You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by Simone Tripodi <si...@apache.org> on 2013/05/15 23:34:53 UTC
Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test:
java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/
resources/
Hi Stein,
thanks - having new energies on Oltu is priceless!!!
I'd suggest to get a little step back to our old best-practices,
splitting commits per issue, otherwise it is not easy to understand
which changes are related to OLTU-16, which to OLTU-31 and which to
OLTU-5.
WDYT?
Tia and all the best!
-Simo
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
On Wed, May 15, 2013 at 10:56 PM, <st...@apache.org> wrote:
> Author: stein
> Date: Wed May 15 20:56:34 2013
> New Revision: 1483076
>
> URL: http://svn.apache.org/r1483076
> Log:
> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>
> Added:
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
> - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
> Modified:
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
> @@ -38,10 +38,8 @@ import org.junit.Test;
> */
> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>
> -
> @Test
> public void testSuccessfullAccesToken() throws Exception {
> -
> OAuthClientRequest request = OAuthClientRequest
> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
> assertNotNull(response.getAccessToken());
> assertNotNull(response.getExpiresIn());
> -
> -
> }
>
> @Test
> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
> -
> + public void testInvalidClientCredentials() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> - .setCode(Common.AUTHORIZATION_CODE)
> .setRedirectURI(Common.REDIRECT_URL)
> + .setCode(Common.AUTHORIZATION_CODE)
> .setClientId(Common.CLIENT_ID)
> - .setClientSecret(Common.CLIENT_SECRET)
> - .buildQueryMessage();
> + .setClientSecret("wrongSecret")
> + .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
> - assertNotNull(response.getAccessToken());
> - assertNotNull(response.getExpiresIn());
> -
>
> + try {
> + oAuthClient.accessToken(request);
> + fail("exception expected");
> + } catch (OAuthProblemException e) {
> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
> + }
> }
>
> @Test
> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> .setGrantType(null)
> .setClientId(Common.CLIENT_ID)
> + .setClientSecret(Common.CLIENT_SECRET)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setCode(Common.AUTHORIZATION_CODE)
> .setClientId("unknownid")
> + .setClientSecret(Common.CLIENT_SECRET)
> .setRedirectURI(Common.REDIRECT_URL)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
> }
> }
>
> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
> .setCode(Common.AUTHORIZATION_CODE)
> .setRedirectURI(Common.REDIRECT_URL)
> .setClientId(Common.CLIENT_ID)
> + .setClientSecret(Common.CLIENT_SECRET)
> .buildBodyMessage();
>
> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthclient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> }
> -
> }
>
> @Test
> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
> .setRedirectURI(Common.REDIRECT_URL)
> .setCode("unknown_code")
> .setClientId(Common.CLIENT_ID)
> + .setClientSecret(Common.CLIENT_SECRET)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
> oAuthClient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
> }
> -
> }
> }
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java Wed May 15 20:56:34 2013
> @@ -78,7 +78,7 @@ public final class Common {
> public static final String HEADER_AUTHORIZATION = "Authorization";
>
> public static final String AUTHORIZATION_CODE = "known_authz_code";
> -
> + public static final String STATE = "abcde";
>
> public static final String ASSERTION = "<samlp:AuthnRequest\n"
> + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
> @@ -96,6 +96,7 @@ public final class Common {
> public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>
> public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
> public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
> public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
> public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java Wed May 15 20:56:34 2013
> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>
> @Test
> public void testWrongParametersEndUserAuthorization() throws Exception {
> -
> -
> OAuthClientRequest request = OAuthClientRequest
> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
> .setClientId(Common.CLIENT_ID)
> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>
> @Test
> public void testCorrectParametersEndUserAuthorization() throws Exception {
> -
> OAuthClientRequest request = OAuthClientRequest
> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
> .setClientId(Common.CLIENT_ID)
> .setRedirectURI(Common.REDIRECT_URL + "1")
> .setResponseType(ResponseType.CODE.toString())
> + .setState(Common.STATE)
> .buildQueryMessage();
>
> Common.doRequest(request);
> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
> @GET
> @Path("/redirect")
> public Response callback(@Context HttpServletRequest request) throws Exception {
> -
> OAuthClientResponse resp = null;
> try {
> OAuthAuthzResponse.oauthCodeAuthzResponse(request);
> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
> }
>
> -
> return Response.ok().build();
> }
>
> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
> fail("exception not expected");
> }
>
> -
> return Response.ok().build();
> }
>
>
> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java (from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
