@Test public void testClientWildcard() throws Exception { BaseClientDetails theclient = new BaseClientDetails( "client", "zones", "zones.*.admin", "authorization_code, password", "scim.read, scim.write", "http://*****:*****@vmware.com")); accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue()); }
@Test public void testIssuerInResults() throws Exception { tokenServices.setIssuer("http://some.other.issuer"); tokenServices.afterPropertiesSet(); accessToken = tokenServices.createAccessToken(authentication); Claims result = endpoint.checkToken(accessToken.getValue()); assertNotNull("iss field is not present", result.getIss()); assertEquals("http://some.other.issuer/oauth/token", result.getIss()); }
@Test public void testIssuerInResultsInNonDefaultZone() throws Exception { try { IdentityZone zone = MultitenancyFixture.identityZone("id", "subdomain"); IdentityZoneHolder.set(zone); tokenServices.setIssuer("http://some.other.issuer"); tokenServices.afterPropertiesSet(); accessToken = tokenServices.createAccessToken(authentication); Claims result = endpoint.checkToken(accessToken.getValue()); assertNotNull("iss field is not present", result.getIss()); assertEquals("http://subdomain.some.other.issuer/oauth/token", result.getIss()); } finally { IdentityZoneHolder.clear(); } }
protected void mockUserDatabase(String userId, UaaUser user) { userDatabase = Mockito.mock(UaaUserDatabase.class); Mockito.when(userDatabase.retrieveUserById(Matchers.eq(userId))).thenReturn(user); Mockito.when(userDatabase.retrieveUserById(AdditionalMatchers.not(Matchers.eq(userId)))) .thenThrow(new UsernameNotFoundException("mock")); tokenServices.setUserDatabase(userDatabase); }
@Test(expected = InvalidTokenException.class) public void testExpiredToken() throws Exception { BaseClientDetails clientDetails = new BaseClientDetails( "client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); clientDetails.setAccessTokenValiditySeconds(1); Map<String, ? extends ClientDetails> clientDetailsStore = Collections.singletonMap("client", clientDetails); clientDetailsService.setClientDetailsStore(clientDetailsStore); tokenServices.setClientDetailsService(clientDetailsService); accessToken = tokenServices.createAccessToken(authentication); Thread.sleep(1000); Claims result = endpoint.checkToken(accessToken.getValue()); }
@Test public void testClientOnly() { authentication = new OAuth2Authentication( new AuthorizationRequest("client", Collections.singleton("scim.read")) .createOAuth2Request(), null); accessToken = tokenServices.createAccessToken(authentication); Claims result = endpoint.checkToken(accessToken.getValue()); assertEquals("client", result.getClientId()); assertEquals("client", result.getUserId()); }
@Test public void testSwitchVerifierKey() throws Exception { signerProvider.setSigningKey(alternateSignerKey); signerProvider.setVerifierKey(alternateVerifierKey); signerProvider.afterPropertiesSet(); OAuth2AccessToken alternateToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(alternateToken.getValue()); try { endpoint.checkToken(accessToken.getValue()); fail(); } catch (InvalidTokenException x) { } }
@Test(expected = InvalidTokenException.class) public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception { defaultClient = new BaseClientDetails( "client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap("client", defaultClient); clientDetailsService.setClientDetailsStore(clientDetailsStore); mockUserDatabase(userId, user); authentication = new OAuth2Authentication( new AuthorizationRequest("client", Collections.singleton("scim.read")) .createOAuth2Request(), null); accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue()); }
@Test(expected = InvalidTokenException.class) public void testRejectInvalidIssuer() { tokenServices.setIssuer("http://some.other.issuer"); endpoint.checkToken(accessToken.getValue()); }
@Before public void setUp() { userAuthorities = new ArrayList<>(); userAuthorities.add(new SimpleGrantedAuthority("read")); userAuthorities.add(new SimpleGrantedAuthority("write")); userAuthorities.add(new SimpleGrantedAuthority("zones.myzone.admin")); userAuthorities.addAll(UaaAuthority.USER_AUTHORITIES); user = new UaaUser( userId, userName, "password", userEmail, userAuthorities, "GivenName", "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), "salt", new Date(System.currentTimeMillis() - 2000)); mockUserDatabase(userId, user); authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read")); authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim"))); Map<String, String> requestParameters = new HashMap<>(); authorizationRequest.setRequestParameters(requestParameters); authentication = new OAuth2Authentication( authorizationRequest.createOAuth2Request(), UaaAuthenticationTestFactory.getAuthentication(userId, userName, "*****@*****.**")); signerProvider = new SignerProvider(); signerProvider.setSigningKey(signerKey); signerProvider.setVerifierKey(verifierKey); tokenServices.setSignerProvider(signerProvider); endpoint.setTokenServices(tokenServices); Date oneSecondAgo = new Date(System.currentTimeMillis() - 1000); Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000); approvalStore.addApproval( new Approval() .setUserId(userId) .setClientId("client") .setScope("read") .setExpiresAt(thirtySecondsAhead) .setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(oneSecondAgo)); approvalStore.addApproval( new Approval() .setUserId(userId) .setClientId("client") .setScope("write") .setExpiresAt(thirtySecondsAhead) .setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(oneSecondAgo)); tokenServices.setApprovalStore(approvalStore); tokenServices.setTokenPolicy(new TokenPolicy(43200, 2592000)); defaultClient = new BaseClientDetails( "client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap("client", defaultClient); clientDetailsService.setClientDetailsStore(clientDetailsStore); tokenServices.setClientDetailsService(clientDetailsService); accessToken = tokenServices.createAccessToken(authentication); }