oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Tripodi <simonetrip...@apache.org>
Subject Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test: java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/ resources/
Date Wed, 15 May 2013 21:34:53 GMT
Hi Stein,

thanks - having new energies on Oltu is priceless!!!

I'd suggest to get a little step back to our old best-practices,
splitting commits per issue, otherwise it is not easy to understand
which changes are related to OLTU-16, which to OLTU-31 and which to
OLTU-5.

WDYT?
Tia and all the best!
-Simo

http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/


On Wed, May 15, 2013 at 10:56 PM,  <stein@apache.org> wrote:
> Author: stein
> Date: Wed May 15 20:56:34 2013
> New Revision: 1483076
>
> URL: http://svn.apache.org/r1483076
> Log:
> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>
> Added:
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
>       - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
> Modified:
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>     oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>     oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
> @@ -38,10 +38,8 @@ import org.junit.Test;
>   */
>  public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>
> -
>      @Test
>      public void testSuccessfullAccesToken() throws Exception {
> -
>          OAuthClientRequest request = OAuthClientRequest
>              .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
>          OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>          assertNotNull(response.getAccessToken());
>          assertNotNull(response.getExpiresIn());
> -
> -
>      }
>
>      @Test
> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
> -
> +    public void testInvalidClientCredentials() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
>              .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
> -            .setCode(Common.AUTHORIZATION_CODE)
>              .setRedirectURI(Common.REDIRECT_URL)
> +            .setCode(Common.AUTHORIZATION_CODE)
>              .setClientId(Common.CLIENT_ID)
> -            .setClientSecret(Common.CLIENT_SECRET)
> -            .buildQueryMessage();
> +            .setClientSecret("wrongSecret")
> +            .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
> -        assertNotNull(response.getAccessToken());
> -        assertNotNull(response.getExpiresIn());
> -
>
> +        try {
> +            oAuthClient.accessToken(request);
> +            fail("exception expected");
> +        } catch (OAuthProblemException e) {
> +            assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
> +        }
>      }
>
>      @Test
> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
>              .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(null)
>              .setClientId(Common.CLIENT_ID)
> +            .setClientSecret(Common.CLIENT_SECRET)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
>              .setCode(Common.AUTHORIZATION_CODE)
>              .setClientId("unknownid")
> +            .setClientSecret(Common.CLIENT_SECRET)
>              .setRedirectURI(Common.REDIRECT_URL)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>          }
>      }
>
> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
>              .setCode(Common.AUTHORIZATION_CODE)
>              .setRedirectURI(Common.REDIRECT_URL)
>              .setClientId(Common.CLIENT_ID)
> +            .setClientSecret(Common.CLIENT_SECRET)
>              .buildBodyMessage();
>
>          OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthclient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
>              assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>          }
> -
>      }
>
>      @Test
> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
>              .setRedirectURI(Common.REDIRECT_URL)
>              .setCode("unknown_code")
>              .setClientId(Common.CLIENT_ID)
> +            .setClientSecret(Common.CLIENT_SECRET)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
>              oAuthClient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>          }
> -
>      }
>  }
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
(original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
Wed May 15 20:56:34 2013
> @@ -78,7 +78,7 @@ public final class Common {
>      public static final String HEADER_AUTHORIZATION = "Authorization";
>
>      public static final String AUTHORIZATION_CODE = "known_authz_code";
> -
> +    public static final String STATE = "abcde";
>
>      public static final String ASSERTION = "<samlp:AuthnRequest\n"
>          + "   xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
> @@ -96,6 +96,7 @@ public final class Common {
>      public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>
>      public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
> +    public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
>      public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
>      public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
>      public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
(original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
Wed May 15 20:56:34 2013
> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>
>      @Test
>      public void testWrongParametersEndUserAuthorization() throws Exception {
> -
> -
>          OAuthClientRequest request = OAuthClientRequest
>              .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>              .setClientId(Common.CLIENT_ID)
> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>
>      @Test
>      public void testCorrectParametersEndUserAuthorization() throws Exception {
> -
>          OAuthClientRequest request = OAuthClientRequest
>              .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>              .setClientId(Common.CLIENT_ID)
>              .setRedirectURI(Common.REDIRECT_URL + "1")
>              .setResponseType(ResponseType.CODE.toString())
> +            .setState(Common.STATE)
>              .buildQueryMessage();
>
>          Common.doRequest(request);
> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
>      @GET
>      @Path("/redirect")
>      public Response callback(@Context HttpServletRequest request) throws Exception {
> -
