You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by wo...@apache.org on 2011/10/12 22:00:12 UTC
svn commit: r1182560 [3/3] - in /shindig/trunk: content/sampledata/
java/common/conf/ java/server/src/main/webapp/WEB-INF/
java/social-api/src/main/java/org/apache/shindig/social/core/oauth/
java/social-api/src/main/java/org/apache/shindig/social/core/...
Added: shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ImplicitFlowTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ImplicitFlowTest.java?rev=1182560&view=auto
==============================================================================
--- shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ImplicitFlowTest.java (added)
+++ shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ImplicitFlowTest.java Wed Oct 12 20:00:11 2011
@@ -0,0 +1,187 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.apache.shindig.social.core.oauth;
+
+import org.apache.shindig.common.testing.FakeHttpServletRequest;
+import org.apache.shindig.common.uri.UriBuilder;
+import org.apache.shindig.social.core.oauth2.OAuth2Servlet;
+import org.apache.shindig.social.dataservice.integration.AbstractLargeRestfulTests;
+import org.easymock.Capture;
+import org.easymock.EasyMock;
+import org.json.JSONObject;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.servlet.http.HttpServletResponse;
+
+import java.io.PrintWriter;
+import java.net.URLEncoder;
+
+public class OAuth2ImplicitFlowTest extends AbstractLargeRestfulTests {
+ protected OAuth2Servlet servlet = null;
+
+ public static final String IMPLICIT_CLIENT_ID = "advancedImplicitClient";
+
+ protected static final String REDIRECT_URI = "http://localhost:8080/oauthclients/ImplicitClientHelper.html";
+
+ @Before
+ @Override
+ public void abstractLargeRestfulBefore() throws Exception {
+ super.abstractLargeRestfulBefore();
+ servlet = new OAuth2Servlet();
+ injector.injectMembers(servlet);
+ };
+
+ /**
+ * Test retrieving an access token using a public client with a redirect uri
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testGetAccessTokenWithRedirectParamAndState() throws Exception {
+ FakeHttpServletRequest req = new FakeHttpServletRequest(
+ "http://localhost:8080/oauth2");
+ req.setContentType("application/x-www-form-urlencoded");
+ req.setPostData(
+ "client_id=" + IMPLICIT_CLIENT_ID
+ + "&response_type=token&state=PRESERVEME&redirect_uri="
+ + URLEncoder.encode(REDIRECT_URI, "UTF-8"), "UTF-8");
+ req.setMethod("GET");
+ req.setServletPath("/oauth2");
+ req.setPathInfo("/authorize");
+ HttpServletResponse resp = mock(HttpServletResponse.class);
+ Capture<String> redirectURI = new Capture<String>();
+ resp.setHeader(EasyMock.eq("Location"), EasyMock.capture(redirectURI));
+ resp.setStatus(HttpServletResponse.SC_FOUND);
+ MockServletOutputStream outputStream = new MockServletOutputStream();
+ EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
+ PrintWriter writer = new PrintWriter(outputStream);
+ EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
+ replay();
+ servlet.service(req, resp);
+ writer.flush();
+ String fragment = UriBuilder.parse(redirectURI.getValue()).getFragment();
+ assertTrue(redirectURI.getValue().startsWith(REDIRECT_URI));
+ assertTrue(fragment.contains("token_type=bearer"));
+ assertTrue(fragment.contains("access_token="));
+ assertTrue(fragment.contains("expires_in="));
+ assertTrue(fragment.contains("state=PRESERVEME"));
+
+ verify();
+ }
+
+ /**
+ * Test retrieving an access token using a public client with redirect uri
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testGetAccessTokenNoRedirectParam() throws Exception {
+ FakeHttpServletRequest req = new FakeHttpServletRequest(
+ "http://localhost:8080/oauth2");
+ req.setContentType("application/x-www-form-urlencoded");
+ req.setPostData("client_id=" + IMPLICIT_CLIENT_ID + "&response_type=token",
+ "UTF-8");
+ req.setMethod("GET");
+ req.setServletPath("/oauth2");
+ req.setPathInfo("/authorize");
+ HttpServletResponse resp = mock(HttpServletResponse.class);
