Add test examples for the resource server sample

- Add a post endpoint in /messages
- Changes the security config to require the read scope to GET a message and the write scope
to POST a new message.
- Changes the jwks of the mock server so I could create a new access token with the write scope.
- Creates tests and integration-tests for the POST endpoint.
- Changes the README to add an example of a POST request.

Fixes gh-7118
This commit is contained in:
Henrique Luis Schmidt
2019-07-27 19:25:08 -03:00
committed by Josh Cummings
parent 646f257e01
commit da62c31fdc
6 changed files with 104 additions and 12 deletions

View File

@@ -25,12 +25,16 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.security.oauth2.jwt.Jwt;
import static org.hamcrest.CoreMatchers.is;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when;
/**
*
@@ -60,8 +64,9 @@ public class OAuth2ResourceServerControllerTests {
mockMvc.perform(get("/message").with(jwt(jwt -> jwt.claim("scope", "message:read"))))
.andExpect(content().string(is("secret message")));
mockMvc.perform(get("/message").with(jwt().authorities(new SimpleGrantedAuthority(("SCOPE_message:read")))))
.andExpect(content().string(is("secret message")));
mockMvc.perform(get("/message")
.with(jwt().authorities(new SimpleGrantedAuthority(("SCOPE_message:read")))))
.andExpect(content().string(is("secret message")));
}
@Test
@@ -69,4 +74,45 @@ public class OAuth2ResourceServerControllerTests {
mockMvc.perform(get("/message").with(jwt()))
.andExpect(status().isForbidden());
}
@Test
public void messageCanNotBeCreatedWithoutAnyScope() throws Exception {
Jwt jwt = Jwt.withTokenValue("token")
.header("alg", "none")
.claim("scope", "")
.build();
when(jwtDecoder.decode(anyString())).thenReturn(jwt);
mockMvc.perform(post("/message")
.content("Hello message")
.header("Authorization", "Bearer " + jwt.getTokenValue()))
.andExpect(status().isForbidden());
}
@Test
public void messageCanNotBeCreatedWithScopeMessageReadAuthority() throws Exception {
Jwt jwt = Jwt.withTokenValue("token")
.header("alg", "none")
.claim("scope", "message:read")
.build();
when(jwtDecoder.decode(anyString())).thenReturn(jwt);
mockMvc.perform(post("/message")
.content("Hello message")
.header("Authorization", "Bearer " + jwt.getTokenValue()))
.andExpect(status().isForbidden());
}
@Test
public void messageCanBeCreatedWithScopeMessageWriteAuthority()
throws Exception {
Jwt jwt = Jwt.withTokenValue("token")
.header("alg", "none")
.claim("scope", "message:write")
.build();
when(jwtDecoder.decode(anyString())).thenReturn(jwt);
mockMvc.perform(post("/message")
.content("Hello message")
.header("Authorization", "Bearer " + jwt.getTokenValue()))
.andExpect(status().isOk())
.andExpect(content().string(is("Message was created. Content: Hello message")));
}
}