>          OAuthClientResponse resp = null;
>          try {
>              OAuthAuthzResponse.oauthCodeAuthzResponse(request);
> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
>              assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
>          }
>
> -
>          return Response.ok().build();
>      }
>
> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
>              fail("exception not expected");
>          }
>
> -
>          return Response.ok().build();
>      }
>
>
> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
(from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
> @@ -36,60 +36,34 @@ import org.junit.Test;
>   *
>   *
>   */
> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
> -
> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest
{
>
>      @Test
> -    public void testSuccessfullAccesToken() throws Exception {
> -
> +    public void testSuccessfulAccessToken() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
>              .setCode(Common.AUTHORIZATION_CODE)
>              .setRedirectURI(Common.REDIRECT_URL)
>              .setClientId(Common.CLIENT_ID)
> -            .setClientSecret(Common.CLIENT_SECRET)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>          OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>          assertNotNull(response.getAccessToken());
>          assertNotNull(response.getExpiresIn());
> -
> -
> -    }
> -
> -    @Test
> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
> -
> -        OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> -            .setGrantType(GrantType.AUTHORIZATION_CODE)
> -            .setCode(Common.AUTHORIZATION_CODE)
> -            .setRedirectURI(Common.REDIRECT_URL)
> -            .setClientId(Common.CLIENT_ID)
> -            .setClientSecret(Common.CLIENT_SECRET)
> -            .buildQueryMessage();
> -
> -        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
> -        assertNotNull(response.getAccessToken());
> -        assertNotNull(response.getExpiresIn());
> -
> -
>      }
>
>      @Test
>      public void testNoneGrantType() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(null)
>              .setClientId(Common.CLIENT_ID)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
>      @Test
>      public void testInvalidRequest() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setClientId(Common.CLIENT_ID)
>              .buildBodyMessage();
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
>      @Test
>      public void testInvalidClient() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
>              .setCode(Common.AUTHORIZATION_CODE)
>              .setClientId("unknownid")
> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>
>          OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthClient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>          }
>      }
>
>      @Test
>      public void testInvalidGrantType() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
>              .setCode(Common.AUTHORIZATION_CODE)
>              .setRedirectURI(Common.REDIRECT_URL)
> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>
>          OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>
> -
>          try {
>              oAuthclient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
>              assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>          }
> -
>      }
>
>      @Test
>      public void testInvalidCode() throws Exception {
>          OAuthClientRequest request = OAuthClientRequest
> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>              .setGrantType(GrantType.AUTHORIZATION_CODE)
>              .setRedirectURI(Common.REDIRECT_URL)
>              .setCode("unknown_code")
> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
>              oAuthClient.accessToken(request);
>              fail("exception expected");
>          } catch (OAuthProblemException e) {
> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>          }
> -
>      }
>  }
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
(original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
Wed May 15 20:56:34 2013
> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
>  @Path("/token")
>  public class TokenEndpoint {
>
> +    public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed
(e.g., unknown client, no client authentication included, or unsupported authentication method).";
> +
>      @POST
>      @Consumes("application/x-www-form-urlencoded")
>      @Produces("application/json")
> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>
>          try {
>              oauthRequest = new OAuthTokenRequest(request);
> -
> -            //check if clientid is valid
> -            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
> +
> +            // check if clientid is valid
> +            if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
>                  OAuthResponse response =
>                      OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> -                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
> +                        .buildJSONMessage();
> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +            }
> +
> +            // check if client_secret is valid
> +            if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) {
> +                OAuthResponse response =
> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
> +                        .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>                          .buildJSONMessage();
>                  return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>              }
>
> -            //do checking for different grant types
> +            // do checking for different grant types
>              if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>                  .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>                  if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
> @@ -97,6 +108,7 @@ public class TokenEndpoint {
>                  }
>              } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>                  .equals(GrantType.REFRESH_TOKEN.toString())) {
> +                // refresh token is not supported in this implementation
>                  OAuthResponse response = OAuthASResponse
