oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stein Welberg <st...@innovation-district.com>
Subject Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test: java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/ resources/
Date Wed, 15 May 2013 21:50:56 GMT
I agree,

However these issues (and the fix) were really related to each other. (And I was a little
to eager to take on both at the same time ;-))

Also OLTU-5 and OLTU-31 were the same issues..

Regards,
Stein

On 15 mei 2013, at 23:34, Simone Tripodi <simonetripodi@apache.org> wrote:

> Hi Stein,
> 
> thanks - having new energies on Oltu is priceless!!!
> 
> I'd suggest to get a little step back to our old best-practices,
> splitting commits per issue, otherwise it is not easy to understand
> which changes are related to OLTU-16, which to OLTU-31 and which to
> OLTU-5.
> 
> WDYT?
> Tia and all the best!
> -Simo
> 
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
> 
> 
> On Wed, May 15, 2013 at 10:56 PM,  <stein@apache.org> wrote:
>> Author: stein
>> Date: Wed May 15 20:56:34 2013
>> New Revision: 1483076
>> 
>> URL: http://svn.apache.org/r1483076
>> Log:
>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>> 
>> Added:
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
>>      - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>> Modified:
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>>    oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>> 
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
>> @@ -38,10 +38,8 @@ import org.junit.Test;
>>  */
>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>> 
>> -
>>     @Test
>>     public void testSuccessfullAccesToken() throws Exception {
>> -
>>         OAuthClientRequest request = OAuthClientRequest
>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
>>         OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>         assertNotNull(response.getAccessToken());
>>         assertNotNull(response.getExpiresIn());
>> -
>> -
>>     }
>> 
>>     @Test
>> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
>> -
>> +    public void testInvalidClientCredentials() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>> -            .setCode(Common.AUTHORIZATION_CODE)
>>             .setRedirectURI(Common.REDIRECT_URL)
>> +            .setCode(Common.AUTHORIZATION_CODE)
>>             .setClientId(Common.CLIENT_ID)
>> -            .setClientSecret(Common.CLIENT_SECRET)
>> -            .buildQueryMessage();
>> +            .setClientSecret("wrongSecret")
>> +            .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>> -        assertNotNull(response.getAccessToken());
>> -        assertNotNull(response.getExpiresIn());
>> -
>> 
>> +        try {
>> +            oAuthClient.accessToken(request);
>> +            fail("exception expected");
>> +        } catch (OAuthProblemException e) {
>> +            assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
>> +        }
>>     }
>> 
>>     @Test
>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(null)
>>             .setClientId(Common.CLIENT_ID)
>> +            .setClientSecret(Common.CLIENT_SECRET)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>             .setCode(Common.AUTHORIZATION_CODE)
>>             .setClientId("unknownid")
>> +            .setClientSecret(Common.CLIENT_SECRET)
>>             .setRedirectURI(Common.REDIRECT_URL)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>         }
>>     }
>> 
>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
>>             .setCode(Common.AUTHORIZATION_CODE)
>>             .setRedirectURI(Common.REDIRECT_URL)
>>             .setClientId(Common.CLIENT_ID)
>> +            .setClientSecret(Common.CLIENT_SECRET)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthclient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>>             assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>         }
>> -
>>     }
>> 
>>     @Test
>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
>>             .setRedirectURI(Common.REDIRECT_URL)
>>             .setCode("unknown_code")
>>             .setClientId(Common.CLIENT_ID)
>> +            .setClientSecret(Common.CLIENT_SECRET)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>         }
>> -
>>     }
>> }
>> \ No newline at end of file
>> 
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
(original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
Wed May 15 20:56:34 2013
>> @@ -78,7 +78,7 @@ public final class Common {
>>     public static final String HEADER_AUTHORIZATION = "Authorization";
>> 
>>     public static final String AUTHORIZATION_CODE = "known_authz_code";
>> -
>> +    public static final String STATE = "abcde";
>> 
>>     public static final String ASSERTION = "<samlp:AuthnRequest\n"
>>         + "   xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
>> @@ -96,6 +96,7 @@ public final class Common {
>>     public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>> 
>>     public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
>> +    public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
>>     public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
>>     public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
>>     public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>> 
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
(original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
Wed May 15 20:56:34 2013
>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>> 
>>     @Test
>>     public void testWrongParametersEndUserAuthorization() throws Exception {
>> -
>> -
>>         OAuthClientRequest request = OAuthClientRequest
>>             .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>             .setClientId(Common.CLIENT_ID)
>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>> 
>>     @Test
>>     public void testCorrectParametersEndUserAuthorization() throws Exception {
>> -
>>         OAuthClientRequest request = OAuthClientRequest
>>             .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>             .setClientId(Common.CLIENT_ID)
>>             .setRedirectURI(Common.REDIRECT_URL + "1")
>>             .setResponseType(ResponseType.CODE.toString())
>> +            .setState(Common.STATE)
>>             .buildQueryMessage();
>> 
>>         Common.doRequest(request);
>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
>>     @GET
>>     @Path("/redirect")
>>     public Response callback(@Context HttpServletRequest request) throws Exception
{
>> -
>>         OAuthClientResponse resp = null;
>>         try {
>>             OAuthAuthzResponse.oauthCodeAuthzResponse(request);
>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
