I agree, However these issues (and the fix) were really related to each other. (And I was a little to eager to take on both at the same time ;-))
Also OLTU-5 and OLTU-31 were the same issues.. Regards, Stein On 15 mei 2013, at 23:34, Simone Tripodi <[email protected]> wrote: > Hi Stein, > > thanks - having new energies on Oltu is priceless!!! > > I'd suggest to get a little step back to our old best-practices, > splitting commits per issue, otherwise it is not easy to understand > which changes are related to OLTU-16, which to OLTU-31 and which to > OLTU-5. > > WDYT? > Tia and all the best! > -Simo > > http://people.apache.org/~simonetripodi/ > http://simonetripodi.livejournal.com/ > http://twitter.com/simonetripodi > http://www.99soft.org/ > > > On Wed, May 15, 2013 at 10:56 PM, <[email protected]> wrote: >> Author: stein >> Date: Wed May 15 20:56:34 2013 >> New Revision: 1483076 >> >> URL: http://svn.apache.org/r1483076 >> Log: >> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token >> endpoint >> >> Added: >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >> - copied, changed from r1483016, >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >> Modified: >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >> >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >> >> Modified: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> Wed May 15 20:56:34 2013 >> @@ -38,10 +38,8 @@ import org.junit.Test; >> */ >> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { >> >> - >> @Test >> public void testSuccessfullAccesToken() throws Exception { >> - >> OAuthClientRequest request = OAuthClientRequest >> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest >> OAuthAccessTokenResponse response = oAuthClient.accessToken(request); >> assertNotNull(response.getAccessToken()); >> assertNotNull(response.getExpiresIn()); >> - >> - >> } >> >> @Test >> - public void testSuccessfullAccesTokenGETMethod() throws Exception { >> - >> + public void testInvalidClientCredentials() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> - .setCode(Common.AUTHORIZATION_CODE) >> .setRedirectURI(Common.REDIRECT_URL) >> + .setCode(Common.AUTHORIZATION_CODE) >> .setClientId(Common.CLIENT_ID) >> - .setClientSecret(Common.CLIENT_SECRET) >> - .buildQueryMessage(); >> + .setClientSecret("wrongSecret") >> + .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> - OAuthAccessTokenResponse response = >> oAuthClient.accessToken(request, OAuth.HttpMethod.GET); >> - assertNotNull(response.getAccessToken()); >> - assertNotNull(response.getExpiresIn()); >> - >> >> + try { >> + oAuthClient.accessToken(request); >> + fail("exception expected"); >> + } catch (OAuthProblemException e) { >> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, >> e.getError()); >> + } >> } >> >> @Test >> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest >> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> .setGrantType(null) >> .setClientId(Common.CLIENT_ID) >> + .setClientSecret(Common.CLIENT_SECRET) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> .setCode(Common.AUTHORIZATION_CODE) >> .setClientId("unknownid") >> + .setClientSecret(Common.CLIENT_SECRET) >> .setRedirectURI(Common.REDIRECT_URL) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, >> e.getError()); >> } >> } >> >> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest >> .setCode(Common.AUTHORIZATION_CODE) >> .setRedirectURI(Common.REDIRECT_URL) >> .setClientId(Common.CLIENT_ID) >> + .setClientSecret(Common.CLIENT_SECRET) >> .buildBodyMessage(); >> >> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthclient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> } >> - >> } >> >> @Test >> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest >> .setRedirectURI(Common.REDIRECT_URL) >> .setCode("unknown_code") >> .setClientId(Common.CLIENT_ID) >> + .setClientSecret(Common.CLIENT_SECRET) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest >> oAuthClient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, >> e.getError()); >> } >> - >> } >> } >> \ No newline at end of file >> >> Modified: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >> Wed May 15 20:56:34 2013 >> @@ -78,7 +78,7 @@ public final class Common { >> public static final String HEADER_AUTHORIZATION = "Authorization"; >> >> public static final String AUTHORIZATION_CODE = "known_authz_code"; >> - >> + public static final String STATE = "abcde"; >> >> public static final String ASSERTION = "<samlp:AuthnRequest\n" >> + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" >> @@ -96,6 +96,7 @@ public final class Common { >> public static final String ASSERTION_TYPE = >> "http://xml.coverpages.org/saml.html";; >> >> public static final String ACCESS_TOKEN_ENDPOINT = >> "http://localhost:9001/auth/oauth2/token";; >> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = >> "http://localhost:9001/auth/oauth2/unauth-token";; >> public