ClientCredentialGrantTestIT.java example

Explorer

apis-master
- apis-authorization-server
  - src
    - main
      - java
        org
        surfnet
        oaaas
        auth
        AbstractAuthenticator.java
        AbstractFilter.java
        AbstractUserConsentHandler.java
        AuthenticationFilter.java
        LocalResourceOwnerAuthenticator.java
        OAuth2Validator.java
        OAuth2ValidatorImpl.java
        ResourceOwnerAuthenticator.java
        UserConsentFilter.java
        ValidationResponseException.java
        cas
        CasAuthenticator.java
        CasUser.java
        PostCasAuthenticationFilter.java
        model
        AbstractEntity.java
        AccessToken.java
        AccessTokenRequest.java
        AccessTokenResponse.java
        AuthorizationRequest.java
        Client.java
        ErrorResponse.java
        ResourceOwner.java
        ResourceServer.java
        StatisticsResponse.java
        ValidationErrorResponse.java
        validation
        AbstractEntityValid.java
        AbstractEntityValidator.java
        noop
        NoopAdminAuthenticator.java
        NoopAuthenticator.java
        NoopResourceOwnerAuthenticator.java
        NoopUserConsentHandler.java
        repository
        AccessTokenRepository.java
        AuthorizationRequestRepository.java
        ClientRepository.java
        ExceptionTranslator.java
        OpenJPAExceptionTranslator.java
        ResourceOwnerRepository.java
        ResourceServerRepository.java
        resource
        RevokeResource.java
        TokenResource.java
        VerifyResource.java
        resourceserver
        AbstractResource.java
        AccessTokenResource.java
        ClientResource.java
        ResourceOwnerResource.java
        ResourceServerResource.java
        support
        Cleaner.java
    - test
      - java
        org
        surfnet
        oaaas
        auth
        LocalResourceOwnerAuthenticatorTest.java
        OAuth2ValidatorImplTest.java
        model
        AbstractEntityTest.java
        AccessTokenTest.java
        ClientTest.java
        ResourceOwnerTest.java
        ResourceServerTest.java
        repository
        AbstractTestRepository.java
        AccessTokenRepositoryTest.java
        AuthorizationRequestRepositoryTest.java
        ClientRepositoryTest.java
        ResourceOwnerRepositoryTest.java
        ResourceServerRepositoryTest.java
        resource
        TokenResourceTest.java
        resourceserver
        AccessTokenResourceTest.java
        ClientResourceTest.java
        ResourceOwnerResourceTest.java
        ResourceServerResourceTest.java
- apis-authorization-server-war
  - src
    - main
      - java
        org
        surfnet
        oaaas
        authentication
        FormLoginAuthenticator.java
        config
        CasSpringConfiguration.java
        SpringConfiguration.java
        consent
        FormUserConsentHandler.java
        logging
        LogbackConfigLocationListener.java
    - test
      - java
        org
        surfnet
        oaaas
        config
        SpringConfigTest.java
        it
        AbstractAuthorizationServerTest.java
        ClientCredentialGrantTestIT.java
        ClientResourceTestIT.java
        ResourceServerTestIT.java
        VerifyResourceTestIT.java
        selenium
        AuthorizationCodeRequestHandler.java
        AuthorizationCodeTestIT.java
        ImplicitGrantTestIT.java
        RefreshTokenTestIT.java
        SeleniumSupport.java
- apis-example-client-app
  - src
    - main
      - java
        org
        surfnet
        oaaas
        config
        SpringConfiguration.java
        web
        ClientController.java
        ClientSettings.java
- apis-example-resource-server
  - src
    - main
      - java
        org
        surfnet
        oaaas
        example
        api
        AuthConfiguration.java
        OAuthAuthenticator.java
        UniversityFooConfiguration.java
        UniversityFooService.java
        domain
        Course.java
        Student.java
        University.java
        resource
        UniversityResource.java
- apis-example-resource-server-war
  - src
    - test
      - java
        org
        surfnet
        oaaas
        it
        AuthorizationFilterIntegration.java
- apis-openconext-mock-war
  - src
    - main
      - java
        org
        surfnet
        oaaas
        conext
        mock
        OpenConextServlet.java
- apis-resource-server-library
  - src
    - main
      - java
        org
        surfnet
        oaaas
        auth
        AuthorizationServerFilter.java
        ObjectMapperProvider.java
        principal
        AuthenticatedPrincipal.java
        BasicAuthCredentials.java
        model
        TokenResponseCache.java
        TokenResponseCacheImpl.java
        VerifyTokenResponse.java
    - test
      - java
        org
        surfnet
        oaaas
        auth
        AuthorizationServerFilterTest.java
        principal
        AuthenticatedPrincipalTest.java
        BasicAuthCredentialsTest.java
        model
        TokenResponseCacheTest.java
- apis-surfconext-authn
  - src
    - main
      - java
        org
        surfnet
        oaaas
        conext
        OpenSAMLContext.java
        SAMLAuthenticatedPrincipal.java
        SAMLAuthenticator.java
        SAMLProvisioner.java
        mock
        OpenConextOAuthClientMock.java
    - test
      - java
        org
        surfnet
        oaaas
        conext
        SAMLAuthenticatedPrincipalTest.java
- jetty-connector
  - src
    - main
      - java
        org
        surfnet
        oaaas
        jetty
        SelectChannelConnectorHttps.java
    - test
      - java
        org
        surfnet
        oaaas
        jetty
        SelectChannelConnectorHttpsTest.java

