TestTokenEndpoint.java example

Explorer
easylocate-master
/*
 * Copyright 2002-2011 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.oauth2.provider.endpoint;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.TokenGranter;

/**
 * @author Dave Syer
 * @author Rob Winch
 */
@RunWith(MockitoJUnitRunner.class)
public class TestTokenEndpoint {

	@Mock
	private TokenGranter tokenGranter;

	@Mock
	private AuthorizationRequestManager authorizationRequestFactory;

	@Mock
	private ClientDetailsService clientDetailsService;

	@Test
	public void testGetAccessTokenWithNoClientId() {

		TokenEndpoint endpoint = new TokenEndpoint();
		endpoint.setTokenGranter(tokenGranter);
		endpoint.setAuthorizationRequestManager(authorizationRequestFactory);
		endpoint.setClientDetailsService(clientDetailsService);

		HashMap<String, String> parameters = new HashMap<String, String>();

		OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
		when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(AuthorizationRequest.class))).thenReturn(
				expectedToken);
		@SuppressWarnings("unchecked")
		Map<String, String> anyMap = Mockito.any(Map.class);
		when(authorizationRequestFactory.createAuthorizationRequest(anyMap)).thenReturn(
				new DefaultAuthorizationRequest(parameters));

		ResponseEntity<OAuth2AccessToken> response = endpoint.getAccessToken(new UsernamePasswordAuthenticationToken(
				null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT"))), "authorization_code",
				parameters);

		assertNotNull(response);
		assertEquals(HttpStatus.OK, response.getStatusCode());
		OAuth2AccessToken body = response.getBody();
		assertEquals(body, expectedToken);
		assertTrue("Wrong body: " + body, body.getTokenType() != null);
	}

	@Test
	public void testGetAccessTokenWithScope() {

		TokenEndpoint endpoint = new TokenEndpoint();
		endpoint.setTokenGranter(tokenGranter);
		endpoint.setAuthorizationRequestManager(authorizationRequestFactory);
		endpoint.setClientDetailsService(clientDetailsService);

		HashMap<String, String> parameters = new HashMap<String, String>();
		parameters.put("scope", "read");
		parameters.put("grant_type", "authorization_code");
		parameters.put("code", "kJAHDFG");

		OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
		ArgumentCaptor<AuthorizationRequest> captor = ArgumentCaptor.forClass(AuthorizationRequest.class);
		when(tokenGranter.grant(Mockito.eq("authorization_code"), captor.capture())).thenReturn(expectedToken);
		@SuppressWarnings("unchecked")
		Map<String, String> anyMap = Mockito.any(Map.class);
		when(authorizationRequestFactory.createAuthorizationRequest(anyMap)).thenReturn(
				new DefaultAuthorizationRequest(parameters));

		ResponseEntity<OAuth2AccessToken> response = endpoint.getAccessToken(new UsernamePasswordAuthenticationToken(
				null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT"))), "authorization_code",
				parameters);

		assertNotNull(response);
		assertEquals(HttpStatus.OK, response.getStatusCode());
		OAuth2AccessToken body = response.getBody();
		assertEquals(body, expectedToken);
		assertTrue("Wrong body: " + body, body.getTokenType() != null);
		assertTrue("Scope of token request not cleared", captor.getValue().getScope().isEmpty());
	}

}