> @@ -36,60 +36,34 @@ import org.junit.Test;
> *
> *
> */
> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
> -
> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>
> @Test
> - public void testSuccessfullAccesToken() throws Exception {
> -
> + public void testSuccessfulAccessToken() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setCode(Common.AUTHORIZATION_CODE)
> .setRedirectURI(Common.REDIRECT_URL)
> .setClientId(Common.CLIENT_ID)
> - .setClientSecret(Common.CLIENT_SECRET)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
> assertNotNull(response.getAccessToken());
> assertNotNull(response.getExpiresIn());
> -
> -
> - }
> -
> - @Test
> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
> -
> - OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> - .setGrantType(GrantType.AUTHORIZATION_CODE)
> - .setCode(Common.AUTHORIZATION_CODE)
> - .setRedirectURI(Common.REDIRECT_URL)
> - .setClientId(Common.CLIENT_ID)
> - .setClientSecret(Common.CLIENT_SECRET)
> - .buildQueryMessage();
> -
> - OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
> - assertNotNull(response.getAccessToken());
> - assertNotNull(response.getExpiresIn());
> -
> -
> }
>
> @Test
> public void testNoneGrantType() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setGrantType(null)
> .setClientId(Common.CLIENT_ID)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
> @Test
> public void testInvalidRequest() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setClientId(Common.CLIENT_ID)
> .buildBodyMessage();
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
> @Test
> public void testInvalidClient() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setCode(Common.AUTHORIZATION_CODE)
> .setClientId("unknownid")
> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthClient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
> }
> }
>
> @Test
> public void testInvalidGrantType() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
> .setCode(Common.AUTHORIZATION_CODE)
> .setRedirectURI(Common.REDIRECT_URL)
> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>
> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>
> -
> try {
> oAuthclient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> }
> -
> }
>
> @Test
> public void testInvalidCode() throws Exception {
> OAuthClientRequest request = OAuthClientRequest
> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setRedirectURI(Common.REDIRECT_URL)
> .setCode("unknown_code")
> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
> oAuthClient.accessToken(request);
> fail("exception expected");
> } catch (OAuthProblemException e) {
> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
> }
> -
> }
> }
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java Wed May 15 20:56:34 2013
> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
> @Path("/token")
> public class TokenEndpoint {
>
> + public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
> +
> @POST
> @Consumes("application/x-www-form-urlencoded")
> @Produces("application/json")
> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>
> try {
> oauthRequest = new OAuthTokenRequest(request);
> -
> - //check if clientid is valid
> - if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
> +
> + // check if clientid is valid
> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
> OAuthResponse response =
> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> - .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
> + .buildJSONMessage();
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + }
> +
> + // check if client_secret is valid
> + if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) {
> + OAuthResponse response =
> + OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
> + .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
> .buildJSONMessage();
> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> }
>
> - //do checking for different grant types
> + // do checking for different grant types
> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> .equals(GrantType.AUTHORIZATION_CODE.toString())) {
> if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
> @@ -97,6 +108,7 @@ public class TokenEndpoint {
> }
> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> .equals(GrantType.REFRESH_TOKEN.toString())) {
> + // refresh token is not supported in this implementation
> OAuthResponse response = OAuthASResponse
> .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> .setError(OAuthError.TokenResponse.INVALID_GRANT)
> @@ -110,8 +122,8 @@ public class TokenEndpoint {
> .setAccessToken(oauthIssuerImpl.accessToken())
> .setExpiresIn("3600")
> .buildJSONMessage();
> -
> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> +
> } catch (OAuthProblemException e) {
> OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
> .buildJSONMessage();
> @@ -119,19 +131,4 @@ public class TokenEndpoint {
> }
> }
>
> - @GET
> - @Consumes("application/x-www-form-urlencoded")
> - @Produces("application/json")
> - public Response authorizeGet(@Context HttpServletRequest request) throws OAuthSystemException {
> - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
> -
> - OAuthResponse response = OAuthASResponse
> - .tokenResponse(HttpServletResponse.SC_OK)
> - .setAccessToken(oauthIssuerImpl.accessToken())
> - .setExpiresIn("3600")
> - .buildJSONMessage();
> -
> - return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> - }
> -
> }
> \ No newline at end of file