static final String AUTHORIZATION_ENPOINT = >> "http://localhost:9001/auth/oauth2/authz";; >> public static final String REDIRECT_URL = >> "http://localhost:9002/auth/oauth2/redirect";; >> public static final String RESOURCE_SERVER = >> "http://localhost:9003/resource_server";; >> >> Modified: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >> Wed May 15 20:56:34 2013 >> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex >> >> @Test >> public void testWrongParametersEndUserAuthorization() throws Exception { >> - >> - >> OAuthClientRequest request = OAuthClientRequest >> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >> .setClientId(Common.CLIENT_ID) >> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex >> >> @Test >> public void testCorrectParametersEndUserAuthorization() throws Exception >> { >> - >> OAuthClientRequest request = OAuthClientRequest >> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >> .setClientId(Common.CLIENT_ID) >> .setRedirectURI(Common.REDIRECT_URL + "1") >> .setResponseType(ResponseType.CODE.toString()) >> + .setState(Common.STATE) >> .buildQueryMessage(); >> >> Common.doRequest(request); >> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex >> @GET >> @Path("/redirect") >> public Response callback(@Context HttpServletRequest request) throws >> Exception { >> - >> OAuthClientResponse resp = null; >> try { >> OAuthAuthzResponse.oauthCodeAuthzResponse(request); >> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex >> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, >> e.getError()); >> } >> >> - >> return Response.ok().build(); >> } >> >> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex >> fail("exception not expected"); >> } >> >> - >> return Response.ok().build(); >> } >> >> >> Copied: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >> (from r1483016, >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java) >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >> Wed May 15 20:56:34 2013 >> @@ -36,60 +36,34 @@ import org.junit.Test; >> * >> * >> */ >> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { >> - >> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends >> ClientServerOAuthTest { >> >> @Test >> - public void testSuccessfullAccesToken() throws Exception { >> - >> + public void testSuccessfulAccessToken() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> .setCode(Common.AUTHORIZATION_CODE) >> .setRedirectURI(Common.REDIRECT_URL) >> .setClientId(Common.CLIENT_ID) >> - .setClientSecret(Common.CLIENT_SECRET) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> OAuthAccessTokenResponse response = oAuthClient.accessToken(request); >> assertNotNull(response.getAccessToken()); >> assertNotNull(response.getExpiresIn()); >> - >> - >> - } >> - >> - @Test >> - public void testSuccessfullAccesTokenGETMethod() throws Exception { >> - >> - OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> - .setGrantType(GrantType.AUTHORIZATION_CODE) >> - .setCode(Common.AUTHORIZATION_CODE) >> - .setRedirectURI(Common.REDIRECT_URL) >> - .setClientId(Common.CLIENT_ID) >> - .setClientSecret(Common.CLIENT_SECRET) >> - .buildQueryMessage(); >> - >> - OAuthClient oAuthClient = new OAuthClient(new >> URLConnectionClient()); >> - OAuthAccessTokenResponse response = >> oAuthClient.accessToken(request, OAuth.HttpMethod.GET); >> - assertNotNull(response.getAccessToken()); >> - assertNotNull(response.getExpiresIn()); >> - >> - >> } >> >> @Test >> public void testNoneGrantType() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setGrantType(null) >> .setClientId(Common.CLIENT_ID) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest >> @Test >> public void testInvalidRequest() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setClientId(Common.CLIENT_ID) >> .buildBodyMessage(); >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest >> @Test >> public void testInvalidClient() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> .setCode(Common.AUTHORIZATION_CODE) >> .setClientId("unknownid") >> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest >> >> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthClient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, >> e.getError()); >> } >> } >> >> @Test >> public void testInvalidGrantType() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type") >> .setCode(Common.AUTHORIZATION_CODE) >> .setRedirectURI(Common.REDIRECT_URL) >> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest >> >> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient()); >> >> - >> try { >> oAuthclient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> } >> - >> } >> >> @Test >> public void testInvalidCode() throws Exception { >> OAuthClientRequest request = OAuthClientRequest >> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >> .setGrantType(GrantType.AUTHORIZATION_CODE) >> .setRedirectURI(Common.REDIRECT_URL) >> .setCode("unknown_code") >> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest >> oAuthClient.accessToken(request); >> fail("exception expected"); >> } catch (OAuthProblemException e) { >> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >> e.getError()); >> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, >> e.getError()); >> } >> - >> } >> } >> \ No newline at end of file >> >> Modified: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >> Wed May 15 20:56:34 2013 >> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio >> @Path("/token") >> public class TokenEndpoint { >> >> + public static final String INVALID_CLIENT_DESCRIPTION = "Client >> authentication failed (e.g., unknown client, no client authentication >> included, or unsupported authentication method)."; >> + >> @POST >> @Consumes("application/x-www-form-urlencoded") >> @Produces("application/json") >> @@ -63,17 +65,26 @@ public class TokenEndpoint { >> >> try { >> oauthRequest = new OAuthTokenRequest(request); >> - >> - //check if clientid is valid >> - if >> (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { >> + >> + // check if clientid is valid >> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) { >> OAuthResponse response = >> >> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> - >> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id >> not found") >> + >> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >> + .buildJSONMessage(); >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } >> + >> + // check if client_secret is valid >> + if >> (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) { >> + OAuthResponse response = >> + >> OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED) >> + >> .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >> .buildJSONMessage(); >> return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> } >> >> - //do checking for different grant types >> + // do checking for different grant types >> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >> .equals(GrantType.AUTHORIZATION_CODE.toString())) { >> if >> (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) >> { >> @@ -97,6 +108,7 @@ public class TokenEndpoint { >> } >> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >> .equals(GrantType.REFRESH_TOKEN.toString())) { >> + // refresh token is not supported in this implementation >> OAuthResponse response = OAuthASResponse >> .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> .setError(OAuthError.TokenResponse.INVALID_GRANT) >> @@ -110,8 +122,8 @@ public class TokenEndpoint { >> .setAccessToken(oauthIssuerImpl.accessToken()) >> .setExpiresIn("3600") >> .buildJSONMessage(); >> - >> return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + >> } catch (OAuthProblemException e) { >> OAuthResponse res = >> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) >> .buildJSONMessage(); >> @@ -119,19 +131,4 @@ public class TokenEndpoint { >> } >> } >> >> - @GET >> - @Consumes("application/x-www-form-urlencoded") >> - @Produces("application/json") >> - public Response authorizeGet(@Context HttpServletRequest request) >> throws OAuthSystemException { >> - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new >> MD5Generator()); >> - >> - OAuthResponse response = OAuthASResponse >> - .tokenResponse(HttpServletResponse.SC_OK) >> - .setAccessToken(oauthIssuerImpl.accessToken()) >> - .setExpiresIn("3600") >> - .buildJSONMessage(); >> - >> - return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> - } >> - >> } >> \ No newline at end of file >> >> Added: >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >> (added) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >> Wed May 15 20:56:34 2013 >> @@ -0,0 +1,123 @@ >> +/** >> + * Copyright 2010 Newcastle University >> + * >> + * http://research.ncl.ac.uk/smart/ >> + * >> + * Licensed to the Apache Software Foundation (ASF) under one or more >> + * contributor license agreements. See the NOTICE file distributed with >> + * this work for additional information regarding copyright ownership. >> + * The ASF licenses this file to You under the Apache License, Version 2.0 >> + * (the "License"); you may not use this file except in compliance with >> + * the License. You may obtain a copy of the License at >> + * >> + * http://www.apache.org/licenses/LICENSE-2.0 >> + * >> + * Unless required by applicable law or agreed to in writing, software >> + * distributed under the License is distributed on an "AS IS" BASIS, >> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >> + * See the License for the specific language governing permissions and >> + * limitations under the License. >> + */ >> + >> +package org.apache.oltu.oauth2.integration.endpoints; >> + >> +import javax.servlet.http.HttpServletRequest; >> +import javax.servlet.http.HttpServletResponse; >> +import javax.ws.rs.Consumes; >> +import