Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8c568c084 -> f420fe361
Adding a scope test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f420fe36 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f420fe36 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f420fe36 Branch: refs/heads/3.0.x-fixes Commit: f420fe361655c628cc5e720c0cee046d369e366c Parents: 8c568c0 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Jan 28 15:38:27 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Jan 28 16:00:47 2016 +0000 ---------------------------------------------------------------------- .../security/oauth2/common/OAuth2TestUtils.java | 22 ++++++++++++++- .../oauth2/grants/AuthorizationGrantTest.java | 29 ++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f420fe36/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index 166f996..97896cd 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -35,6 +35,7 @@ import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.SAMLUtil; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.saml.builder.SAML1Constants; +import org.junit.Assert; /** * Some test utils for the OAuth 2.0 tests @@ -54,6 +55,11 @@ public final class OAuth2TestUtils { } public static String getAuthorizationCode(WebClient client, String scope, String consumerId) { + return getAuthorizationCode(client, scope, consumerId, null, null); + } + + public static String getAuthorizationCode(WebClient client, String scope, String consumerId, + String nonce, String state) { // Make initial authorization request client.type("application/json").accept("application/json"); client.query("client_id", consumerId); @@ -62,6 +68,13 @@ public final class OAuth2TestUtils { if (scope != null) { client.query("scope", scope); } + if (nonce != null) { + client.query("nonce", nonce); + } + if (state != null) { + client.query("state", state); + } + client.path("authorize/"); Response response = client.get(); @@ -78,10 +91,17 @@ public final class OAuth2TestUtils { if (authzData.getProposedScope() != null) { form.param("scope", authzData.getProposedScope()); } + if (authzData.getState() != null) { + form.param("state", authzData.getState()); + } form.param("oauthDecision", "allow"); response = client.post(form); - String location = response.getHeaderString("Location"); + String location = response.getHeaderString("Location"); + if (state != null) { + Assert.assertTrue(location.contains("state=" + state)); + } + return getSubstring(location, "code"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f420fe36/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java index 3de3041..835df90 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java @@ -184,6 +184,35 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { } @org.junit.Test + public void testAuthorizationCodeGrantWithState() throws Exception { + URL busFile = AuthorizationGrantTest.class.getResource("client.xml"); + + String address = "https://localhost:"; + PORT + "/services/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + // Get Authorization Code + String state = "1234566789"; + String code = OAuth2TestUtils.getAuthorizationCode(client, "read_balance", "consumer-id", + null, state); + assertNotNull(code); + + // Now get the access token + client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "consumer-id", "this-is-a-secret", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + ClientAccessToken accessToken = + OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code); + assertNotNull(accessToken.getTokenKey()); + } + + @org.junit.Test public void testAuthorizationCodeGrantWithAudience() throws Exception { URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
