org.cloudfoundry.identity.uaa.integration.RemoteAuthenticationEndpointTests.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.cloudfoundry.identity.uaa.integration.RemoteAuthenticationEndpointTests.java

Introduction

Here is the source code for org.cloudfoundry.identity.uaa.integration.RemoteAuthenticationEndpointTests.java

Source

/*******************************************************************************
 *     Cloud Foundry
 *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 *
 *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *     You may not use this product except in compliance with the License.
 *
 *     This product includes a number of subcomponents with
 *     separate copyright notices and license terms. Your use of these
 *     subcomponents is subject to the terms and conditions of the
 *     subcomponent's license, as noted in the LICENSE file.
 *******************************************************************************/

package org.cloudfoundry.identity.uaa.integration;

import org.apache.commons.codec.binary.Base64;
import org.cloudfoundry.identity.uaa.ServerRunning;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.oauth.UaaOauth2ErrorHandler;
import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import static org.cloudfoundry.identity.uaa.constants.OriginKeys.LDAP;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasKey;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;

/**
 * @author Luke Taylor
 */
public class RemoteAuthenticationEndpointTests {
    @Rule
    public ServerRunning serverRunning = ServerRunning.isRunning();

    private UaaTestAccounts testAccounts = UaaTestAccounts.standard(serverRunning);

    @Test
    public void remoteAuthenticationSucceedsWithCorrectCredentials() throws Exception {
        @SuppressWarnings("rawtypes")
        ResponseEntity<Map> response = authenticate(testAccounts.getUserName(), testAccounts.getPassword(), null);
        assertEquals(HttpStatus.OK, response.getStatusCode());
        assertEquals(testAccounts.getUserName(), response.getBody().get("username"));
        assertEquals(testAccounts.getEmail(), response.getBody().get("email"));
    }

    @Test
    public void remoteAuthenticationSucceedsAndCreatesUser() throws Exception {
        String username = new RandomValueStringGenerator().generate();
        String origin = OriginKeys.LOGIN_SERVER;
        Map<String, Object> info = new HashMap<>();
        info.put("source", "login");
        info.put("add_new", "true");
        info.put(OriginKeys.ORIGIN, origin);
        @SuppressWarnings("rawtypes")
        ResponseEntity<Map> response = authenticate(username, null, info);
        assertEquals(HttpStatus.OK, response.getStatusCode());
        assertEquals(username, response.getBody().get("username"));
        validateOrigin(username, null, origin, info);
    }

    @Test
    public void remoteAuthenticationFailsWithIncorrectCredentials() throws Exception {
        @SuppressWarnings("rawtypes")
        ResponseEntity<Map> response = authenticate(testAccounts.getUserName(), "wrong", null);
        assertFalse(HttpStatus.OK == response.getStatusCode());
        assertFalse(testAccounts.getUserName().equals(response.getBody().get("username")));
    }

    @Test
    public void validateLdapOrKeystoneOrigin() throws Exception {
        String profiles = System.getProperty("spring.profiles.active");
        if (profiles != null && profiles.contains(LDAP)) {
            validateOrigin("marissa3", "ldap3", LDAP, null);
        } else if (profiles != null && profiles.contains("keystone")) {
            validateOrigin("marissa2", "keystone", OriginKeys.KEYSTONE, null);
        } else {
            validateOrigin(testAccounts.getUserName(), testAccounts.getPassword(), OriginKeys.UAA, null);
        }
    }

    public void validateOrigin(String username, String password, String origin, Map<String, Object> info)
            throws Exception {
        ResponseEntity<Map> authResp = authenticate(username, password, info);
        assertEquals(HttpStatus.OK, authResp.getStatusCode());