>>             assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
>>         }
>> 
>> -
>>         return Response.ok().build();
>>     }
>> 
>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
>>             fail("exception not expected");
>>         }
>> 
>> -
>>         return Response.ok().build();
>>     }
>> 
>> 
>> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
(from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
>> @@ -36,60 +36,34 @@ import org.junit.Test;
>>  *
>>  *
>>  */
>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>> -
>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest
{
>> 
>>     @Test
>> -    public void testSuccessfullAccesToken() throws Exception {
>> -
>> +    public void testSuccessfulAccessToken() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>             .setCode(Common.AUTHORIZATION_CODE)
>>             .setRedirectURI(Common.REDIRECT_URL)
>>             .setClientId(Common.CLIENT_ID)
>> -            .setClientSecret(Common.CLIENT_SECRET)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>         OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>         assertNotNull(response.getAccessToken());
>>         assertNotNull(response.getExpiresIn());
>> -
>> -
>> -    }
>> -
>> -    @Test
>> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
>> -
>> -        OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> -            .setGrantType(GrantType.AUTHORIZATION_CODE)
>> -            .setCode(Common.AUTHORIZATION_CODE)
>> -            .setRedirectURI(Common.REDIRECT_URL)
>> -            .setClientId(Common.CLIENT_ID)
>> -            .setClientSecret(Common.CLIENT_SECRET)
>> -            .buildQueryMessage();
>> -
>> -        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>> -        assertNotNull(response.getAccessToken());
>> -        assertNotNull(response.getExpiresIn());
>> -
>> -
>>     }
>> 
>>     @Test
>>     public void testNoneGrantType() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(null)
>>             .setClientId(Common.CLIENT_ID)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
>>     @Test
>>     public void testInvalidRequest() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setClientId(Common.CLIENT_ID)
>>             .buildBodyMessage();
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
>>     @Test
>>     public void testInvalidClient() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>             .setCode(Common.AUTHORIZATION_CODE)
>>             .setClientId("unknownid")
>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>> 
>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>         }
>>     }
>> 
>>     @Test
>>     public void testInvalidGrantType() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
>>             .setCode(Common.AUTHORIZATION_CODE)
>>             .setRedirectURI(Common.REDIRECT_URL)
>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>> 
>>         OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>> 
>> -
>>         try {
>>             oAuthclient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>>             assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>         }
>> -
>>     }
>> 
>>     @Test
>>     public void testInvalidCode() throws Exception {
>>         OAuthClientRequest request = OAuthClientRequest
>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>             .setRedirectURI(Common.REDIRECT_URL)
>>             .setCode("unknown_code")
>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
>>             oAuthClient.accessToken(request);
>>             fail("exception expected");
>>         } catch (OAuthProblemException e) {
>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>         }
>> -
>>     }
>> }
>> \ No newline at end of file
>> 
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
(original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
Wed May 15 20:56:34 2013
>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
>> @Path("/token")
>> public class TokenEndpoint {
>> 
>> +    public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication
failed (e.g., unknown client, no client authentication included, or unsupported authentication
method).";
>> +
>>     @POST
>>     @Consumes("application/x-www-form-urlencoded")
>>     @Produces("application/json")
>> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>> 
>>         try {
>>             oauthRequest = new OAuthTokenRequest(request);
>> -
>> -            //check if clientid is valid
>> -            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
>> +
>> +            // check if clientid is valid
>> +            if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
>>                 OAuthResponse response =
>>                     OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> -                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
>> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>> +                        .buildJSONMessage();
>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +            }
>> +
>> +            // check if client_secret is valid
>> +            if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) {
>> +                OAuthResponse response =
>> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
>> +                        .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>>                         .buildJSONMessage();
>>                 return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>             }
>> 
>> -            //do checking for different grant types
>> +            // do checking for different grant types
>>             if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>                 .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>>                 if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
>> @@ -97,6 +108,7 @@ public class TokenEndpoint {
>>                 }
>>             } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>                 .equals(GrantType.REFRESH_TOKEN.toString())) {
>> +                // refresh token is not supported in this implementation
>>                 OAuthResponse response = OAuthASResponse
>>                     .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>                     .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> @@ -110,8 +122,8 @@ public class TokenEndpoint {
>>                 .setAccessToken(oauthIssuerImpl.accessToken())
>>                 .setExpiresIn("3600")
>>                 .buildJSONMessage();
>> -
>>             return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +
>>         } catch (OAuthProblemException e) {
