@Test
public void testClientWildcard() throws Exception {
BaseClientDetails theclient =
new BaseClientDetails(
"client",
"zones",
"zones.*.admin",
"authorization_code, password",
"scim.read, scim.write",
"http://*****:*****@vmware.com"));
accessToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(accessToken.getValue());
}
public ResourceOwnerPasswordTokenGranterTests() {
String clientId = "client";
BaseClientDetails clientDetails = new BaseClientDetails();
clientDetails.setClientId(clientId);
providerTokenServices.setTokenStore(new InMemoryTokenStore());
Map<String, String> parameters = new HashMap<String, String>();
parameters.put("username", "foo");
parameters.put("password", "bar");
parameters.put("client_id", clientId);
tokenRequest = requestFactory.createTokenRequest(parameters, clientDetails);
}
@Test(expected = InvalidClientException.class)
public void testGrantTypeNotSupported() {
ResourceOwnerPasswordTokenGranter granter =
new ResourceOwnerPasswordTokenGranter(
authenticationManager, providerTokenServices,
clientDetailsService, requestFactory);
client.setAuthorizedGrantTypes(Collections.singleton("client_credentials"));
granter.grant("password", tokenRequest);
}
@Test(expected = InvalidTokenException.class)
public void testExpiredToken() throws Exception {
BaseClientDetails clientDetails =
new BaseClientDetails(
"client",
"scim, cc",
"read, write",
"authorization_code, password",
"scim.read, scim.write",
"http://localhost:8080/uaa");
clientDetails.setAccessTokenValiditySeconds(1);
Map<String, ? extends ClientDetails> clientDetailsStore =
Collections.singletonMap("client", clientDetails);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
Thread.sleep(1000);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
}
@Test
public void testCreateZoneWithClient() throws IOException {
IdentityZone idZone = new IdentityZone();
String id = UUID.randomUUID().toString();
idZone.setId(id);
idZone.setSubdomain(id);
idZone.setName("testCreateZone() " + id);
ResponseEntity<Void> response =
client.exchange(
serverRunning.getUrl("/identity-zones"),
HttpMethod.POST,
new HttpEntity<>(idZone),
new ParameterizedTypeReference<Void>() {},
id);
assertEquals(HttpStatus.CREATED, response.getStatusCode());
BaseClientDetails clientDetails =
new BaseClientDetails("test123", null, "openid", "authorization_code", "uaa.resource");
clientDetails.setClientSecret("testSecret");
clientDetails.addAdditionalInformation(
ClientConstants.ALLOWED_PROVIDERS, Collections.singleton(Origin.UAA));
ResponseEntity<Void> clientCreateResponse =
client.exchange(
serverRunning.getUrl("/identity-zones/" + id + "/clients"),
HttpMethod.POST,
new HttpEntity<>(clientDetails),
new ParameterizedTypeReference<Void>() {},
id);
assertEquals(HttpStatus.CREATED, clientCreateResponse.getStatusCode());
ResponseEntity<Void> clientDeleteResponse =
client.exchange(
serverRunning.getUrl(
"/identity-zones/" + id + "/clients/" + clientDetails.getClientId()),
HttpMethod.DELETE,
null,
new ParameterizedTypeReference<Void>() {},
id);
assertEquals(HttpStatus.OK, clientDeleteResponse.getStatusCode());
}
@Test
public void testAuthorizationServerOverride() {
this.context = new AnnotationConfigEmbeddedWebApplicationContext();
EnvironmentTestUtils.addEnvironment(this.context, "security.oauth2.resourceId:resource-id");
this.context.register(
AuthorizationAndResourceServerConfiguration.class,
CustomAuthorizationServer.class,
MinimalSecureWebApplication.class);
this.context.refresh();
BaseClientDetails config = new BaseClientDetails();
config.setClientId("client");
config.setClientSecret("secret");
config.setResourceIds(Arrays.asList("resource-id"));
config.setAuthorizedGrantTypes(Arrays.asList("password"));
config.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
config.setScope(Arrays.asList("read"));
assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG), equalTo(0));
assertThat(countBeans(RESOURCE_SERVER_CONFIG), equalTo(1));
verifyAuthentication(config);
}
@Test(expected = TokenRevokedException.class)
public void testRejectClientPasswordChange() throws Exception {
defaultClient.setClientSecret("changedsecret");
endpoint.checkToken(accessToken.getValue());
}
@Test(expected = TokenRevokedException.class)
public void testRejectClientSaltChange() throws Exception {
defaultClient.addAdditionalInformation(ClientConstants.TOKEN_SALT, "changedsalt");
endpoint.checkToken(accessToken.getValue());
}
@Test
public void verification_link_in_non_default_zone() throws Exception {
String subdomain = generator.generate().toLowerCase();
MockMvcUtils.IdentityZoneCreationResult zoneResult =
utils()
.createOtherIdentityZoneAndReturnResult(
subdomain, getMockMvc(), getWebApplicationContext(), null);
String zonedClientId = "zonedClientId";
String zonedClientSecret = "zonedClientSecret";
BaseClientDetails zonedClientDetails =
(BaseClientDetails)
utils()
.createClient(
this.getMockMvc(),
zoneResult.getZoneAdminToken(),
zonedClientId,
zonedClientSecret,
Collections.singleton("oauth"),
null,
Arrays.asList(new String[] {"client_credentials"}),
"scim.create",
null,
zoneResult.getIdentityZone());
zonedClientDetails.setClientSecret(zonedClientSecret);
String zonedScimCreateToken =
utils()
.getClientCredentialsOAuthAccessToken(
getMockMvc(),
zonedClientDetails.getClientId(),
zonedClientDetails.getClientSecret(),
"scim.create",
subdomain);
ScimUser joel = setUpScimUser(zoneResult.getIdentityZone());
MockHttpServletRequestBuilder get =
MockMvcRequestBuilders.get("/Users/" + joel.getId() + "/verify-link")
.header("Host", subdomain + ".localhost")
.header("Authorization", "Bearer " + zonedScimCreateToken)
.param("redirect_uri", HTTP_REDIRECT_EXAMPLE_COM)
.accept(APPLICATION_JSON);
MvcResult result = getMockMvc().perform(get).andExpect(status().isOk()).andReturn();
VerificationResponse verificationResponse =
JsonUtils.readValue(result.getResponse().getContentAsString(), VerificationResponse.class);
assertThat(
verificationResponse.getVerifyLink().toString(),
startsWith("http://" + subdomain + ".localhost/verify_user"));
String query = verificationResponse.getVerifyLink().getQuery();
String code = getQueryStringParam(query, "code");
assertThat(code, is(notNullValue()));
ExpiringCode expiringCode = codeStore.retrieveCode(code);
assertThat(expiringCode.getExpiresAt().getTime(), is(greaterThan(System.currentTimeMillis())));
assertThat(expiringCode.getIntent(), is(REGISTRATION.name()));
Map<String, String> data =
JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String, String>>() {});
assertThat(data.get(InvitationConstants.USER_ID), is(notNullValue()));
assertThat(data.get(CLIENT_ID), is(zonedClientDetails.getClientId()));
assertThat(data.get(REDIRECT_URI), is(HTTP_REDIRECT_EXAMPLE_COM));
}