cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Adding a scope test
Date Thu, 28 Jan 2016 15:58:39 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 746914a50 -> fadc6492c


Adding a scope test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fadc6492
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fadc6492
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fadc6492

Branch: refs/heads/master
Commit: fadc6492c9b6181533ed56d67aaabd8a141c7be2
Parents: 746914a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jan 28 15:38:27 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jan 28 15:38:27 2016 +0000

----------------------------------------------------------------------
 .../security/oauth2/common/OAuth2TestUtils.java | 22 ++++++++++++++-
 .../oauth2/grants/AuthorizationGrantTest.java   | 29 ++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/fadc6492/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index ff8862f..aac8b5b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -44,6 +44,7 @@ import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.junit.Assert;
 
 /**
  * Some test utils for the OAuth 2.0 tests
@@ -63,6 +64,11 @@ public final class OAuth2TestUtils {
     }
     
     public static String getAuthorizationCode(WebClient client, String scope, String consumerId)
{
+        return getAuthorizationCode(client, scope, consumerId, null, null);
+    }
+    
+    public static String getAuthorizationCode(WebClient client, String scope, String consumerId,
+                                              String nonce, String state) {
         // Make initial authorization request
         client.type("application/json").accept("application/json");
         client.query("client_id", consumerId);
@@ -71,6 +77,13 @@ public final class OAuth2TestUtils {
         if (scope != null) {
             client.query("scope", scope);
         }
+        if (nonce != null) {
+            client.query("nonce", nonce);
+        }
+        if (state != null) {
+            client.query("state", state);
+        }
+
         client.path("authorize/");
         Response response = client.get();
 
@@ -87,10 +100,17 @@ public final class OAuth2TestUtils {
         if (authzData.getProposedScope() != null) {
             form.param("scope", authzData.getProposedScope());
         }
+        if (authzData.getState() != null) {
+            form.param("state", authzData.getState());
+        }
         form.param("oauthDecision", "allow");
 
         response = client.post(form);
-        String location = response.getHeaderString("Location"); 
+        String location = response.getHeaderString("Location");
+        if (state != null) {
+            Assert.assertTrue(location.contains("state=" + state));
+        }
+
         return getSubstring(location, "code");
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/fadc6492/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index acdc61b..b39a80e 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -184,6 +184,35 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
     }
     
     @org.junit.Test
+    public void testAuthorizationCodeGrantWithState() throws Exception {
+        URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
+
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+        // Get Authorization Code
+        String state = "1234566789";
+        String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance", "consumer-id",
+                                                           null, state);
+        assertNotNull(code);
+
+        // Now get the access token
+        client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                  "consumer-id", "this-is-a-secret", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+        ClientAccessToken accessToken = 
+            OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+        assertNotNull(accessToken.getTokenKey());
+    }
+    
+    @org.junit.Test
     public void testAuthorizationCodeGrantWithAudience() throws Exception {
         URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
 


Mime
View raw message