>>             OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>>                 .buildJSONMessage();
>> @@ -119,19 +131,4 @@ public class TokenEndpoint {
>>         }
>>     }
>> 
>> -    @GET
>> -    @Consumes("application/x-www-form-urlencoded")
>> -    @Produces("application/json")
>> -    public Response authorizeGet(@Context HttpServletRequest request) throws OAuthSystemException
{
>> -        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>> -
>> -        OAuthResponse response = OAuthASResponse
>> -            .tokenResponse(HttpServletResponse.SC_OK)
>> -            .setAccessToken(oauthIssuerImpl.accessToken())
>> -            .setExpiresIn("3600")
>> -            .buildJSONMessage();
>> -
>> -        return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> -    }
>> -
>> }
>> \ No newline at end of file
>> 
>> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
(added)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
Wed May 15 20:56:34 2013
>> @@ -0,0 +1,123 @@
>> +/**
>> + *       Copyright 2010 Newcastle University
>> + *
>> + *          http://research.ncl.ac.uk/smart/
>> + *
>> + * Licensed to the Apache Software Foundation (ASF) under one or more
>> + * contributor license agreements.  See the NOTICE file distributed with
>> + * this work for additional information regarding copyright ownership.
>> + * The ASF licenses this file to You under the Apache License, Version 2.0
>> + * (the "License"); you may not use this file except in compliance with
>> + * the License.  You may obtain a copy of the License at
>> + *
>> + *      http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing, software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> + * See the License for the specific language governing permissions and
>> + * limitations under the License.
>> + */
>> +
>> +package org.apache.oltu.oauth2.integration.endpoints;
>> +
>> +import javax.servlet.http.HttpServletRequest;
>> +import javax.servlet.http.HttpServletResponse;
>> +import javax.ws.rs.Consumes;
>> +import javax.ws.rs.GET;
>> +import javax.ws.rs.POST;
>> +import javax.ws.rs.Path;
>> +import javax.ws.rs.Produces;
>> +import javax.ws.rs.core.Context;
>> +import javax.ws.rs.core.Response;
>> +
>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
>> +import org.apache.oltu.oauth2.common.OAuth;
>> +import org.apache.oltu.oauth2.common.error.OAuthError;
>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
>> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
>> +import org.apache.oltu.oauth2.common.message.types.GrantType;
>> +import org.apache.oltu.oauth2.integration.Common;
>> +
>> +/**
>> + *
>> + *
>> + *
>> + */
>> +@Path("/unauth-token")
>> +public class UnauthenticatedTokenEndpoint {
>> +
>> +    @POST
>> +    @Consumes("application/x-www-form-urlencoded")
>> +    @Produces("application/json")
>> +    public Response token(@Context HttpServletRequest request) throws OAuthSystemException
{
>> +
>> +        OAuthUnauthenticatedTokenRequest oauthRequest = null;
>> +
>> +        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>> +
>> +        try {
>> +            oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
>> +
>> +            // check if clientid is valid
>> +            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
>> +                OAuthResponse response =
>> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
>> +                        .buildJSONMessage();
>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +            }
>> +
>> +            // do checking for different grant types
>> +            if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> +                .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>> +                if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
>> +                    OAuthResponse response = OAuthASResponse
>> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> +                        .setErrorDescription("invalid authorization code")
>> +                        .buildJSONMessage();
>> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +                }
>> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> +                .equals(GrantType.PASSWORD.toString())) {
>> +                if (!Common.PASSWORD.equals(oauthRequest.getPassword())
>> +                    || !Common.USERNAME.equals(oauthRequest.getUsername())) {
>> +                    OAuthResponse response = OAuthASResponse
>> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> +                        .setErrorDescription("invalid username or password")
>> +                        .buildJSONMessage();
>> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +                }
>> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> +                .equals(GrantType.REFRESH_TOKEN.toString())) {
>> +                // refresh token is not supported in this implementation hence the
oauth error.
>> +                OAuthResponse response = OAuthASResponse
>> +                    .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> +                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> +                    .setErrorDescription("invalid username or password")
>> +                    .buildJSONMessage();
>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +            }
>> +
>> +            OAuthResponse response = OAuthASResponse
>> +                .tokenResponse(HttpServletResponse.SC_OK)
>> +                .setAccessToken(oauthIssuerImpl.accessToken())
>> +                .setExpiresIn("3600")
>> +                .buildJSONMessage();
>> +
>> +            return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +        } catch (OAuthProblemException e) {
>> +            OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>> +                .buildJSONMessage();
>> +            return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
>> +        }
>> +    }
>> +}
>> \ No newline at end of file
>> 
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml Wed
May 15 20:56:34 2013
>> @@ -48,12 +48,13 @@
>>         <jaxrs:serviceBeans>
>>             <ref bean="authzEndpoint"/>
>>             <ref bean="tokenEndpoint"/>
>> +            <ref bean="unauthenticatedTokenEndpoint"/>
>>         </jaxrs:serviceBeans>
>>     </jaxrs:server>
>> 
>> -    <bean id="authzEndpoint"
>> -          class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>> +    <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>>     <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
>> +    <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>> 
>>     <!--OAuth Client -->
>>     <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>> 
>> 


Mime
View raw message