>
> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java (added)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java Wed May 15 20:56:34 2013
> @@ -0,0 +1,123 @@
> +/**
> + * Copyright 2010 Newcastle University
> + *
> + * http://research.ncl.ac.uk/smart/
> + *
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements. See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +package org.apache.oltu.oauth2.integration.endpoints;
> +
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +import javax.ws.rs.Consumes;
> +import javax.ws.rs.GET;
> +import javax.ws.rs.POST;
> +import javax.ws.rs.Path;
> +import javax.ws.rs.Produces;
> +import javax.ws.rs.core.Context;
> +import javax.ws.rs.core.Response;
> +
> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
> +import org.apache.oltu.oauth2.common.OAuth;
> +import org.apache.oltu.oauth2.common.error.OAuthError;
> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
> +import org.apache.oltu.oauth2.common.message.types.GrantType;
> +import org.apache.oltu.oauth2.integration.Common;
> +
> +/**
> + *
> + *
> + *
> + */
> +@Path("/unauth-token")
> +public class UnauthenticatedTokenEndpoint {
> +
> + @POST
> + @Consumes("application/x-www-form-urlencoded")
> + @Produces("application/json")
> + public Response token(@Context HttpServletRequest request) throws OAuthSystemException {
> +
> + OAuthUnauthenticatedTokenRequest oauthRequest = null;
> +
> + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
> +
> + try {
> + oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
> +
> + // check if clientid is valid
> + if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
> + OAuthResponse response =
> + OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
> + .buildJSONMessage();
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + }
> +
> + // do checking for different grant types
> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> + .equals(GrantType.AUTHORIZATION_CODE.toString())) {
> + if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
> + OAuthResponse response = OAuthASResponse
> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
> + .setErrorDescription("invalid authorization code")
> + .buildJSONMessage();
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + }
> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> + .equals(GrantType.PASSWORD.toString())) {
> + if (!Common.PASSWORD.equals(oauthRequest.getPassword())
> + || !Common.USERNAME.equals(oauthRequest.getUsername())) {
> + OAuthResponse response = OAuthASResponse
> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
> + .setErrorDescription("invalid username or password")
> + .buildJSONMessage();
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + }
> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
> + .equals(GrantType.REFRESH_TOKEN.toString())) {
> + // refresh token is not supported in this implementation hence the oauth error.
> + OAuthResponse response = OAuthASResponse
> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
> + .setErrorDescription("invalid username or password")
> + .buildJSONMessage();
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + }
> +
> + OAuthResponse response = OAuthASResponse
> + .tokenResponse(HttpServletResponse.SC_OK)
> + .setAccessToken(oauthIssuerImpl.accessToken())
> + .setExpiresIn("3600")
> + .buildJSONMessage();
> +
> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
> + } catch (OAuthProblemException e) {
> + OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
> + .buildJSONMessage();
> + return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
> + }
> + }
> +}
> \ No newline at end of file
>
> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
> ==============================================================================
> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml (original)
> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml Wed May 15 20:56:34 2013
> @@ -48,12 +48,13 @@
> <jaxrs:serviceBeans>
> <ref bean="authzEndpoint"/>
> <ref bean="tokenEndpoint"/>
> + <ref bean="unauthenticatedTokenEndpoint"/>
> </jaxrs:serviceBeans>
> </jaxrs:server>
>
> - <bean id="authzEndpoint"
> - class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
> + <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
> <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
> + <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>
> <!--OAuth Client -->
> <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>
>
Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test:
java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/
resources/
Posted by Simone Tripodi <si...@apache.org>.
Cool, thanks for the update!
Alles Gute,
-Simo
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
On Wed, May 15, 2013 at 11:50 PM, Stein Welberg
<st...@innovation-district.com> wrote:
> I agree,
>
> However these issues (and the fix) were really related to each other. (And I was a little to eager to take on both at the same time ;-))
>
> Also OLTU-5 and OLTU-31 were the same issues..
>
> Regards,
> Stein
>
> On 15 mei 2013, at 23:34, Simone Tripodi <si...@apache.org> wrote:
>
>> Hi Stein,
>>
>> thanks - having new energies on Oltu is priceless!!!
>>
>> I'd suggest to get a little step back to our old best-practices,
>> splitting commits per issue, otherwise it is not easy to understand
>> which changes are related to OLTU-16, which to OLTU-31 and which to
>> OLTU-5.
>>
>> WDYT?
>> Tia and all the best!