/*
 * Copyright 2012 SURFnet bv, The Netherlands
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.surfnet.oaaas.it;

import com.sun.jersey.api.client.ClientResponse;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.codehaus.jackson.map.ObjectMapper;
import org.junit.Test;
import org.surfnet.oaaas.auth.OAuth2Validator;
import org.surfnet.oaaas.model.*;

import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;

import static org.hamcrest.core.IsNot.not;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;

/**
 * Test for Client Credential. Prerequisite is the client 'it-test-client-credential-grant', 'some-secret-client-credential-grant' that may issue client credential grants
 */
public class ClientCredentialGrantTestIT extends AbstractAuthorizationServerTest {

  /*
   * The ObjectMapper from the super class is expecting class meta data as it converts VerifyTokenResponse instances and this is not conform spec for AccessTokenResponses
   */
  private ObjectMapper mapper = new ObjectMapper();

  @Test
  public void clientCredentialAccessTokenHappy() throws IOException {

    InputStream responseContent = performClientCredentialTokenPost("it-test-client-credential-grant", "some-secret-client-credential-grant");

    String content = IOUtils.toString(responseContent);

    AccessTokenResponse accessTokenResponse =  mapper.readValue(content,AccessTokenResponse.class);
    assertNotNull(accessTokenResponse.getAccessToken());
    assertEquals(0, accessTokenResponse.getExpiresIn());
    assertEquals(OAuth2Validator.BEARER, accessTokenResponse.getTokenType());

    //now check the actual result for an resource server (the one 'owning' the client we used) checking this access token

    final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", accessTokenResponse.getAccessToken())
            .header("Authorization", authorizationBasic("it-test-resource-server", "somesecret")).get(ClientResponse.class);
    assertEquals(200, response.getStatus());
    String json = response.getEntity(String.class);
    final VerifyTokenResponse verifyTokenResponse = mapper.readValue(json, VerifyTokenResponse.class);

    //The client name equals the principal name as we did not authenticate with the AbstractAuthenticator
    assertEquals("it-test-client-credential-grant", verifyTokenResponse.getPrincipal().getName());
  }

  @Test
  public void clientCredentialAccessTokenWithClientNotAllowed() throws IOException {
    InputStream responseContent = performClientCredentialTokenPost("it-test-client-grant", "somesecret-grant");

    Map response =  mapper.readValue(responseContent,HashMap.class);
    assertEquals("unauthorized_client", response.get("error"));
    assertEquals("The client has no permisssion for client credentials", response.get("error_description"));
  }

  private InputStream performClientCredentialTokenPost(String username, String password) throws IOException {
    String tokenUrl = String.format("%s/oauth2/token", baseUrl());
    final HttpPost tokenRequest = new HttpPost(tokenUrl);
    String postBody = String.format("grant_type=%s", OAuth2Validator.GRANT_TYPE_CLIENT_CREDENTIALS );

    tokenRequest.setEntity(new ByteArrayEntity(postBody.getBytes()));
    tokenRequest.addHeader("Authorization", authorizationBasic(username, password));
    tokenRequest.addHeader("Content-Type", "application/x-www-form-urlencoded");

    HttpResponse tokenHttpResponse = new DefaultHttpClient().execute(tokenRequest);
    return tokenHttpResponse.getEntity().getContent();
  }


}