javax.ws.rs.GET; >> +import javax.ws.rs.POST; >> +import javax.ws.rs.Path; >> +import javax.ws.rs.Produces; >> +import javax.ws.rs.core.Context; >> +import javax.ws.rs.core.Response; >> + >> +import org.apache.oltu.oauth2.as.issuer.MD5Generator; >> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer; >> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; >> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest; >> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest; >> +import org.apache.oltu.oauth2.as.response.OAuthASResponse; >> +import org.apache.oltu.oauth2.common.OAuth; >> +import org.apache.oltu.oauth2.common.error.OAuthError; >> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException; >> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException; >> +import org.apache.oltu.oauth2.common.message.OAuthResponse; >> +import org.apache.oltu.oauth2.common.message.types.GrantType; >> +import org.apache.oltu.oauth2.integration.Common; >> + >> +/** >> + * >> + * >> + * >> + */ >> +@Path("/unauth-token") >> +public class UnauthenticatedTokenEndpoint { >> + >> + @POST >> + @Consumes("application/x-www-form-urlencoded") >> + @Produces("application/json") >> + public Response token(@Context HttpServletRequest request) throws >> OAuthSystemException { >> + >> + OAuthUnauthenticatedTokenRequest oauthRequest = null; >> + >> + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new >> MD5Generator()); >> + >> + try { >> + oauthRequest = new OAuthUnauthenticatedTokenRequest(request); >> + >> + // check if clientid is valid >> + if >> (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { >> + OAuthResponse response = >> + >> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> + >> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id >> not found") >> + .buildJSONMessage(); >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } >> + >> + // do checking for different grant types >> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >> + .equals(GrantType.AUTHORIZATION_CODE.toString())) { >> + if >> (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) >> { >> + OAuthResponse response = OAuthASResponse >> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >> + .setErrorDescription("invalid authorization code") >> + .buildJSONMessage(); >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } >> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >> + .equals(GrantType.PASSWORD.toString())) { >> + if (!Common.PASSWORD.equals(oauthRequest.getPassword()) >> + || !Common.USERNAME.equals(oauthRequest.getUsername())) >> { >> + OAuthResponse response = OAuthASResponse >> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >> + .setErrorDescription("invalid username or password") >> + .buildJSONMessage(); >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } >> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >> + .equals(GrantType.REFRESH_TOKEN.toString())) { >> + // refresh token is not supported in this implementation >> hence the oauth error. >> + OAuthResponse response = OAuthASResponse >> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >> + .setErrorDescription("invalid username or password") >> + .buildJSONMessage(); >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } >> + >> + OAuthResponse response = OAuthASResponse >> + .tokenResponse(HttpServletResponse.SC_OK) >> + .setAccessToken(oauthIssuerImpl.accessToken()) >> + .setExpiresIn("3600") >> + .buildJSONMessage(); >> + >> + return >> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >> + } catch (OAuthProblemException e) { >> + OAuthResponse res = >> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) >> + .buildJSONMessage(); >> + return >> Response.status(res.getResponseStatus()).entity(res.getBody()).build(); >> + } >> + } >> +} >> \ No newline at end of file >> >> Modified: >> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >> URL: >> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff >> ============================================================================== >> --- >> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >> (original) >> +++ >> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >> Wed May 15 20:56:34 2013 >> @@ -48,12 +48,13 @@ >> <jaxrs:serviceBeans> >> <ref bean="authzEndpoint"/> >> <ref bean="tokenEndpoint"/> >> + <ref bean="unauthenticatedTokenEndpoint"/> >> </jaxrs:serviceBeans> >> </jaxrs:server> >> >> - <bean id="authzEndpoint" >> - >> class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> >> + <bean id="authzEndpoint" >> class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> >> <bean id="tokenEndpoint" >> class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/> >> + <bean id="unauthenticatedTokenEndpoint" >> class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/> >> >> <!--OAuth Client --> >> <jaxrs:server id="oauthClient" >> address="http://localhost:9002/auth/oauth2/";> >> >>
