/*
* Copyright 2012 SURFnet bv, The Netherlands
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.surfnet.oaaas.it;
import static org.junit.Assert.assertEquals;
import org.codehaus.jackson.JsonParseException;
import org.junit.Test;
import org.surfnet.oaaas.model.VerifyTokenResponse;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import java.io.IOException;
public class VerifyResourceTestIT extends AbstractAuthorizationServerTest {
@Test
public void withNoParams() {
final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).get(ClientResponse.class);
assertEquals(401, response.getStatus());
}
@Test
public void withNoAuthorizationHeader() {
final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "boobaa")
.get(ClientResponse.class);
assertEquals(401, response.getStatus());
}
@Test
public void withInvalidAuthorizationHeader() {
final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "boobaa")
.header("Authorization", "NotBasicButGarbage abb ccc dd").get(ClientResponse.class);
assertEquals(401, response.getStatus());
}
@Test
public void withValidAuthorizationHeaderButNoAccessToken() {
final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo"))
.header("Authorization", authorizationBasic("user", "pass")).get(ClientResponse.class);
assertEquals(401, response.getStatus());
}
@Test
public void happy() throws IOException {
final ClientResponse response = client.resource(baseUrlWith("/v1/tokeninfo")).queryParam("access_token", "00-11-22-33")
.header("Authorization", authorizationBasic("it-test-resource-server", "somesecret")).get(ClientResponse.class);
assertEquals(200, response.getStatus());
String json = response.getEntity(String.class);
final VerifyTokenResponse verifyTokenResponse = objectMapper.readValue(json, VerifyTokenResponse.class);
assertEquals("it-test-enduser", verifyTokenResponse.getPrincipal().getName());
}
}