111 lines
4.3 KiB
Java
111 lines
4.3 KiB
Java
package sample.secure.oauth2;
|
|
|
|
import java.util.Map;
|
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
import org.junit.Before;
|
|
import org.junit.Ignore;
|
|
import org.junit.Test;
|
|
import org.junit.runner.RunWith;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.boot.test.SpringApplicationConfiguration;
|
|
import org.springframework.boot.test.WebIntegrationTest;
|
|
import org.springframework.hateoas.MediaTypes;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.security.crypto.codec.Base64;
|
|
import org.springframework.security.web.FilterChainProxy;
|
|
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
|
import org.springframework.test.web.servlet.MockMvc;
|
|
import org.springframework.test.web.servlet.MvcResult;
|
|
import org.springframework.web.context.WebApplicationContext;
|
|
|
|
import static org.hamcrest.CoreMatchers.is;
|
|
import static org.hamcrest.MatcherAssert.assertThat;
|
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
|
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
|
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.webAppContextSetup;
|
|
|
|
/**
|
|
* Series of automated integration tests to verify proper behavior of auto-configured,
|
|
* OAuth2-secured system
|
|
*
|
|
* @author Greg Turnquist
|
|
*/
|
|
@RunWith(SpringJUnit4ClassRunner.class)
|
|
@SpringApplicationConfiguration(SampleSecureOAuth2Application.class)
|
|
@WebIntegrationTest(randomPort = true)
|
|
public class SampleSecureOAuth2ApplicationTests {
|
|
|
|
@Autowired
|
|
WebApplicationContext context;
|
|
|
|
@Autowired
|
|
FilterChainProxy filterChain;
|
|
|
|
private MockMvc mvc;
|
|
|
|
private final ObjectMapper objectMapper = new ObjectMapper();
|
|
|
|
@Before
|
|
public void setUp() {
|
|
this.mvc = webAppContextSetup(this.context).addFilters(this.filterChain).build();
|
|
SecurityContextHolder.clearContext();
|
|
}
|
|
|
|
@Test
|
|
public void everythingIsSecuredByDefault() throws Exception {
|
|
this.mvc.perform(get("/").accept(MediaTypes.HAL_JSON))
|
|
.andExpect(status().isUnauthorized()).andDo(print());
|
|
this.mvc.perform(get("/flights").accept(MediaTypes.HAL_JSON))
|
|
.andExpect(status().isUnauthorized()).andDo(print());
|
|
this.mvc.perform(get("/flights/1").accept(MediaTypes.HAL_JSON))
|
|
.andExpect(status().isUnauthorized()).andDo(print());
|
|
this.mvc.perform(get("/alps").accept(MediaTypes.HAL_JSON))
|
|
.andExpect(status().isUnauthorized()).andDo(print());
|
|
}
|
|
|
|
@Test
|
|
@Ignore
|
|
public void accessingRootUriPossibleWithUserAccount() throws Exception {
|
|
String header = "Basic " + new String(Base64.encode("greg:turnquist".getBytes()));
|
|
this.mvc.perform(
|
|
get("/").accept(MediaTypes.HAL_JSON).header("Authorization", header))
|
|
.andExpect(
|
|
header().string("Content-Type", MediaTypes.HAL_JSON.toString()))
|
|
.andExpect(status().isOk()).andDo(print());
|
|
}
|
|
|
|
@Test
|
|
public void useAppSecretsPlusUserAccountToGetBearerToken() throws Exception {
|
|
String header = "Basic " + new String(Base64.encode("foo:bar".getBytes()));
|
|
MvcResult result = this.mvc
|
|
.perform(post("/oauth/token").header("Authorization", header)
|
|
.param("grant_type", "password").param("scope", "read")
|
|
.param("username", "greg").param("password", "turnquist"))
|
|
.andExpect(status().isOk()).andDo(print()).andReturn();
|
|
Object accessToken = this.objectMapper
|
|
.readValue(result.getResponse().getContentAsString(), Map.class)
|
|
.get("access_token");
|
|
MvcResult flightsAction = this.mvc
|
|
.perform(get("/flights/1").accept(MediaTypes.HAL_JSON)
|
|
.header("Authorization", "Bearer " + accessToken))
|
|
.andExpect(
|
|
header().string("Content-Type", MediaTypes.HAL_JSON.toString()))
|
|
.andExpect(status().isOk()).andDo(print()).andReturn();
|
|
|
|
Flight flight = this.objectMapper.readValue(
|
|
flightsAction.getResponse().getContentAsString(), Flight.class);
|
|
|
|
assertThat(flight.getOrigin(), is("Nashville"));
|
|
assertThat(flight.getDestination(), is("Dallas"));
|
|
assertThat(flight.getAirline(), is("Spring Ways"));
|
|
assertThat(flight.getFlightNumber(), is("OAUTH2"));
|
|
assertThat(flight.getTraveler(), is("Greg Turnquist"));
|
|
}
|
|
|
|
}
|