+ Capture<String> redirectURI = new Capture<String>();
+ resp.setHeader(EasyMock.eq("Location"), EasyMock.capture(redirectURI));
+ resp.setStatus(HttpServletResponse.SC_FOUND);
+ MockServletOutputStream outputStream = new MockServletOutputStream();
+ EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
+ PrintWriter writer = new PrintWriter(outputStream);
+ EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
+ replay();
+ servlet.service(req, resp);
+ writer.flush();
+ String fragment = UriBuilder.parse(redirectURI.getValue()).getFragment();
+ assertTrue(redirectURI.getValue().startsWith(REDIRECT_URI));
+ assertTrue(fragment.contains("token_type=bearer"));
+ assertTrue(fragment.contains("access_token="));
+ assertTrue(fragment.contains("expires_in="));
+ verify();
+ }
+
+ /**
+ * Test attempting to retrieve an access token using a bad redirect URI
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testGetAccessTokenWithBadRedirect() throws Exception {
+ FakeHttpServletRequest req = new FakeHttpServletRequest(
+ "http://localhost:8080/oauth2");
+ req.setContentType("application/x-www-form-urlencoded");
+ req.setPostData(
+ "client_id=" + IMPLICIT_CLIENT_ID
+ + "&response_type=token&redirect_uri="
+ + URLEncoder.encode("BAD_REDIRECT", "UTF-8"), "UTF-8");
+ req.setMethod("GET");
+ req.setServletPath("/oauth2");
+ req.setPathInfo("/authorize");
+ HttpServletResponse resp = mock(HttpServletResponse.class);
+
+ resp.setStatus(EasyMock.eq(HttpServletResponse.SC_FORBIDDEN));
+ MockServletOutputStream outputStream = new MockServletOutputStream();
+ EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
+ PrintWriter writer = new PrintWriter(outputStream);
+ EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
+ replay();
+ servlet.service(req, resp);
+ writer.flush();
+
+ verify();
+ String response = new String(outputStream.getBuffer(), "UTF-8");
+ JSONObject respObj = new JSONObject(response);
+ assertTrue(respObj.has("error"));
+ }
+
+ /**
+ * Test attempting to retrieve an access token using a bad client id
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testGetAccessTokenWithBadClientID() throws Exception {
+ FakeHttpServletRequest req = new FakeHttpServletRequest(
+ "http://localhost:8080/oauth2");
+ req.setContentType("application/x-www-form-urlencoded");
+ req.setPostData("client_id=BAD-ID&response_type=token&redirect_uri="
+ + URLEncoder.encode(REDIRECT_URI, "UTF-8"), "UTF-8");
+ req.setMethod("GET");
+ req.setServletPath("/oauth2");
+ req.setPathInfo("/authorize");
+ HttpServletResponse resp = mock(HttpServletResponse.class);
+ resp.setStatus(EasyMock.eq(HttpServletResponse.SC_FORBIDDEN));
+ MockServletOutputStream outputStream = new MockServletOutputStream();
+ EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).anyTimes();
+ PrintWriter writer = new PrintWriter(outputStream);
+ EasyMock.expect(resp.getWriter()).andReturn(writer).anyTimes();
+ replay();
+ servlet.service(req, resp);
+ writer.flush();
+
+ verify();
+ String response = new String(outputStream.getBuffer(), "UTF-8");
+ JSONObject respObj = new JSONObject(response);
+ assertTrue(respObj.has("error"));
+ }
+
+}
\ No newline at end of file
Modified: shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java?rev=1182560&r1=1182559&r2=1182560&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java (original)
+++ shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java Wed Oct 12 20:00:11 2011
@@ -68,9 +68,9 @@ public class OAuthAuthenticationHanderTe
public void setUp() throws Exception {
reqHandler = new OAuthAuthenticationHandler(mockStore, validator);
formEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d",
- OAuth.FORM_ENCODED);
+ OAuth.FORM_ENCODED);
nonFormEncodedPost = new FakeOAuthRequest("POST", TEST_URL, "BODY",
- "text/plain");
+ "text/plain");
}
private void expectTokenEntry() {
@@ -78,9 +78,8 @@ public class OAuthAuthenticationHanderTe
}
private void expectTokenEntry(OAuthEntry authEntry) {
- EasyMock.expect(mockStore.getEntry(
- EasyMock.eq(TOKEN))).
