@Test
public void testClientWildcard() throws Exception {
BaseClientDetails theclient =
new BaseClientDetails(
"client",
"zones",
"zones.*.admin",
"authorization_code, password",
"scim.read, scim.write",
"http://*****:*****@vmware.com"));
accessToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(accessToken.getValue());
}
@Before
public void setUp() {
mockUserDatabase(userId, user);
authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
Map<String, String> requestParameters = new HashMap<>();
authorizationRequest.setRequestParameters(requestParameters);
authentication =
new OAuth2Authentication(
authorizationRequest.createOAuth2Request(),
UaaAuthenticationTestFactory.getAuthentication(userId, userName, "*****@*****.**"));
signerProvider = new SignerProvider();
signerProvider.setSigningKey(signerKey);
signerProvider.setVerifierKey(verifierKey);
tokenServices.setSignerProvider(signerProvider);
endpoint.setTokenServices(tokenServices);
Date oneSecondAgo = new Date(System.currentTimeMillis() - 1000);
Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000);
approvalStore.addApproval(
new Approval(
userId, "client", "read", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
approvalStore.addApproval(
new Approval(
userId, "client", "write", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
tokenServices.setApprovalStore(approvalStore);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
}
@Test
public void testIssuerInResults() throws Exception {
tokenServices.setIssuer("http://some.other.issuer");
tokenServices.afterPropertiesSet();
accessToken = tokenServices.createAccessToken(authentication);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
assertNotNull("iss field is not present", result.get("iss"));
assertEquals("http://some.other.issuer/oauth/token", result.get("iss"));
}
@Test
public void testIssuerInResultsInNonDefaultZone() throws Exception {
try {
IdentityZoneHolder.set(MultitenancyFixture.identityZone("id", "subdomain"));
tokenServices.setIssuer("http://some.other.issuer");
tokenServices.afterPropertiesSet();
accessToken = tokenServices.createAccessToken(authentication);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
assertNotNull("iss field is not present", result.get("iss"));
assertEquals("http://subdomain.some.other.issuer/oauth/token", result.get("iss"));
} finally {
IdentityZoneHolder.clear();
}
}
protected void mockUserDatabase(String userId, UaaUser user) {
userDatabase = mock(UaaUserDatabase.class);
when(userDatabase.retrieveUserById(eq(userId))).thenReturn(user);
when(userDatabase.retrieveUserById(not(eq(userId))))
.thenThrow(new UsernameNotFoundException("mock"));
tokenServices.setUserDatabase(userDatabase);
}
@Test(expected = InvalidTokenException.class)
public void testExpiredToken() throws Exception {
BaseClientDetails clientDetails =
new BaseClientDetails(
"client",
"scim, cc",
"read, write",
"authorization_code, password",
"scim.read, scim.write",
"http://localhost:8080/uaa");
clientDetails.setAccessTokenValiditySeconds(1);
Map<String, ? extends ClientDetails> clientDetailsStore =
Collections.singletonMap("client", clientDetails);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
Thread.sleep(1000);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
}
@Test
public void testClientOnly() {
authentication =
new OAuth2Authentication(
new AuthorizationRequest("client", Collections.singleton("read")).createOAuth2Request(),
null);
accessToken = tokenServices.createAccessToken(authentication);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
assertEquals("client", result.get("client_id"));
assertEquals("client", result.get("user_id"));
}
@Test
public void testSwitchVerifierKey() throws Exception {
signerProvider.setSigningKey(alternateSignerKey);
signerProvider.setVerifierKey(alternateVerifierKey);
signerProvider.afterPropertiesSet();
OAuth2AccessToken alternateToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(alternateToken.getValue());
try {
endpoint.checkToken(accessToken.getValue());
fail();
} catch (InvalidTokenException x) {
}
}
@Test(expected = InvalidTokenException.class)
public void testRejectInvalidIssuer() {
tokenServices.setIssuer("http://some.other.issuer");
endpoint.checkToken(accessToken.getValue());
}