/** tests that an error occurs if you attempt to use bad client credentials. */ @Test @Ignore // Need a custom auth entry point to get the correct JSON response here. public void testInvalidClient() throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "password"); formData.add("username", resource.getUsername()); formData.add("password", resource.getPassword()); formData.add("scope", "cloud_controller.read"); HttpHeaders headers = new HttpHeaders(); headers.set( "Authorization", "Basic " + new String(Base64.encode("no-such-client:".getBytes("UTF-8")))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers); assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode()); List<String> newCookies = response.getHeaders().get("Set-Cookie"); if (newCookies != null && !newCookies.isEmpty()) { fail("No cookies should be set. Found: " + newCookies.get(0) + "."); } assertEquals( "no-cache, no-store, max-age=0, must-revalidate", response.getHeaders().getFirst("Cache-Control")); assertEquals(401, response.getStatusCode().value()); @SuppressWarnings("unchecked") OAuth2Exception error = OAuth2Exception.valueOf(response.getBody()); assertEquals("Bad credentials", error.getMessage()); assertEquals("invalid_request", error.getOAuth2ErrorCode()); }
private void maybeThrowExceptionFromHeader(String authenticateHeader, String headerType) { headerType = headerType.toLowerCase(); if (authenticateHeader.toLowerCase().startsWith(headerType)) { Map<String, String> headerEntries = StringSplitUtils.splitEachArrayElementAndCreateMap( StringSplitUtils.splitIgnoringQuotes( authenticateHeader.substring(headerType.length()), ','), "=", "\""); throw OAuth2Exception.valueOf(headerEntries); } }