OAuth2ClientAuthenticationProcessingFilterTests.java example

Explorer
spring-security-oauth-master
/*
 * Copyright 2010-2012 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.client.filter;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.ServletException;

import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.RequestTokenFactory;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

public class OAuth2ClientAuthenticationProcessingFilterTests {

	private OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
			"/some/url");

	private ResourceServerTokenServices tokenServices = Mockito.mock(ResourceServerTokenServices.class);

	private OAuth2RestOperations restTemplate = Mockito.mock(OAuth2RestOperations.class);

	private OAuth2Authentication authentication;
	
	@Rule
	public ExpectedException expected = ExpectedException.none();

	@Test
	public void testAuthentication() throws Exception {
		filter.setRestTemplate(restTemplate);
		filter.setTokenServices(tokenServices);
		Mockito.when(restTemplate.getAccessToken()).thenReturn(new DefaultOAuth2AccessToken("FOO"));
		Set<String> scopes = new HashSet<String>();
		scopes.addAll(Arrays.asList("read", "write"));
		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("client", false, scopes);
		this.authentication = new OAuth2Authentication(storedOAuth2Request, null);
		Mockito.when(tokenServices.loadAuthentication("FOO")).thenReturn(authentication);
		Authentication authentication = filter.attemptAuthentication(new MockHttpServletRequest(), null);
		assertEquals(this.authentication, authentication);
		Mockito.verify(restTemplate, Mockito.times(1)).getAccessToken();
	}

	@Test
	public void testAuthenticationWithTokenType() throws Exception {
		filter.setRestTemplate(restTemplate);
		filter.setTokenServices(tokenServices);
		DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
		token.setTokenType("foo");
		Mockito.when(restTemplate.getAccessToken()).thenReturn(token);
		Set<String> scopes = new HashSet<String>();
		scopes.addAll(Arrays.asList("read", "write"));
		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("client", false, scopes);
		this.authentication = new OAuth2Authentication(storedOAuth2Request, null);
		Mockito.when(tokenServices.loadAuthentication("FOO")).thenReturn(authentication);
		Authentication authentication = filter.attemptAuthentication(new MockHttpServletRequest(), null);
		assertEquals("foo", ((OAuth2AuthenticationDetails) authentication.getDetails()).getTokenType());
	}

	@Test
	public void testSuccessfulAuthentication() throws Exception {
		filter.setRestTemplate(restTemplate);
		Set<String> scopes = new HashSet<String>();
		scopes.addAll(Arrays.asList("read", "write"));
		OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("client", false, scopes);
		this.authentication = new OAuth2Authentication(storedOAuth2Request, null);
		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(), null, authentication);
		Mockito.verify(restTemplate, Mockito.times(1)).getAccessToken();
	}

	@Test
	public void testDeniedToken() throws Exception {
		filter.setRestTemplate(restTemplate);
		Mockito.when(restTemplate.getAccessToken()).thenThrow(new OAuth2Exception("User denied acess token"));
		expected.expect(BadCredentialsException.class);
		filter.attemptAuthentication(null, null);
	}

	@Test
	public void testUnsuccessfulAuthentication() throws IOException, ServletException {
		try {
			filter.unsuccessfulAuthentication(null, null, new AccessTokenRequiredException("testing", null));
			fail("AccessTokenRedirectException must be thrown");
		}
		catch (AccessTokenRequiredException ex) {

		}
	}
}