@Bean
protected ClientDetailsService clientDetailsService() {
InMemoryClientDetailsService service = new InMemoryClientDetailsService();
service.setClientDetailsStore(
Collections.singletonMap(
"client", new BaseClientDetails("client", null, null, null, null)));
return service;
}
@Test
public void testClientWildcard() throws Exception {
BaseClientDetails theclient =
new BaseClientDetails(
"client",
"zones",
"zones.*.admin",
"authorization_code, password",
"scim.read, scim.write",
"http://*****:*****@vmware.com"));
accessToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(accessToken.getValue());
}
@Before
public void setUp() {
mockUserDatabase(userId, user);
authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
Map<String, String> requestParameters = new HashMap<>();
authorizationRequest.setRequestParameters(requestParameters);
authentication =
new OAuth2Authentication(
authorizationRequest.createOAuth2Request(),
UaaAuthenticationTestFactory.getAuthentication(userId, userName, "*****@*****.**"));
signerProvider = new SignerProvider();
signerProvider.setSigningKey(signerKey);
signerProvider.setVerifierKey(verifierKey);
tokenServices.setSignerProvider(signerProvider);
endpoint.setTokenServices(tokenServices);
Date oneSecondAgo = new Date(System.currentTimeMillis() - 1000);
Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000);
approvalStore.addApproval(
new Approval(
userId, "client", "read", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
approvalStore.addApproval(
new Approval(
userId, "client", "write", thirtySecondsAhead, ApprovalStatus.APPROVED, oneSecondAgo));
tokenServices.setApprovalStore(approvalStore);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
}
@Test(expected = InvalidTokenException.class)
public void revokingScopesFromClient_invalidatesToken() throws Exception {
defaultClient =
new BaseClientDetails(
"client",
"scim, cc",
"write",
"authorization_code, password",
"scim.read, scim.write",
"http://localhost:8080/uaa");
clientDetailsStore = Collections.singletonMap("client", defaultClient);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
endpoint.checkToken(accessToken.getValue());
}
@Test(expected = InvalidTokenException.class)
public void testExpiredToken() throws Exception {
BaseClientDetails clientDetails =
new BaseClientDetails(
"client",
"scim, cc",
"read, write",
"authorization_code, password",
"scim.read, scim.write",
"http://localhost:8080/uaa");
clientDetails.setAccessTokenValiditySeconds(1);
Map<String, ? extends ClientDetails> clientDetailsStore =
Collections.singletonMap("client", clientDetails);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
Thread.sleep(1000);
Map<String, ?> result = endpoint.checkToken(accessToken.getValue());
}
@Test(expected = InvalidTokenException.class)
public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception {
defaultClient =
new BaseClientDetails(
"client",
"scim, cc",
"write,read",
"authorization_code, password",
"scim.write",
"http://localhost:8080/uaa");
clientDetailsStore = Collections.singletonMap("client", defaultClient);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
mockUserDatabase(userId, user);
authentication =
new OAuth2Authentication(
new AuthorizationRequest("client", Collections.singleton("scim.read"))
.createOAuth2Request(),
null);
accessToken = tokenServices.createAccessToken(authentication);
endpoint.checkToken(accessToken.getValue());
}
@Before
public void setUp() {
userAuthorities = new ArrayList<>();
userAuthorities.add(new SimpleGrantedAuthority("read"));
userAuthorities.add(new SimpleGrantedAuthority("write"));
userAuthorities.add(new SimpleGrantedAuthority("zones.myzone.admin"));
userAuthorities.addAll(UaaAuthority.USER_AUTHORITIES);
user =
new UaaUser(
userId,
userName,
"password",
userEmail,
userAuthorities,
"GivenName",
"FamilyName",
new Date(System.currentTimeMillis() - 2000),
new Date(System.currentTimeMillis() - 2000),
OriginKeys.UAA,
"externalId",
false,
IdentityZoneHolder.get().getId(),
"salt",
new Date(System.currentTimeMillis() - 2000));
mockUserDatabase(userId, user);
authorizationRequest = new AuthorizationRequest("client", Collections.singleton("read"));
authorizationRequest.setResourceIds(new HashSet<>(Arrays.asList("client", "scim")));
Map<String, String> requestParameters = new HashMap<>();
authorizationRequest.setRequestParameters(requestParameters);
authentication =
new OAuth2Authentication(
authorizationRequest.createOAuth2Request(),
UaaAuthenticationTestFactory.getAuthentication(userId, userName, "*****@*****.**"));
signerProvider = new SignerProvider();
signerProvider.setSigningKey(signerKey);
signerProvider.setVerifierKey(verifierKey);
tokenServices.setSignerProvider(signerProvider);
endpoint.setTokenServices(tokenServices);
Date oneSecondAgo = new Date(System.currentTimeMillis() - 1000);
Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000);
approvalStore.addApproval(
new Approval()
.setUserId(userId)
.setClientId("client")
.setScope("read")
.setExpiresAt(thirtySecondsAhead)
.setStatus(ApprovalStatus.APPROVED)
.setLastUpdatedAt(oneSecondAgo));
approvalStore.addApproval(
new Approval()
.setUserId(userId)
.setClientId("client")
.setScope("write")
.setExpiresAt(thirtySecondsAhead)
.setStatus(ApprovalStatus.APPROVED)
.setLastUpdatedAt(oneSecondAgo));
tokenServices.setApprovalStore(approvalStore);
tokenServices.setTokenPolicy(new TokenPolicy(43200, 2592000));
defaultClient =
new BaseClientDetails(
"client",
"scim, cc",
"read, write",
"authorization_code, password",
"scim.read, scim.write",
"http://localhost:8080/uaa");
clientDetailsStore = Collections.singletonMap("client", defaultClient);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
tokenServices.setClientDetailsService(clientDetailsService);
accessToken = tokenServices.createAccessToken(authentication);
}