        HttpHeaders headers = new HttpHeaders();
        headers.add("Authorization", "Bearer " + getScimReadBearerToken());
        ResponseEntity<Map> response = serverRunning.getForObject(
                "/Users" + "?filter=userName eq \"" + username + "\"&attributes=id,userName,origin", Map.class,
                headers);
        Map<String, Object> results = response.getBody();
        assertEquals(HttpStatus.OK, response.getStatusCode());

        assertThat(((Integer) results.get("totalResults")), greaterThan(0));
        List<Map<String, Object>> list = (List<Map<String, Object>>) results.get("resources");
        boolean found = false;
        for (Map<String, Object> user : list) {
            assertThat(user, hasKey("id"));
            assertThat(user, hasKey("userName"));
            assertThat(user, hasKey(OriginKeys.ORIGIN));
            assertThat(user, not(hasKey("name")));
            assertThat(user, not(hasKey("emails")));
            if (user.get("userName").equals(username)) {
                found = true;
                assertEquals(origin, user.get(OriginKeys.ORIGIN));
            }
        }
        assertTrue(found);
    }

    private String getScimReadBearerToken() {
        HttpHeaders accessTokenHeaders = new HttpHeaders();
        String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(
                (testAccounts.getAdminClientId() + ":" + testAccounts.getAdminClientSecret()).getBytes()));
        accessTokenHeaders.add("Authorization", basicDigestHeaderValue);

        LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<>();
        params.add("grant_type", "client_credentials");
        params.add("client_id", testAccounts.getAdminClientId());
        params.add("scope", "scim.read");
        ResponseEntity<Map> tokenResponse = serverRunning.postForMap(serverRunning.getAccessTokenUri(), params,
                accessTokenHeaders);
        return (String) tokenResponse.getBody().get("access_token");
    }

    private String getLoginReadBearerToken() {
        HttpHeaders accessTokenHeaders = new HttpHeaders();
        String basicDigestHeaderValue = "Basic "
                + new String(Base64.encodeBase64(("login:loginsecret").getBytes()));
        accessTokenHeaders.add("Authorization", basicDigestHeaderValue);

        LinkedMultiValueMap<String, String> params = new LinkedMultiValueMap<>();
        params.add("grant_type", "client_credentials");
        params.add("client_id", "login");
        params.add("scope", "oauth.login");
        ResponseEntity<Map> tokenResponse = serverRunning.postForMap(serverRunning.getAccessTokenUri(), params,
                accessTokenHeaders);
        return (String) tokenResponse.getBody().get("access_token");
    }

    @SuppressWarnings("rawtypes")
    ResponseEntity<Map> authenticate(String username, String password, Map<String, Object> additionalParams) {
        RestTemplate restTemplate = new RestTemplate();
        // The default java.net client doesn't allow you to handle 4xx responses
        restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
        if (restTemplate instanceof OAuth2RestTemplate) {
            OAuth2RestTemplate oAuth2RestTemplate = (OAuth2RestTemplate) restTemplate;
            oAuth2RestTemplate.setErrorHandler(
                    new UaaOauth2ErrorHandler(oAuth2RestTemplate.getResource(), HttpStatus.Series.SERVER_ERROR));
        } else {
            restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
                @Override
                protected boolean hasError(HttpStatus statusCode) {
                    return statusCode.series() == HttpStatus.Series.SERVER_ERROR;
                }
            });
        }
        HttpHeaders headers = new HttpHeaders();
        if (additionalParams != null) {
            headers.add("Authorization", "Bearer " + getLoginReadBearerToken());
        }
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));

        MultiValueMap<String, Object> parameters = new LinkedMultiValueMap<String, Object>();
        parameters.set("username", username);
        if (password != null) {
            parameters.set("password", password);
        }
        if (additionalParams != null) {
            parameters.setAll(additionalParams);
        }

        ResponseEntity<Map> result = restTemplate.exchange(serverRunning.getUrl("/authenticate"), HttpMethod.POST,
                new HttpEntity<MultiValueMap<String, Object>>(parameters, headers), Map.class);
        return result;
    }
}