- andReturn(authEntry).anyTimes();
+ EasyMock.expect(mockStore.getEntry(EasyMock.eq(TOKEN)))
+ .andReturn(authEntry).anyTimes();
}
private OAuthEntry createOAuthEntry() {
@@ -100,11 +99,13 @@ public class OAuthAuthenticationHanderTe
private void expectConsumer() {
try {
- EasyMock.expect(mockStore.getConsumer(
- EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY))).
- andReturn(new OAuthConsumer(null, FakeOAuthRequest.CONSUMER_KEY,
- FakeOAuthRequest.CONSUMER_SECRET, new OAuthServiceProvider(null, null, null)))
- .anyTimes();
+ EasyMock
+ .expect(
+ mockStore.getConsumer(EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY)))
+ .andReturn(
+ new OAuthConsumer(null, FakeOAuthRequest.CONSUMER_KEY,
+ FakeOAuthRequest.CONSUMER_SECRET, new OAuthServiceProvider(
+ null, null, null))).anyTimes();
} catch (OAuthProblemException e) {
// ignore
}
@@ -112,9 +113,11 @@ public class OAuthAuthenticationHanderTe
private void expectSecurityToken() {
try {
- EasyMock.expect(mockStore.getSecurityTokenForConsumerRequest(
- EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY), EasyMock.eq(FakeOAuthRequest.REQUESTOR))).
- andReturn(new AnonymousSecurityToken());
+ EasyMock.expect(
+ mockStore.getSecurityTokenForConsumerRequest(
+ EasyMock.eq(FakeOAuthRequest.CONSUMER_KEY),
+ EasyMock.eq(FakeOAuthRequest.REQUESTOR))).andReturn(
+ new AnonymousSecurityToken());
} catch (OAuthProblemException e) {
// ignore
}
@@ -126,7 +129,8 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertEquals(FakeOAuthRequest.REQUESTOR, token.getViewerId());
assertEquals(APP_ID, token.getAppId());
@@ -142,10 +146,10 @@ public class OAuthAuthenticationHanderTe
expectTokenEntry();
expectConsumer();
replay();
- FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -154,10 +158,10 @@ public class OAuthAuthenticationHanderTe
expectTokenEntry();
expectConsumer();
replay();
- FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
+ FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -167,20 +171,21 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.POST_BODY,
+ FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertNotNull(token);
verify();
}
-
@Test
public void testVerifyFailNoTokenEntry() throws Exception {
expectTokenEntry(null);
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as no token entry in store");
@@ -198,7 +203,8 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token secrets mismatch");
@@ -216,7 +222,8 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token is a request token not an access token");
@@ -229,13 +236,15 @@ public class OAuthAuthenticationHanderTe
@Test
public void testVerifyFailTokenIsExpired() throws Exception {
OAuthEntry authEntry = createOAuthEntry();
- authEntry.setIssueTime(new Date(System.currentTimeMillis() - (OAuthEntry.ONE_YEAR + 1)));
+ authEntry.setIssueTime(new Date(System.currentTimeMillis()
+ - (OAuthEntry.ONE_YEAR + 1)));
authEntry.setType(OAuthEntry.Type.REQUEST);
expectTokenEntry(authEntry);
expectConsumer();
replay();
HttpServletRequest request = formEncodedPost.sign(TOKEN,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Expect failure as token is expired");
@@ -251,7 +260,8 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
assertNotNull(token);
assertFalse(token instanceof OAuthSecurityToken);
@@ -263,10 +273,10 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
expectSecurityToken();
replay();
- FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -275,10 +285,10 @@ public class OAuthAuthenticationHanderTe
expectConsumer();
expectSecurityToken();
replay();
- FakeOAuthRequest get =
- new FakeOAuthRequest("GET", TEST_URL, null, null);
+ FakeOAuthRequest get = new FakeOAuthRequest("GET", TEST_URL, null, null);
FakeHttpServletRequest request = get.sign(null,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
+ FakeOAuthRequest.BodySigning.NONE);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@@ -288,7 +298,8 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.AUTH_HEADER,
+ FakeOAuthRequest.BodySigning.NONE);
reqHandler.getSecurityTokenFromRequest(request);
verify();
}
@@ -299,7 +310,8 @@ public class OAuthAuthenticationHanderTe
expectSecurityToken();
replay();
HttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.POST_BODY,
+ FakeOAuthRequest.BodySigning.NONE);
reqHandler.getSecurityTokenFromRequest(request);
verify();
}
@@ -308,14 +320,14 @@ public class OAuthAuthenticationHanderTe
public void testNoSignature() throws Exception {
replay();
FakeHttpServletRequest request = formEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
// A request without a signature is not an OAuth request
request.setParameter(OAuth.OAUTH_SIGNATURE, "");
SecurityToken st = reqHandler.getSecurityTokenFromRequest(request);
assertNull(st);
}
-
@Test
public void testBodyHashSigning() throws Exception {
expectConsumer();
@@ -323,19 +335,20 @@ public class OAuthAuthenticationHanderTe
replay();
FakeHttpServletRequest request = nonFormEncodedPost.sign(null,
- FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.HASH);
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.HASH);
assertNotNull(reqHandler.getSecurityTokenFromRequest(request));
}
@Test
- public void testConsumerFailBodyHashSigningWithFormEncoding() throws Exception {
+ public void testConsumerFailBodyHashSigningWithFormEncoding()
+ throws Exception {
replay();
- FakeOAuthRequest bodyHashPost =
- new FakeOAuthRequest("POST", TEST_URL, "a=b&c=d&oauth_body_hash=hash",
- OAuth.FORM_ENCODED);
- FakeHttpServletRequest request = bodyHashPost
- .sign(null, FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
- FakeOAuthRequest.BodySigning.NONE);
+ FakeOAuthRequest bodyHashPost = new FakeOAuthRequest("POST", TEST_URL,
+ "a=b&c=d&oauth_body_hash=hash", OAuth.FORM_ENCODED);
+ FakeHttpServletRequest request = bodyHashPost.sign(null,
+ FakeOAuthRequest.OAuthParamLocation.URI_QUERY,
+ FakeOAuthRequest.BodySigning.NONE);
try {
reqHandler.getSecurityTokenFromRequest(request);
fail("Cant have body signing with form-encoded post bodies");
@@ -360,8 +373,8 @@ public class OAuthAuthenticationHanderTe
req.setContentType("text/plain");
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))),
- "UTF-8");
+ String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ .getUtf8Bytes(body))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
}
@@ -372,8 +385,8 @@ public class OAuthAuthenticationHanderTe
req.setContentType("text/plain");
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(
- DigestUtils.sha(CharsetUtil.getUtf8Bytes("NOTBODY"))), "UTF-8");
+ String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ .getUtf8Bytes("NOTBODY"))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
@@ -389,8 +402,8 @@ public class OAuthAuthenticationHanderTe
req.setContentType(OAuth.FORM_ENCODED);
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))),
- "UTF-8");
+ String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ .getUtf8Bytes(body))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
@@ -399,13 +412,13 @@ public class OAuthAuthenticationHanderTe
// Pass
}
}
-
+
@Test
public void testBodyHashNoContentType() throws Exception {
FakeHttpServletRequest req = new FakeHttpServletRequest();
req.setPostData(CharsetUtil.getUtf8Bytes(""));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(""))),
- "UTF-8");
+ String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ .getUtf8Bytes(""))), "UTF-8");
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
}
-}
+}
\ No newline at end of file
Modified: shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java?rev=1182560&r1=1182559&r2=1182560&view=diff
==============================================================================
--- shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java (original)
+++ shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java Wed Oct 12 20:00:11 2011
@@ -67,6 +67,7 @@ public abstract class AbstractLargeRestf
protected static final String XSDRESOURCE = "opensocial.xsd";
protected XpathEngine xp;
private HttpServletResponse res;
+ protected Injector injector = null;
private DataServiceServlet servlet;
@@ -90,7 +91,7 @@ public abstract class AbstractLargeRestf
@Before
public void abstractLargeRestfulBefore() throws Exception {
- Injector injector = Guice.createInjector(new SocialApiTestsGuiceModule());
+ injector = Guice.createInjector(new SocialApiTestsGuiceModule());
servlet = new DataServiceServlet();