Return-Path: X-Original-To: apmail-oltu-dev-archive@www.apache.org Delivered-To: apmail-oltu-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7CE9999C7 for ; Thu, 16 May 2013 11:05:41 +0000 (UTC) Received: (qmail 43134 invoked by uid 500); 16 May 2013 11:05:41 -0000 Delivered-To: apmail-oltu-dev-archive@oltu.apache.org Received: (qmail 43044 invoked by uid 500); 16 May 2013 11:05:40 -0000 Mailing-List: contact dev-help@oltu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@oltu.apache.org Delivered-To: mailing list dev@oltu.apache.org Received: (qmail 43000 invoked by uid 99); 16 May 2013 11:05:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 May 2013 11:05:39 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of simone.tripodi@gmail.com designates 209.85.214.169 as permitted sender) Received: from [209.85.214.169] (HELO mail-ob0-f169.google.com) (209.85.214.169) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 May 2013 11:05:32 +0000 Received: by mail-ob0-f169.google.com with SMTP id vb8so3271877obc.0 for ; Thu, 16 May 2013 04:05:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=nbEMEB3Ch8TRx4e+SLtjq2iph2hmVfL3fje1C+6TLFY=; b=CIpegqScQ3LD/bOISzvq1N8VFpZkMvaJ/Z3RkoN2Dnm3pwf1wXMFelx/RgbIwRurPR QBNIRMLcnKjy0NuZBPhfCw9GlXF0EuzubILoTTqDDm2x6e0OanKCzBgckqsM66e6PT2m v0VHZIwBYlQPFpJxMcgbaHs1ucaVAYpCNlYMjCAtNZVOfnyERHiv23l1ytvdU+iRAYfO 6dzvpada6QeKz2EXJ7ERav6QxuwURaKG4MgMGKxlVKAQOPqEpsULb6ej811Wu678qXB+ Sl27g8GEz7IlRhbSATc0chMY5aSx8YxTmxANBLlILQW93wsOLyx0M006fdQtQX4PRMZJ sKSw== MIME-Version: 1.0 X-Received: by 10.182.108.165 with SMTP id hl5mr19550185obb.33.1368702311639; Thu, 16 May 2013 04:05:11 -0700 (PDT) Sender: simone.tripodi@gmail.com Received: by 10.60.14.227 with HTTP; Thu, 16 May 2013 04:05:11 -0700 (PDT) In-Reply-To: References: <20130515205635.AC3CE238890D@eris.apache.org> Date: Thu, 16 May 2013 13:05:11 +0200 X-Google-Sender-Auth: q5zeIe_FY8P_Bz4JWMAa5tGU_os Message-ID: Subject: Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test: java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/ resources/ From: Simone Tripodi To: dev@oltu.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Cool, thanks for the update! Alles Gute, -Simo http://people.apache.org/~simonetripodi/ http://simonetripodi.livejournal.com/ http://twitter.com/simonetripodi http://www.99soft.org/ On Wed, May 15, 2013 at 11:50 PM, Stein Welberg wrote: > I agree, > > However these issues (and the fix) were really related to each other. (An= d I was a little to eager to take on both at the same time ;-)) > > Also OLTU-5 and OLTU-31 were the same issues.. > > Regards, > Stein > > On 15 mei 2013, at 23:34, Simone Tripodi wrote= : > >> Hi Stein, >> >> thanks - having new energies on Oltu is priceless!!! >> >> I'd suggest to get a little step back to our old best-practices, >> splitting commits per issue, otherwise it is not easy to understand >> which changes are related to OLTU-16, which to OLTU-31 and which to >> OLTU-5. >> >> WDYT? >> Tia and all the best! >> -Simo >> >> http://people.apache.org/~simonetripodi/ >> http://simonetripodi.livejournal.com/ >> http://twitter.com/simonetripodi >> http://www.99soft.org/ >> >> >> On Wed, May 15, 2013 at 10:56 PM, wrote: >>> Author: stein >>> Date: Wed May 15 20:56:34 2013 >>> New Revision: 1483076 >>> >>> URL: http://svn.apache.org/r1483076 >>> Log: >>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated to= ken endpoint >>> >>> Added: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >>> - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-= tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthC= odeTest.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/AccessTokenTestAuthCodeTest.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/Common.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/EndUserAuthorizationTest.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu= /oauth2/integration/endpoints/TokenEndpoint.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-bean= s.xml >>> >>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apac= he/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeT= est.java?rev=3D1483076&r1=3D1483075&r2=3D1483076&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/AccessTokenTestAuthCodeTest.java (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2= 013 >>> @@ -38,10 +38,8 @@ import org.junit.Test; >>> */ >>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest = { >>> >>> - >>> @Test >>> public void testSuccessfullAccesToken() throws Exception { >>> - >>> OAuthClientRequest request =3D OAuthClientRequest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest >>> OAuthAccessTokenResponse response =3D oAuthClient.accessToken(r= equest); >>> assertNotNull(response.getAccessToken()); >>> assertNotNull(response.getExpiresIn()); >>> - >>> - >>> } >>> >>> @Test >>> - public void testSuccessfullAccesTokenGETMethod() throws Exception = { >>> - >>> + public void testInvalidClientCredentials() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> - .