oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Tripodi <simonetrip...@apache.org>
Subject Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test: java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/ resources/
Date Thu, 16 May 2013 11:05:11 GMT
Cool, thanks for the update!

Alles Gute,
-Simo

http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/


On Wed, May 15, 2013 at 11:50 PM, Stein Welberg
<stein@innovation-district.com> wrote:
> I agree,
>
> However these issues (and the fix) were really related to each other. (And I was a little
to eager to take on both at the same time ;-))
>
> Also OLTU-5 and OLTU-31 were the same issues..
>
> Regards,
> Stein
>
> On 15 mei 2013, at 23:34, Simone Tripodi <simonetripodi@apache.org> wrote:
>
>> Hi Stein,
>>
>> thanks - having new energies on Oltu is priceless!!!
>>
>> I'd suggest to get a little step back to our old best-practices,
>> splitting commits per issue, otherwise it is not easy to understand
>> which changes are related to OLTU-16, which to OLTU-31 and which to
>> OLTU-5.
>>
>> WDYT?
>> Tia and all the best!
>> -Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://simonetripodi.livejournal.com/
>> http://twitter.com/simonetripodi
>> http://www.99soft.org/
>>
>>
>> On Wed, May 15, 2013 at 10:56 PM,  <stein@apache.org> wrote:
>>> Author: stein
>>> Date: Wed May 15 20:56:34 2013
>>> New Revision: 1483076
>>>
>>> URL: http://svn.apache.org/r1483076
>>> Log:
>>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>>>
>>> Added:
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
>>>      - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>>> Modified:
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>>>    oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
>>> @@ -38,10 +38,8 @@ import org.junit.Test;
>>>  */
>>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>>
>>> -
>>>     @Test
>>>     public void testSuccessfullAccesToken() throws Exception {
>>> -
>>>         OAuthClientRequest request = OAuthClientRequest
>>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
>>>         OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>>         assertNotNull(response.getAccessToken());
>>>         assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>>     }
>>>
>>>     @Test
>>> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
>>> -
>>> +    public void testInvalidClientCredentials() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> -            .setCode(Common.AUTHORIZATION_CODE)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>> +            .setCode(Common.AUTHORIZATION_CODE)
>>>             .setClientId(Common.CLIENT_ID)
>>> -            .setClientSecret(Common.CLIENT_SECRET)
>>> -            .buildQueryMessage();
>>> +            .setClientSecret("wrongSecret")
>>> +            .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request,
OAuth.HttpMethod.GET);
>>> -        assertNotNull(response.getAccessToken());
>>> -        assertNotNull(response.getExpiresIn());
>>> -
>>>
>>> +        try {
>>> +            oAuthClient.accessToken(request);
>>> +            fail("exception expected");
>>> +        } catch (OAuthProblemException e) {
>>> +            assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
>>> +        }
>>>     }
>>>
>>>     @Test
>>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
>>>             .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(null)
>>>             .setClientId(Common.CLIENT_ID)
>>> +            .setClientSecret(Common.CLIENT_SECRET)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>>             .setCode(Common.AUTHORIZATION_CODE)
>>>             .setClientId("unknownid")
>>> +            .setClientSecret(Common.CLIENT_SECRET)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>>         }
>>>     }
>>>
>>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
>>>             .setCode(Common.AUTHORIZATION_CODE)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>>             .setClientId(Common.CLIENT_ID)
>>> +            .setClientSecret(Common.CLIENT_SECRET)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthclient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>>             assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>>         }
>>> -
>>>     }
>>>
>>>     @Test
>>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>>             .setCode("unknown_code")
>>>             .setClientId(Common.CLIENT_ID)
>>> +            .setClientSecret(Common.CLIENT_SECRET)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>>         }
>>> -
>>>     }
>>> }
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
Wed May 15 20:56:34 2013
>>> @@ -78,7 +78,7 @@ public final class Common {
>>>     public static final String HEADER_AUTHORIZATION = "Authorization";
>>>
>>>     public static final String AUTHORIZATION_CODE = "known_authz_code";
>>> -
>>> +    public static final String STATE = "abcde";
>>>
>>>     public static final String ASSERTION = "<samlp:AuthnRequest\n"
>>>         + "   xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
>>> @@ -96,6 +96,7 @@ public final class Common {
>>>     public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>>>
>>>     public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
>>> +    public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
