);

    endpoint.checkToken(accessToken.getValue());
  }
  public ResourceOwnerPasswordTokenGranterTests() {
    String clientId = "client";
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId(clientId);

    providerTokenServices.setTokenStore(new InMemoryTokenStore());
    Map<String, String> parameters = new HashMap<String, String>();
    parameters.put("username", "foo");
    parameters.put("password", "bar");
    parameters.put("client_id", clientId);

    tokenRequest = requestFactory.createTokenRequest(parameters, clientDetails);
  }
 @Test(expected = InvalidClientException.class)
 public void testGrantTypeNotSupported() {
   ResourceOwnerPasswordTokenGranter granter =
       new ResourceOwnerPasswordTokenGranter(
           authenticationManager, providerTokenServices,
           clientDetailsService, requestFactory);
   client.setAuthorizedGrantTypes(Collections.singleton("client_credentials"));
   granter.grant("password", tokenRequest);
 }
Ejemplo n.º 4
0
 @Test(expected = InvalidTokenException.class)
 public void testExpiredToken() throws Exception {
   BaseClientDetails clientDetails =
       new BaseClientDetails(
           "client",
           "scim, cc",
           "read, write",
           "authorization_code, password",
           "scim.read, scim.write",
           "http://localhost:8080/uaa");
   clientDetails.setAccessTokenValiditySeconds(1);
   Map<String, ? extends ClientDetails> clientDetailsStore =
       Collections.singletonMap("client", clientDetails);
   clientDetailsService.setClientDetailsStore(clientDetailsStore);
   tokenServices.setClientDetailsService(clientDetailsService);
   accessToken = tokenServices.createAccessToken(authentication);
   Thread.sleep(1000);
   Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
 }
  @Test
  public void testCreateZoneWithClient() throws IOException {
    IdentityZone idZone = new IdentityZone();
    String id = UUID.randomUUID().toString();
    idZone.setId(id);
    idZone.setSubdomain(id);
    idZone.setName("testCreateZone() " + id);
    ResponseEntity<Void> response =
        client.exchange(
            serverRunning.getUrl("/identity-zones"),
            HttpMethod.POST,
            new HttpEntity<>(idZone),
            new ParameterizedTypeReference<Void>() {},
            id);
    assertEquals(HttpStatus.CREATED, response.getStatusCode());

    BaseClientDetails clientDetails =
        new BaseClientDetails("test123", null, "openid", "authorization_code", "uaa.resource");
    clientDetails.setClientSecret("testSecret");
    clientDetails.addAdditionalInformation(
        ClientConstants.ALLOWED_PROVIDERS, Collections.singleton(Origin.UAA));

    ResponseEntity<Void> clientCreateResponse =
        client.exchange(
            serverRunning.getUrl("/identity-zones/" + id + "/clients"),
            HttpMethod.POST,
            new HttpEntity<>(clientDetails),
            new ParameterizedTypeReference<Void>() {},
            id);

    assertEquals(HttpStatus.CREATED, clientCreateResponse.getStatusCode());

    ResponseEntity<Void> clientDeleteResponse =
        client.exchange(
            serverRunning.getUrl(
                "/identity-zones/" + id + "/clients/" + clientDetails.getClientId()),
            HttpMethod.DELETE,
            null,
            new ParameterizedTypeReference<Void>() {},
            id);

    assertEquals(HttpStatus.OK, clientDeleteResponse.getStatusCode());
  }
 @Test
 public void testAuthorizationServerOverride() {
   this.context = new AnnotationConfigEmbeddedWebApplicationContext();
   EnvironmentTestUtils.addEnvironment(this.context, "security.oauth2.resourceId:resource-id");
   this.context.register(
       AuthorizationAndResourceServerConfiguration.class,
       CustomAuthorizationServer.class,
       MinimalSecureWebApplication.class);
   this.context.refresh();
   BaseClientDetails config = new BaseClientDetails();
   config.setClientId("client");
   config.setClientSecret("secret");
   config.setResourceIds(Arrays.asList("resource-id"));
   config.setAuthorizedGrantTypes(Arrays.asList("password"));
   config.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
   config.setScope(Arrays.asList("read"));
   assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG), equalTo(0));
   assertThat(countBeans(RESOURCE_SERVER_CONFIG), equalTo(1));
   verifyAuthentication(config);
 }
Ejemplo n.º 7
0
 @Test(expected = TokenRevokedException.class)
 public void testRejectClientPasswordChange() throws Exception {
   defaultClient.setClientSecret("changedsecret");
   endpoint.checkToken(accessToken.getValue());
 }
Ejemplo n.º 8
0
 @Test(expected = TokenRevokedException.class)
 public void testRejectClientSaltChange() throws Exception {
   defaultClient.addAdditionalInformation(ClientConstants.TOKEN_SALT, "changedsalt");
   endpoint.checkToken(accessToken.getValue());
 }
  @Test
  public void verification_link_in_non_default_zone() throws Exception {
    String subdomain = generator.generate().toLowerCase();
    MockMvcUtils.IdentityZoneCreationResult zoneResult =
        utils()
            .createOtherIdentityZoneAndReturnResult(
                subdomain, getMockMvc(), getWebApplicationContext(), null);
    String zonedClientId = "zonedClientId";
    String zonedClientSecret = "zonedClientSecret";
    BaseClientDetails zonedClientDetails =
        (BaseClientDetails)
            utils()
                .createClient(
                    this.getMockMvc(),
                    zoneResult.getZoneAdminToken(),
                    zonedClientId,
                    zonedClientSecret,
                    Collections.singleton("oauth"),
                    null,
                    Arrays.asList(new String[] {"client_credentials"}),
                    "scim.create",
                    null,
                    zoneResult.getIdentityZone());
    zonedClientDetails.setClientSecret(zonedClientSecret);
    String zonedScimCreateToken =
        utils()
            .getClientCredentialsOAuthAccessToken(
                getMockMvc(),
                zonedClientDetails.getClientId(),
                zonedClientDetails.getClientSecret(),
                "scim.create",
                subdomain);

    ScimUser joel = setUpScimUser(zoneResult.getIdentityZone());

    MockHttpServletRequestBuilder get =
        MockMvcRequestBuilders.get("/Users/" + joel.getId() + "/verify-link")
            .header("Host", subdomain + ".localhost")
            .header("Authorization", "Bearer " + zonedScimCreateToken)
            .param("redirect_uri", HTTP_REDIRECT_EXAMPLE_COM)
            .accept(APPLICATION_JSON);

    MvcResult result = getMockMvc().perform(get).andExpect(status().isOk()).andReturn();
    VerificationResponse verificationResponse =
        JsonUtils.readValue(result.getResponse().getContentAsString(), VerificationResponse.class);
    assertThat(
        verificationResponse.getVerifyLink().toString(),
        startsWith("http://" + subdomain + ".localhost/verify_user"));

    String query = verificationResponse.getVerifyLink().getQuery();

    String code = getQueryStringParam(query, "code");
    assertThat(code, is(notNullValue()));

    ExpiringCode expiringCode = codeStore.retrieveCode(code);
    assertThat(expiringCode.getExpiresAt().getTime(), is(greaterThan(System.currentTimeMillis())));
    assertThat(expiringCode.getIntent(), is(REGISTRATION.name()));
    Map<String, String> data =
        JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String, String>>() {});
    assertThat(data.get(InvitationConstants.USER_ID), is(notNullValue()));
    assertThat(data.get(CLIENT_ID), is(zonedClientDetails.getClientId()));
    assertThat(data.get(REDIRECT_URI), is(HTTP_REDIRECT_EXAMPLE_COM));
  }