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> + .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> - .buildQueryMessage(); >>> + .setClientSecret("wrongSecret") >>> + .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> - OAuthAccessTokenResponse response =3D oAuthClient.accessToken(= request, OAuth.HttpMethod.GET); >>> - assertNotNull(response.getAccessToken()); >>> - assertNotNull(response.getExpiresIn()); >>> - >>> >>> + try { >>> + oAuthClient.accessToken(request); >>> + fail("exception expected"); >>> + } catch (OAuthProblemException e) { >>> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT,= e.getError()); >>> + } >>> } >>> >>> @Test >>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(null) >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId("unknownid") >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.g= etError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.ge= tError()); >>> } >>> } >>> >>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthclient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthclient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.ge= tError()); >>> } >>> - >>> } >>> >>> @Test >>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setCode("unknown_code") >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.g= etError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.get= Error()); >>> } >>> - >>> } >>> } >>> \ No newline at end of file >>> >>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apac= he/oltu/oauth2/integration/Common.java >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=3D148307= 6&r1=3D1483075&r2=3D1483076&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/Common.java (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/Common.java Wed May 15 20:56:34 2013 >>> @@ -78,7 +78,7 @@ public final class Common { >>> public static final String HEADER_AUTHORIZATION =3D "Authorization"= ; >>> >>> public static final String AUTHORIZATION_CODE =3D "known_authz_code= "; >>> - >>> + public static final String STATE =3D "abcde"; >>> >>> public static final String ASSERTION =3D ">> + " xmlns:samlp=3D\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" >>> @@ -96,6 +96,7 @@ public final class Common { >>> public static final String ASSERTION_TYPE =3D "http://xml.coverpage= s.org/saml.html"; >>> >>> public static final String ACCESS_TOKEN_ENDPOINT =3D "http://localh= ost:9001/auth/oauth2/token"; >>> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = =3D "http://localhost:9001/auth/oauth2/unauth-token"; >>> public static final String AUTHORIZATION_ENPOINT =3D "http://localh= ost:9001/auth/oauth2/authz"; >>> public static final String REDIRECT_URL =3D "http://localhost:9002/= auth/oauth2/redirect"; >>> public static final String RESOURCE_SERVER =3D "http://localhost:90= 03/resource_server"; >>> >>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apac= he/oltu/oauth2/integration/EndUserAuthorizationTest.java >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest= .java?rev=3D1483076&r1=3D1483075&r2=3D1483076&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/EndUserAuthorizationTest.java (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/EndUserAuthorizationTest.java Wed May 15 20:56:34 2013 >>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex >>> >>> @Test >>> public void testWrongParametersEndUserAuthorization() throws Except= ion { >>> - >>> - >>> OAuthClientRequest request =3D OAuthClientRequest >>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >>> .setClientId(Common.CLIENT_ID) >>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex >>> >>> @Test >>> public void testCorrectParametersEndUserAuthorization() throws Exce= ption { >>> - >>> OAuthClientRequest request =3D OAuthClientRequest >>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >>> .setClientId(Common.CLIENT_ID) >>> .setRedirectURI(Common.REDIRECT_URL + "1") >>> .setResponseType(ResponseType.CODE.toString()) >>> + .setState(Common.STATE) >>> .buildQueryMessage(); >>> >>> Common.doRequest(request); >>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex >>> @GET >>> @Path("/redirect") >>> public Response callback(@Context HttpServletRequest request) throw= s Exception { >>> - >>> OAuthClientResponse resp =3D null; >>> try { >>> OAuthAuthzResponse.oauthCodeAuthzResponse(request); >>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex >>> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.get= Error()); >>> } >>> >>> - >>> return Response.ok().build(); >>> } >>> >>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex >>> fail("exception not expected"); >>> } >>> >>> - >>> return Response.ok().build(); >>> } >>> >>> >>> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache= /oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java (f= rom r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apac= he/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java) >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTok= enTestAuthCodeTest.java?p2=3Doltu/trunk/oauth-2.0/integration-tests/src/tes= t/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAut= hCodeTest.java&p1=3Doltu/trunk/oauth-2.0/integration-tests/src/test/java/or= g/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=3D1483= 016&r2=3D1483076&rev=3D1483076&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/AccessTokenTestAuthCodeTest.java (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java Wed Ma= y 15 20:56:34 2013 >>> @@ -36,60 +36,34 @@ import org.junit.Test; >>> * >>> * >>> */ >>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest= { >>> - >>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends Client= ServerOAuthTest { >>> >>> @Test >>> - public void testSuccessfullAccesToken() throws Exception { >>> - >>> + public void testSuccessfulAccessToken() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> OAuthAccessTokenResponse response =3D oAuthClient.accessToken(r= equest); >>> assertNotNull(response.getAccessToken()); >>> assertNotNull(response.getExpiresIn()); >>> - >>> - >>> - } >>> - >>> - @Test >>> - public void testSuccessfullAccesTokenGETMethod() throws Exception = { >>> - >>> - OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> - .setGrantType(GrantType.AUTHORIZATION_CODE) >>> - .setCode(Common.AUTHORIZATION_CODE) >>> - .setRedirectURI(Common.REDIRECT_URL) >>> - .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> - .buildQueryMessage(); >>> - >>> - OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionC= lient()); >>> - OAuthAccessTokenResponse response =3D oAuthClient.accessToken(= request, OAuth.HttpMethod.GET); >>> - assertNotNull(response.getAccessToken()); >>> - assertNotNull(response.getExpiresIn()); >>> - >>> - >>> } >>> >>> @Test >>> public void testNoneGrantType() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setGrantType(null) >>> .setClientId(Common.CLIENT_ID) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest >>> @Test >>> public void testInvalidRequest() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setClientId(Common.CLIENT_ID) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest >>> @Test >>> public void testInvalidClient() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId("unknownid") >>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthClient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.g= etError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.ge= tError()); >>> } >>> } >>> >>> @Test >>> public void testInvalidGrantType() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type") >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthclient =3D new OAuthClient(new URLConnectionCl= ient()); >>> >>> - >>> try { >>> oAuthclient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.ge= tError()); >>> } >>> - >>> } >>> >>> @Test >>> public void testInvalidCode() throws Exception { >>> OAuthClientRequest request =3D OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOIN= T) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setCode("unknown_code") >>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.g= etError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.get= Error()); >>> } >>> - >>> } >>> } >>> \ No newline at end of file >>> >>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apac= he/oltu/oauth2/integration/endpoints/TokenEndpoint.java >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.= java?rev=3D1483076&r1=3D1483075&r2=3D1483076&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/endpoints/TokenEndpoint.java (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/endpoints/TokenEndpoint.java Wed May 15 20:56:34 2013 >>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio >>> @Path("/token") >>> public class TokenEndpoint { >>> >>> + public static final String INVALID_CLIENT_DESCRIPTION =3D "Client = authentication failed (e.g., unknown client, no client authentication inclu= ded, or unsupported authentication method)."; >>> + >>> @POST >>> @Consumes("application/x-www-form-urlencoded") >>> @Produces("application/json") >>> @@ -63,17 +65,26 @@ public class TokenEndpoint { >>> >>> try { >>> oauthRequest =3D new OAuthTokenRequest(request); >>> - >>> - //check if clientid is valid >>> - if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.O= AUTH_CLIENT_ID))) { >>> + >>> + // check if clientid is valid >>> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) = { >>> OAuthResponse response =3D >>> OAuthASResponse.errorResponse(HttpServletResponse.S= C_BAD_REQUEST) >>> - .setError(OAuthError.TokenResponse.INVALID_CLI= ENT).setErrorDescription("client_id not found") >>> + .setError(OAuthError.TokenResponse.INVALID_CLI= ENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >>> + .buildJSONMessage(); >>> + return Response.status(response.getResponseStatus()).e= ntity(response.getBody()).build(); >>> + } >>> + >>> + // check if client_secret is valid >>> + if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSec= ret())) { >>> + OAuthResponse response =3D >>> + OAuthASResponse.errorResponse(HttpServletResponse.= SC_UNAUTHORIZED) >>> + .setError(OAuthError.TokenResponse.UNAUTHORIZE= D_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >>> .buildJSONMessage(); >>> return Response.status(response.getResponseStatus()).en= tity(response.getBody()).build(); >>> } >>> >>> - //do checking for different grant types >>> + // do checking for different grant types >>> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> .equals(GrantType.AUTHORIZATION_CODE.toString())) { >>> if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getP= aram(OAuth.OAUTH_CODE))) { >>> @@ -97,6 +108,7 @@ public class TokenEndpoint { >>> } >>> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> .equals(GrantType.REFRESH_TOKEN.toString())) { >>> + // refresh token is not supported in this implementati= on >>> OAuthResponse response =3D OAuthASResponse >>> .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> @@ -110,8 +122,8 @@ public class TokenEndpoint { >>> .setAccessToken(oauthIssuerImpl.accessToken()) >>> .setExpiresIn("3600") >>> .buildJSONMessage(); >>> - >>> return Response.status(response.getResponseStatus()).entity= (response.getBody()).build(); >>> + >>> } catch (OAuthProblemException e) { >>> OAuthResponse res =3D OAuthASResponse.errorResponse(HttpSer= vletResponse.SC_BAD_REQUEST).error(e) >>> .buildJSONMessage(); >>> @@ -119,19 +131,4 @@ public class TokenEndpoint { >>> } >>> } >>> >>> - @GET >>> - @Consumes("application/x-www-form-urlencoded") >>> - @Produces("application/json") >>> - public Response authorizeGet(@Context HttpServletRequest request) = throws OAuthSystemException { >>> - OAuthIssuer oauthIssuerImpl =3D new OAuthIssuerImpl(new MD5Gen= erator()); >>> - >>> - OAuthResponse response =3D OAuthASResponse >>> - .tokenResponse(HttpServletResponse.SC_OK) >>> - .setAccessToken(oauthIssuerImpl.accessToken()) >>> - .setExpiresIn("3600") >>> - .buildJSONMessage(); >>> - >>> - return Response.status(response.getResponseStatus()).entity(re= sponse.getBody()).build(); >>> - } >>> - >>> } >>> \ No newline at end of file >>> >>> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/= oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/java/org/apache/oltu/oauth2/integration/endpoints/Unauthenticate= dTokenEndpoint.java?rev=3D1483076&view=3Dauto >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java (added) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/olt= u/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java Wed May 15= 20:56:34 2013 >>> @@ -0,0 +1,123 @@ >>> +/** >>> + * Copyright 2010 Newcastle University >>> + * >>> + * http://research.ncl.ac.uk/smart/ >>> + * >>> + * Licensed to the Apache Software Foundation (ASF) under one or more >>> + * contributor license agreements. See the NOTICE file distributed wi= th >>> + * this work for additional information regarding copyright ownership. >>> + * The ASF licenses this file to You under the Apache License, Version= 2.0 >>> + * (the "License"); you may not use this file except in compliance wit= h >>> + * the License. You may obtain a copy of the License at >>> + * >>> + * http://www.apache.org/licenses/LICENSE-2.0 >>> + * >>> + * Unless required by applicable law or agreed to in writing, software >>> + * distributed under the License is distributed on an "AS IS" BASIS, >>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or imp= lied. >>> + * See the License for the specific language governing permissions and >>> + * limitations under the License. >>> + */ >>> + >>> +package org.apache.oltu.oauth2.integration.endpoints; >>> + >>> +import javax.servlet.http.HttpServletRequest; >>> +import javax.servlet.http.HttpServletResponse; >>> +import javax.ws.rs.Consumes; >>> +import javax.ws.rs.GET; >>> +import javax.ws.rs.POST; >>> +import javax.ws.rs.Path; >>> +import