>>>     public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
>>>     public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
>>>     public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
Wed May 15 20:56:34 2013
>>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>>>
>>>     @Test
>>>     public void testWrongParametersEndUserAuthorization() throws Exception {
>>> -
>>> -
>>>         OAuthClientRequest request = OAuthClientRequest
>>>             .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>>             .setClientId(Common.CLIENT_ID)
>>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>>>
>>>     @Test
>>>     public void testCorrectParametersEndUserAuthorization() throws Exception
{
>>> -
>>>         OAuthClientRequest request = OAuthClientRequest
>>>             .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>>             .setClientId(Common.CLIENT_ID)
>>>             .setRedirectURI(Common.REDIRECT_URL + "1")
>>>             .setResponseType(ResponseType.CODE.toString())
>>> +            .setState(Common.STATE)
>>>             .buildQueryMessage();
>>>
>>>         Common.doRequest(request);
>>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
>>>     @GET
>>>     @Path("/redirect")
>>>     public Response callback(@Context HttpServletRequest request) throws Exception
{
>>> -
>>>         OAuthClientResponse resp = null;
>>>         try {
>>>             OAuthAuthzResponse.oauthCodeAuthzResponse(request);
>>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
>>>             assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
>>>         }
>>>
>>> -
>>>         return Response.ok().build();
>>>     }
>>>
>>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
>>>             fail("exception not expected");
>>>         }
>>>
>>> -
>>>         return Response.ok().build();
>>>     }
>>>
>>>
>>> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
(from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
Wed May 15 20:56:34 2013
>>> @@ -36,60 +36,34 @@ import org.junit.Test;
>>>  *
>>>  *
>>>  */
>>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>> -
>>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest
{
>>>
>>>     @Test
>>> -    public void testSuccessfullAccesToken() throws Exception {
>>> -
>>> +    public void testSuccessfulAccessToken() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>>             .setCode(Common.AUTHORIZATION_CODE)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>>             .setClientId(Common.CLIENT_ID)
>>> -            .setClientSecret(Common.CLIENT_SECRET)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>         OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>>         assertNotNull(response.getAccessToken());
>>>         assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>> -    }
>>> -
>>> -    @Test
>>> -    public void testSuccessfullAccesTokenGETMethod() throws Exception {
>>> -
>>> -        OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> -            .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> -            .setCode(Common.AUTHORIZATION_CODE)
>>> -            .setRedirectURI(Common.REDIRECT_URL)
>>> -            .setClientId(Common.CLIENT_ID)
>>> -            .setClientSecret(Common.CLIENT_SECRET)
>>> -            .buildQueryMessage();
>>> -
>>> -        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> -        OAuthAccessTokenResponse response = oAuthClient.accessToken(request,
OAuth.HttpMethod.GET);
>>> -        assertNotNull(response.getAccessToken());
>>> -        assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>>     }
>>>
>>>     @Test
>>>     public void testNoneGrantType() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(null)
>>>             .setClientId(Common.CLIENT_ID)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
>>>     @Test
>>>     public void testInvalidRequest() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setClientId(Common.CLIENT_ID)
>>>             .buildBodyMessage();
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
>>>     @Test
>>>     public void testInvalidClient() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>>             .setCode(Common.AUTHORIZATION_CODE)
>>>             .setClientId("unknownid")
>>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>>>
>>>         OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> +            assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>>         }
>>>     }
>>>
>>>     @Test
>>>     public void testInvalidGrantType() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
>>>             .setCode(Common.AUTHORIZATION_CODE)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>>>
>>>         OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>>         try {
>>>             oAuthclient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>>             assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>>         }
>>> -
>>>     }
>>>
>>>     @Test
>>>     public void testInvalidCode() throws Exception {
>>>         OAuthClientRequest request = OAuthClientRequest
>>> -            .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> +            .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>>             .setGrantType(GrantType.AUTHORIZATION_CODE)
