/** tests that an error occurs if you attempt to use bad client credentials. */
@Test
@Ignore
// Need a custom auth entry point to get the correct JSON response here.
public void testInvalidClient() throws Exception {
MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>();
formData.add("grant_type", "password");
formData.add("username", resource.getUsername());
formData.add("password", resource.getPassword());
formData.add("scope", "cloud_controller.read");
HttpHeaders headers = new HttpHeaders();
headers.set(
"Authorization", "Basic " + new String(Base64.encode("no-such-client:".getBytes("UTF-8"))));
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
@SuppressWarnings("rawtypes")
ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers);
assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
List<String> newCookies = response.getHeaders().get("Set-Cookie");
if (newCookies != null && !newCookies.isEmpty()) {
fail("No cookies should be set. Found: " + newCookies.get(0) + ".");
}
assertEquals(
"no-cache, no-store, max-age=0, must-revalidate",
response.getHeaders().getFirst("Cache-Control"));
assertEquals(401, response.getStatusCode().value());
@SuppressWarnings("unchecked")
OAuth2Exception error = OAuth2Exception.valueOf(response.getBody());
assertEquals("Bad credentials", error.getMessage());
assertEquals("invalid_request", error.getOAuth2ErrorCode());
}
private void maybeThrowExceptionFromHeader(String authenticateHeader, String headerType) {
headerType = headerType.toLowerCase();
if (authenticateHeader.toLowerCase().startsWith(headerType)) {
Map<String, String> headerEntries =
StringSplitUtils.splitEachArrayElementAndCreateMap(
StringSplitUtils.splitIgnoringQuotes(
authenticateHeader.substring(headerType.length()), ','),
"=",
"\"");
throw OAuth2Exception.valueOf(headerEntries);
}
}