javax.ws.rs.Produces; >>> +import javax.ws.rs.core.Context; >>> +import javax.ws.rs.core.Response; >>> + >>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator; >>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer; >>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; >>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest; >>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequ= est; >>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse; >>> +import org.apache.oltu.oauth2.common.OAuth; >>> +import org.apache.oltu.oauth2.common.error.OAuthError; >>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException; >>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException; >>> +import org.apache.oltu.oauth2.common.message.OAuthResponse; >>> +import org.apache.oltu.oauth2.common.message.types.GrantType; >>> +import org.apache.oltu.oauth2.integration.Common; >>> + >>> +/** >>> + * >>> + * >>> + * >>> + */ >>> +@Path("/unauth-token") >>> +public class UnauthenticatedTokenEndpoint { >>> + >>> + @POST >>> + @Consumes("application/x-www-form-urlencoded") >>> + @Produces("application/json") >>> + public Response token(@Context HttpServletRequest request) throws = OAuthSystemException { >>> + >>> + OAuthUnauthenticatedTokenRequest oauthRequest =3D null; >>> + >>> + OAuthIssuer oauthIssuerImpl =3D new OAuthIssuerImpl(new MD5Gen= erator()); >>> + >>> + try { >>> + oauthRequest =3D new OAuthUnauthenticatedTokenRequest(requ= est); >>> + >>> + // check if clientid is valid >>> + if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.O= AUTH_CLIENT_ID))) { >>> + OAuthResponse response =3D >>> + OAuthASResponse.errorResponse(HttpServletResponse.= SC_BAD_REQUEST) >>> + .setError(OAuthError.TokenResponse.INVALID_CLI= ENT).setErrorDescription("client_id not found") >>> + .buildJSONMessage(); >>> + return Response.status(response.getResponseStatus()).e= ntity(response.getBody()).build(); >>> + } >>> + >>> + // do checking for different grant types >>> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.AUTHORIZATION_CODE.toString())) { >>> + if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.get= Param(OAuth.OAUTH_CODE))) { >>> + OAuthResponse response =3D OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQU= EST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRA= NT) >>> + .setErrorDescription("invalid authorization co= de") >>> + .buildJSONMessage(); >>> + return Response.status(response.getResponseStatus(= )).entity(response.getBody()).build(); >>> + } >>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.PASSWORD.toString())) { >>> + if (!Common.PASSWORD.equals(oauthRequest.getPassword()= ) >>> + || !Common.USERNAME.equals(oauthRequest.getUsernam= e())) { >>> + OAuthResponse response =3D OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQU= EST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRA= NT) >>> + .setErrorDescription("invalid username or pass= word") >>> + .buildJSONMessage(); >>> + return Response.status(response.getResponseStatus(= )).entity(response.getBody()).build(); >>> + } >>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.REFRESH_TOKEN.toString())) { >>> + // refresh token is not supported in this implementati= on hence the oauth error. >>> + OAuthResponse response =3D OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> + .setErrorDescription("invalid username or password= ") >>> + .buildJSONMessage(); >>> + return Response.status(response.getResponseStatus()).e= ntity(response.getBody()).build(); >>> + } >>> + >>> + OAuthResponse response =3D OAuthASResponse >>> + .tokenResponse(HttpServletResponse.SC_OK) >>> + .setAccessToken(oauthIssuerImpl.accessToken()) >>> + .setExpiresIn("3600") >>> + .buildJSONMessage(); >>> + >>> + return Response.status(response.getResponseStatus()).entit= y(response.getBody()).build(); >>> + } catch (OAuthProblemException e) { >>> + OAuthResponse res =3D OAuthASResponse.errorResponse(HttpSe= rvletResponse.SC_BAD_REQUEST).error(e) >>> + .buildJSONMessage(); >>> + return Response.status(res.getResponseStatus()).entity(res= .getBody()).build(); >>> + } >>> + } >>> +} >>> \ No newline at end of file >>> >>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oau= th-beans.xml >>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-test= s/src/test/resources/oauth-beans.xml?rev=3D1483076&r1=3D1483075&r2=3D148307= 6&view=3Ddiff >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-bea= ns.xml (original) >>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-bea= ns.xml Wed May 15 20:56:34 2013 >>> @@ -48,12 +48,13 @@ >>> >>> >>> >>> + >>> >>> >>> >>> - >> - class=3D"org.apache.oltu.oauth2.integration.endpoints.AuthzE= ndpoint"/> >>> + >>> >>> + >>> >>> >>> >>> >>> >