>>>             .setRedirectURI(Common.REDIRECT_URL)
>>>             .setCode("unknown_code")
>>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
>>>             oAuthClient.accessToken(request);
>>>             fail("exception expected");
>>>         } catch (OAuthProblemException e) {
>>> -            assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> +            assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>>         }
>>> -
>>>     }
>>> }
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
Wed May 15 20:56:34 2013
>>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
>>> @Path("/token")
>>> public class TokenEndpoint {
>>>
>>> +    public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication
failed (e.g., unknown client, no client authentication included, or unsupported authentication
method).";
>>> +
>>>     @POST
>>>     @Consumes("application/x-www-form-urlencoded")
>>>     @Produces("application/json")
>>> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>>>
>>>         try {
>>>             oauthRequest = new OAuthTokenRequest(request);
>>> -
>>> -            //check if clientid is valid
>>> -            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
>>> +
>>> +            // check if clientid is valid
>>> +            if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
>>>                 OAuthResponse response =
>>>                     OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> -                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
>>> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>>> +                        .buildJSONMessage();
>>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +            }
>>> +
>>> +            // check if client_secret is valid
>>> +            if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret()))
{
>>> +                OAuthResponse response =
>>> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
>>> +                        .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>>>                         .buildJSONMessage();
>>>                 return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>>             }
>>>
>>> -            //do checking for different grant types
>>> +            // do checking for different grant types
>>>             if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>>                 .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>>>                 if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
>>> @@ -97,6 +108,7 @@ public class TokenEndpoint {
>>>                 }
>>>             } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>>                 .equals(GrantType.REFRESH_TOKEN.toString())) {
>>> +                // refresh token is not supported in this implementation
>>>                 OAuthResponse response = OAuthASResponse
>>>                     .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>>                     .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> @@ -110,8 +122,8 @@ public class TokenEndpoint {
>>>                 .setAccessToken(oauthIssuerImpl.accessToken())
>>>                 .setExpiresIn("3600")
>>>                 .buildJSONMessage();
>>> -
>>>             return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +
>>>         } catch (OAuthProblemException e) {
>>>             OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>>>                 .buildJSONMessage();
>>> @@ -119,19 +131,4 @@ public class TokenEndpoint {
>>>         }
>>>     }
>>>
>>> -    @GET
>>> -    @Consumes("application/x-www-form-urlencoded")
>>> -    @Produces("application/json")
>>> -    public Response authorizeGet(@Context HttpServletRequest request) throws
OAuthSystemException {
>>> -        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>>> -
>>> -        OAuthResponse response = OAuthASResponse
>>> -            .tokenResponse(HttpServletResponse.SC_OK)
>>> -            .setAccessToken(oauthIssuerImpl.accessToken())
>>> -            .setExpiresIn("3600")
>>> -            .buildJSONMessage();
>>> -
>>> -        return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> -    }
>>> -
>>> }
>>> \ No newline at end of file
>>>
>>> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
(added)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
Wed May 15 20:56:34 2013
>>> @@ -0,0 +1,123 @@
>>> +/**
>>> + *       Copyright 2010 Newcastle University
>>> + *
>>> + *          http://research.ncl.ac.uk/smart/
>>> + *
>>> + * Licensed to the Apache Software Foundation (ASF) under one or more
>>> + * contributor license agreements.  See the NOTICE file distributed with
>>> + * this work for additional information regarding copyright ownership.
>>> + * The ASF licenses this file to You under the Apache License, Version 2.0
>>> + * (the "License"); you may not use this file except in compliance with
>>> + * the License.  You may obtain a copy of the License at
>>> + *
>>> + *      http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing, software
>>> + * distributed under the License is distributed on an "AS IS" BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> + * See the License for the specific language governing permissions and
>>> + * limitations under the License.
