List of usage examples for org.springframework.security.oauth2.provider.client BaseClientDetails getClientId
@org.codehaus.jackson.annotate.JsonIgnore
@com.fasterxml.jackson.annotation.JsonIgnore
public String getClientId()
From source file:org.cloudfoundry.identity.uaa.mock.providers.IdentityProviderEndpointsMockMvcTests.java
@Test public void testRetrieveIdpInZone() throws Exception { BaseClientDetails client = getBaseClientDetails(); ScimUser user = mockMvcUtils.createAdminForZone(getMockMvc(), adminToken, "idps.read,idps.write"); String accessToken = mockMvcUtils.getUserOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.read,idps.write"); String originKey = RandomStringUtils.randomAlphabetic(6); IdentityProvider newIdp = MultitenancyFixture.identityProvider(originKey, IdentityZone.getUaa().getId()); newIdp = createIdentityProvider(null, newIdp, accessToken, status().isCreated()); MockHttpServletRequestBuilder requestBuilder = get("/identity-providers/" + newIdp.getId()) .header("Authorization", "Bearer" + accessToken).contentType(APPLICATION_JSON); MvcResult result = getMockMvc().perform(requestBuilder).andExpect(status().isOk()).andReturn(); IdentityProvider retrieved = JsonUtils.readValue(result.getResponse().getContentAsString(), IdentityProvider.class); assertEquals(newIdp, retrieved);/* w w w . ja v a 2 s. c om*/ }
From source file:org.cloudfoundry.identity.uaa.mock.providers.IdentityProviderEndpointsMockMvcTests.java
@Test public void testRetrieveIdpInZoneWithInsufficientScopes() throws Exception { BaseClientDetails client = getBaseClientDetails(); ScimUser user = mockMvcUtils.createAdminForZone(getMockMvc(), adminToken, "idps.write"); String accessToken = mockMvcUtils.getUserOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.write"); String originKey = RandomStringUtils.randomAlphabetic(6); IdentityProvider newIdp = MultitenancyFixture.identityProvider(originKey, IdentityZone.getUaa().getId()); newIdp = createIdentityProvider(null, newIdp, accessToken, status().isCreated()); MockHttpServletRequestBuilder requestBuilder = get("/identity-providers/" + newIdp.getId()) .header("Authorization", "Bearer" + lowPriviledgeToken).contentType(APPLICATION_JSON); getMockMvc().perform(requestBuilder).andExpect(status().isForbidden()); }
From source file:org.cloudfoundry.identity.uaa.mock.providers.IdentityProviderEndpointsMockMvcTests.java
public String setUpAccessToken() throws Exception { String clientId = RandomStringUtils.randomAlphabetic(6); BaseClientDetails client = new BaseClientDetails(clientId, null, "idps.read,idps.write", "password", null); client.setClientSecret("test-client-secret"); mockMvcUtils.createClient(getMockMvc(), adminToken, client); ScimUser user = mockMvcUtils.createAdminForZone(getMockMvc(), adminToken, "idps.write,idps.read"); return mockMvcUtils.getUserOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.read idps.write"); }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenKeyEndpointMockMvcTests.java
@Test public void get_token_asymmetric_but_authenticated() throws Exception { BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials,password", "uaa.none"); client.setClientSecret("secret"); getWebApplicationContext().getBean(ClientRegistrationService.class).addClientDetails(client); String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64((client.getClientId() + ":secret").getBytes())); MvcResult result = getMockMvc().perform(get("/token_key").accept(MediaType.APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue)).andExpect(status().isOk()).andReturn(); Map<String, Object> key = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); validateKey(key);/*from w ww . j a v a 2 s . c om*/ }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenKeyEndpointMockMvcTests.java
@Test public void get_token_symmetric_authenticated_but_missing_scope() throws Exception { setUp("key"); try {// w w w .jav a 2s . c om BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials,password", "uaa.none"); client.setClientSecret("secret"); getWebApplicationContext().getBean(ClientRegistrationService.class).addClientDetails(client); String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64((client.getClientId() + ":secret").getBytes())); getMockMvc().perform(get("/token_key").accept(MediaType.APPLICATION_JSON).header("Authorization", basicDigestHeaderValue)).andExpect(status().isForbidden()).andReturn(); } finally { setUp(signKey); } }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void revokeOwnJWToken() throws Exception { IdentityZone defaultZone = identityZoneProvisioning.retrieve(IdentityZone.getUaa().getId()); defaultZone.getConfig().getTokenPolicy().setJwtRevocable(true); identityZoneProvisioning.update(defaultZone); try {/*from ww w. ja va 2 s . c o m*/ BaseClientDetails client = new BaseClientDetails(generator.generate(), "", "openid", "client_credentials,password", "clients.write"); client.setClientSecret("secret"); createClient(getMockMvc(), adminToken, client); //this is the token we will revoke String clientToken = getClientCredentialsOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), null, null); Jwt jwt = JwtHelper.decode(clientToken); Map<String, Object> claims = JsonUtils.readValue(jwt.getClaims(), new TypeReference<Map<String, Object>>() { }); String jti = (String) claims.get("jti"); getMockMvc() .perform(delete("/oauth/token/revoke/" + jti).header("Authorization", "Bearer " + clientToken)) .andExpect(status().isOk()); tokenProvisioning.retrieve(jti); } catch (EmptyResultDataAccessException e) { } finally { defaultZone.getConfig().getTokenPolicy().setJwtRevocable(false); identityZoneProvisioning.update(defaultZone); } }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void revokeOtherClientToken() throws Exception { String resourceClientId = generator.generate(); BaseClientDetails resourceClient = new BaseClientDetails(resourceClientId, "", "uaa.resource", "client_credentials,password", "uaa.resource"); resourceClient.setClientSecret("secret"); createClient(getMockMvc(), adminToken, resourceClient); BaseClientDetails client = new BaseClientDetails(generator.generate(), "", "openid", "client_credentials,password", "tokens.revoke"); client.setClientSecret("secret"); createClient(getMockMvc(), adminToken, client); //this is the token we will revoke String revokeAccessToken = getClientCredentialsOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), "tokens.revoke", null, false); String tokenToBeRevoked = getClientCredentialsOAuthAccessToken(getMockMvc(), resourceClientId, resourceClient.getClientSecret(), null, null, true); getMockMvc().perform(delete("/oauth/token/revoke/" + tokenToBeRevoked).header("Authorization", "Bearer " + revokeAccessToken)).andExpect(status().isOk()); try {// www .ja va 2 s . c om tokenProvisioning.retrieve(tokenToBeRevoked); fail("Token should have been deleted"); } catch (EmptyResultDataAccessException e) { //expected } }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void revokeOtherClientTokenForbidden() throws Exception { String resourceClientId = generator.generate(); BaseClientDetails resourceClient = new BaseClientDetails(resourceClientId, "", "uaa.resource", "client_credentials,password", "uaa.resource"); resourceClient.setClientSecret("secret"); createClient(getMockMvc(), adminToken, resourceClient); BaseClientDetails client = new BaseClientDetails(generator.generate(), "", "openid", "client_credentials,password", null); client.setClientSecret("secret"); createClient(getMockMvc(), adminToken, client); //this is the token we will revoke String revokeAccessToken = getClientCredentialsOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), null, null, false); String tokenToBeRevoked = getClientCredentialsOAuthAccessToken(getMockMvc(), resourceClientId, resourceClient.getClientSecret(), null, null, true); getMockMvc().perform(delete("/oauth/token/revoke/" + tokenToBeRevoked).header("Authorization", "Bearer " + revokeAccessToken)).andExpect(status().isForbidden()); }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void test_Revoke_Client_And_User_Tokens() throws Exception { BaseClientDetails client = getAClientWithClientsRead(); BaseClientDetails otherClient = getAClientWithClientsRead(); //this is the token we will revoke String readClientsToken = getClientCredentialsOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), null, null); //this is the token from another client String otherReadClientsToken = getClientCredentialsOAuthAccessToken(getMockMvc(), otherClient.getClientId(), otherClient.getClientSecret(), null, null); //ensure our token works getMockMvc().perform(get("/oauth/clients").header("Authorization", "Bearer " + readClientsToken)) .andExpect(status().isOk()); //ensure we can't get to the endpoint without authentication getMockMvc().perform(get("/oauth/token/revoke/client/" + client.getClientId())) .andExpect(status().isUnauthorized()); //ensure we can't get to the endpoint without correct scope getMockMvc().perform(get("/oauth/token/revoke/client/" + client.getClientId()).header("Authorization", "Bearer " + otherReadClientsToken)).andExpect(status().isForbidden()); //ensure that we have the correct error for invalid client id getMockMvc().perform(get("/oauth/token/revoke/client/notfound" + generator.generate()) .header("Authorization", "Bearer " + adminToken)).andExpect(status().isNotFound()); //we revoke the tokens for that client getMockMvc().perform(get("/oauth/token/revoke/client/" + client.getClientId()).header("Authorization", "Bearer " + adminToken)).andExpect(status().isOk()); //we should fail attempting to use the token getMockMvc().perform(get("/oauth/clients").header("Authorization", "Bearer " + readClientsToken)) .andExpect(status().isUnauthorized()) .andExpect(content().string(containsString("\"error\":\"invalid_token\""))); ScimUser user = new ScimUser(null, generator.generate(), "Given Name", "Family Name"); user.setPrimaryEmail(user.getUserName() + "@test.org"); user.setPassword("password"); user = createUser(getMockMvc(), adminToken, user); user.setPassword("password"); String userInfoToken = getUserOAuthAccessToken(getMockMvc(), client.getClientId(), client.getClientSecret(), user.getUserName(), user.getPassword(), "openid"); //ensure our token works getMockMvc().perform(get("/userinfo").header("Authorization", "Bearer " + userInfoToken)) .andExpect(status().isOk()); //we revoke the tokens for that user getMockMvc().perform(get("/oauth/token/revoke/user/" + user.getId() + "notfound").header("Authorization", "Bearer " + adminToken)).andExpect(status().isNotFound()); //we revoke the tokens for that user getMockMvc().perform(// ww w. j a v a 2s . co m get("/oauth/token/revoke/user/" + user.getId()).header("Authorization", "Bearer " + adminToken)) .andExpect(status().isOk()); getMockMvc().perform(get("/userinfo").header("Authorization", "Bearer " + userInfoToken)) .andExpect(status().isUnauthorized()) .andExpect(content().string(containsString("\"error\":\"invalid_token\""))); }
From source file:org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.java
public static ZoneScimInviteData createZoneForInvites(MockMvc mockMvc, ApplicationContext context, String clientId, String redirectUri) throws Exception { RandomValueStringGenerator generator = new RandomValueStringGenerator(); String superAdmin = getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", "", null); IdentityZoneCreationResult zone = utils() .createOtherIdentityZoneAndReturnResult(generator.generate().toLowerCase(), mockMvc, context, null); BaseClientDetails appClient = new BaseClientDetails("app", "", "scim.invite", "client_credentials,password,authorization_code", "uaa.admin,clients.admin,scim.write,scim.read,scim.invite", redirectUri); appClient.setClientSecret("secret"); appClient = utils().createClient(mockMvc, zone.getZoneAdminToken(), appClient, zone.getIdentityZone()); appClient.setClientSecret("secret"); String adminToken = utils().getClientCredentialsOAuthAccessToken(mockMvc, appClient.getClientId(), appClient.getClientSecret(), "", zone.getIdentityZone().getSubdomain()); String username = new RandomValueStringGenerator().generate().toLowerCase() + "@example.com"; ScimUser user = new ScimUser(clientId, username, "given-name", "family-name"); user.setPrimaryEmail(username);//from w w w . ja v a2 s . c om user.setPassword("password"); user = createUserInZone(mockMvc, adminToken, user, zone.getIdentityZone().getSubdomain()); user.setPassword("password"); ScimGroup group = new ScimGroup("scim.invite"); group.setMembers(Arrays.asList(new ScimGroupMember(user.getId(), USER, Arrays.asList(MEMBER)))); return new ZoneScimInviteData(adminToken, zone, appClient, superAdmin); }