>                      .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>                      .setError(OAuthError.TokenResponse.INVALID_GRANT)
> @@ -110,8 +122,8 @@ public class TokenEndpoint {
>                  .setAccessToken(oauthIssuerImpl.accessToken())
>                  .setExpiresIn("3600")
>                  .buildJSONMessage();
> -
>              return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +
>          } catch (OAuthProblemException e) {
>              OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>                  .buildJSONMessage();
> @@ -119,19 +131,4 @@ public class TokenEndpoint {
>          }
>      }
>
> -    @GET
> -    @Consumes("application/x-www-form-urlencoded")
> -    @Produces("application/json")
> -    public Response authorizeGet(@Context HttpServletRequest request) throws OAuthSystemException
{
> -        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
> -
> -        OAuthResponse response = OAuthASResponse
> -            .tokenResponse(HttpServletResponse.SC_OK)
> -            .setAccessToken(oauthIssuerImpl.accessToken())
> -            .setExpiresIn("3600")
> -            .buildJSONMessage();
> -
> -        return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> -    }
> -
>  }
> \ No newline at end of file
>
> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
(added)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
Wed May 15 20:56:34 2013
> @@ -0,0 +1,123 @@
> +/**
> + *       Copyright 2010 Newcastle University
> + *
> + *          http://research.ncl.ac.uk/smart/
> + *
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements.  See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License.  You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.oltu.oauth2.integration.endpoints;
> +
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +import javax.ws.rs.Consumes;
> +import javax.ws.rs.GET;
> +import javax.ws.rs.POST;
> +import javax.ws.rs.Path;
> +import javax.ws.rs.Produces;
> +import javax.ws.rs.core.Context;
> +import javax.ws.rs.core.Response;
> +
> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
> +import org.apache.oltu.oauth2.common.OAuth;
> +import org.apache.oltu.oauth2.common.error.OAuthError;
> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
> +import org.apache.oltu.oauth2.common.message.types.GrantType;
> +import org.apache.oltu.oauth2.integration.Common;
> +
> +/**
> + *
> + *
> + *
> + */
> +@Path("/unauth-token")
> +public class UnauthenticatedTokenEndpoint {
> +
> +    @POST
> +    @Consumes("application/x-www-form-urlencoded")
> +    @Produces("application/json")
> +    public Response token(@Context HttpServletRequest request) throws OAuthSystemException
{
> +
> +        OAuthUnauthenticatedTokenRequest oauthRequest = null;
> +
> +        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
> +
> +        try {
> +            oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
> +
> +            // check if clientid is valid
> +            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
> +                OAuthResponse response =
> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
> +                        .buildJSONMessage();
> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +            }
> +
> +            // do checking for different grant types
> +            if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> +                .equals(GrantType.AUTHORIZATION_CODE.toString())) {
> +                if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
> +                    OAuthResponse response = OAuthASResponse
> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
> +                        .setErrorDescription("invalid authorization code")
> +                        .buildJSONMessage();
> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +                }
> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> +                .equals(GrantType.PASSWORD.toString())) {
> +                if (!Common.PASSWORD.equals(oauthRequest.getPassword())
> +                    || !Common.USERNAME.equals(oauthRequest.getUsername())) {
> +                    OAuthResponse response = OAuthASResponse
> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
> +                        .setErrorDescription("invalid username or password")
> +                        .buildJSONMessage();
> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +                }
> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> +                .equals(GrantType.REFRESH_TOKEN.toString())) {
> +                // refresh token is not supported in this implementation hence the oauth
error.
> +                OAuthResponse response = OAuthASResponse
> +                    .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> +                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
> +                    .setErrorDescription("invalid username or password")
> +                    .buildJSONMessage();
> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +            }
> +
> +            OAuthResponse response = OAuthASResponse
> +                .tokenResponse(HttpServletResponse.SC_OK)
> +                .setAccessToken(oauthIssuerImpl.accessToken())
> +                .setExpiresIn("3600")
> +                .buildJSONMessage();
> +
> +            return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +        } catch (OAuthProblemException e) {
> +            OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
> +                .buildJSONMessage();
> +            return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
> +        }
> +    }
> +}
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml Wed May
15 20:56:34 2013
> @@ -48,12 +48,13 @@
>          <jaxrs:serviceBeans>
>              <ref bean="authzEndpoint"/>
>              <ref bean="tokenEndpoint"/>
> +            <ref bean="unauthenticatedTokenEndpoint"/>
>          </jaxrs:serviceBeans>
>      </jaxrs:server>
>
> -    <bean id="authzEndpoint"
> -          class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
> +    <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>      <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
> +    <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>
>      <!--OAuth Client -->
>      <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>
>

Mime
View raw message