>>> + */
>>> +
>>> +package org.apache.oltu.oauth2.integration.endpoints;
>>> +
>>> +import javax.servlet.http.HttpServletRequest;
>>> +import javax.servlet.http.HttpServletResponse;
>>> +import javax.ws.rs.Consumes;
>>> +import javax.ws.rs.GET;
>>> +import javax.ws.rs.POST;
>>> +import javax.ws.rs.Path;
>>> +import javax.ws.rs.Produces;
>>> +import javax.ws.rs.core.Context;
>>> +import javax.ws.rs.core.Response;
>>> +
>>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
>>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
>>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
>>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
>>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
>>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
>>> +import org.apache.oltu.oauth2.common.OAuth;
>>> +import org.apache.oltu.oauth2.common.error.OAuthError;
>>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
>>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
>>> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
>>> +import org.apache.oltu.oauth2.common.message.types.GrantType;
>>> +import org.apache.oltu.oauth2.integration.Common;
>>> +
>>> +/**
>>> + *
>>> + *
>>> + *
>>> + */
>>> +@Path("/unauth-token")
>>> +public class UnauthenticatedTokenEndpoint {
>>> +
>>> +    @POST
>>> +    @Consumes("application/x-www-form-urlencoded")
>>> +    @Produces("application/json")
>>> +    public Response token(@Context HttpServletRequest request) throws OAuthSystemException
{
>>> +
>>> +        OAuthUnauthenticatedTokenRequest oauthRequest = null;
>>> +
>>> +        OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>>> +
>>> +        try {
>>> +            oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
>>> +
>>> +            // check if clientid is valid
>>> +            if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID)))
{
>>> +                OAuthResponse response =
>>> +                    OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> +                        .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id
not found")
>>> +                        .buildJSONMessage();
>>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +            }
>>> +
>>> +            // do checking for different grant types
>>> +            if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> +                .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>>> +                if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE)))
{
>>> +                    OAuthResponse response = OAuthASResponse
>>> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> +                        .setErrorDescription("invalid authorization code")
>>> +                        .buildJSONMessage();
>>> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +                }
>>> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> +                .equals(GrantType.PASSWORD.toString())) {
>>> +                if (!Common.PASSWORD.equals(oauthRequest.getPassword())
>>> +                    || !Common.USERNAME.equals(oauthRequest.getUsername()))
{
>>> +                    OAuthResponse response = OAuthASResponse
>>> +                        .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> +                        .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> +                        .setErrorDescription("invalid username or password")
>>> +                        .buildJSONMessage();
>>> +                    return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +                }
>>> +            } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> +                .equals(GrantType.REFRESH_TOKEN.toString())) {
>>> +                // refresh token is not supported in this implementation hence
the oauth error.
>>> +                OAuthResponse response = OAuthASResponse
>>> +                    .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> +                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> +                    .setErrorDescription("invalid username or password")
>>> +                    .buildJSONMessage();
>>> +                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +            }
>>> +
>>> +            OAuthResponse response = OAuthASResponse
>>> +                .tokenResponse(HttpServletResponse.SC_OK)
>>> +                .setAccessToken(oauthIssuerImpl.accessToken())
>>> +                .setExpiresIn("3600")
>>> +                .buildJSONMessage();
>>> +
>>> +            return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +        } catch (OAuthProblemException e) {
>>> +            OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>>> +                .buildJSONMessage();
>>> +            return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
>>> +        }
>>> +    }
>>> +}
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
(original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
Wed May 15 20:56:34 2013
>>> @@ -48,12 +48,13 @@
>>>         <jaxrs:serviceBeans>
>>>             <ref bean="authzEndpoint"/>
>>>             <ref bean="tokenEndpoint"/>
>>> +            <ref bean="unauthenticatedTokenEndpoint"/>
>>>         </jaxrs:serviceBeans>
>>>     </jaxrs:server>
>>>
>>> -    <bean id="authzEndpoint"
>>> -          class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>>> +    <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>>>     <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
>>> +    <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>>>
>>>     <!--OAuth Client -->
>>>     <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>>>
>>>
>

Mime
View raw message