>> -Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://simonetripodi.livejournal.com/
>> http://twitter.com/simonetripodi
>> http://www.99soft.org/
>>
>>
>> On Wed, May 15, 2013 at 10:56 PM, <st...@apache.org> wrote:
>>> Author: stein
>>> Date: Wed May 15 20:56:34 2013
>>> New Revision: 1483076
>>>
>>> URL: http://svn.apache.org/r1483076
>>> Log:
>>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>>>
>>> Added:
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
>>> - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>>> Modified:
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
>>> @@ -38,10 +38,8 @@ import org.junit.Test;
>>> */
>>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>>
>>> -
>>> @Test
>>> public void testSuccessfullAccesToken() throws Exception {
>>> -
>>> OAuthClientRequest request = OAuthClientRequest
>>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
>>> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>> assertNotNull(response.getAccessToken());
>>> assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>> }
>>>
>>> @Test
>>> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
>>> -
>>> + public void testInvalidClientCredentials() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> - .setCode(Common.AUTHORIZATION_CODE)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> + .setCode(Common.AUTHORIZATION_CODE)
>>> .setClientId(Common.CLIENT_ID)
>>> - .setClientSecret(Common.CLIENT_SECRET)
>>> - .buildQueryMessage();
>>> + .setClientSecret("wrongSecret")
>>> + .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>>> - assertNotNull(response.getAccessToken());
>>> - assertNotNull(response.getExpiresIn());
>>> -
>>>
>>> + try {
>>> + oAuthClient.accessToken(request);
>>> + fail("exception expected");
>>> + } catch (OAuthProblemException e) {
>>> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
>>> + }
>>> }
>>>
>>> @Test
>>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
>>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(null)
>>> .setClientId(Common.CLIENT_ID)
>>> + .setClientSecret(Common.CLIENT_SECRET)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setCode(Common.AUTHORIZATION_CODE)
>>> .setClientId("unknownid")
>>> + .setClientSecret(Common.CLIENT_SECRET)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>> }
>>> }
>>>
>>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
>>> .setCode(Common.AUTHORIZATION_CODE)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> .setClientId(Common.CLIENT_ID)
>>> + .setClientSecret(Common.CLIENT_SECRET)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthclient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> }
>>> -
>>> }
>>>
>>> @Test
>>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> .setCode("unknown_code")
>>> .setClientId(Common.CLIENT_ID)
>>> + .setClientSecret(Common.CLIENT_SECRET)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>> }
>>> -
>>> }
>>> }
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java Wed May 15 20:56:34 2013
>>> @@ -78,7 +78,7 @@ public final class Common {
>>> public static final String HEADER_AUTHORIZATION = "Authorization";
>>>
>>> public static final String AUTHORIZATION_CODE = "known_authz_code";
>>> -
>>> + public static final String STATE = "abcde";
>>>
>>> public static final String ASSERTION = "<samlp:AuthnRequest\n"
>>> + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
>>> @@ -96,6 +96,7 @@ public final class Common {
>>> public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>>>
>>> public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
>>> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
>>> public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
>>> public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
>>> public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java Wed May 15 20:56:34 2013
>>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>>>
>>> @Test
>>> public void testWrongParametersEndUserAuthorization() throws Exception {
>>> -
>>> -
>>> OAuthClientRequest request = OAuthClientRequest
>>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>> .setClientId(Common.CLIENT_ID)
>>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>>>
>>> @Test
>>> public void testCorrectParametersEndUserAuthorization() throws Exception {
>>> -
>>> OAuthClientRequest request = OAuthClientRequest
>>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>>> .setClientId(Common.CLIENT_ID)
>>> .setRedirectURI(Common.REDIRECT_URL + "1")
>>> .setResponseType(ResponseType.CODE.toString())
>>> + .setState(Common.STATE)
>>> .buildQueryMessage();
>>>
>>> Common.doRequest(request);
>>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
>>> @GET
>>> @Path("/redirect")
>>> public Response callback(@Context HttpServletRequest request) throws Exception {
>>> -
>>> OAuthClientResponse resp = null;
>>> try {
>>> OAuthAuthzResponse.oauthCodeAuthzResponse(request);
>>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
>>> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
>>> }
>>>
>>> -
>>> return Response.ok().build();
>>> }
>>>
>>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
>>> fail("exception not expected");
>>> }
>>>
>>> -
>>> return Response.ok().build();
>>> }
>>>
>>>
>>> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java (from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
>>> @@ -36,60 +36,34 @@ import org.junit.Test;
>>> *
>>> *
>>> */
>>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>> -
>>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>>
>>> @Test
>>> - public void testSuccessfullAccesToken() throws Exception {
>>> -
>>> + public void testSuccessfulAccessToken() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setCode(Common.AUTHORIZATION_CODE)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> .setClientId(Common.CLIENT_ID)
>>> - .setClientSecret(Common.CLIENT_SECRET)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>>> assertNotNull(response.getAccessToken());
>>> assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>> - }
>>> -
>>> - @Test
>>> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
>>> -
>>> - OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> - .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> - .setCode(Common.AUTHORIZATION_CODE)
>>> - .setRedirectURI(Common.REDIRECT_URL)
>>> - .setClientId(Common.CLIENT_ID)
>>> - .setClientSecret(Common.CLIENT_SECRET)
>>> - .buildQueryMessage();
>>> -
>>> - OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>>> - assertNotNull(response.getAccessToken());
>>> - assertNotNull(response.getExpiresIn());
>>> -
>>> -
>>> }
>>>
>>> @Test
>>> public void testNoneGrantType() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(null)
>>> .setClientId(Common.CLIENT_ID)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
>>> @Test
>>> public void testInvalidRequest() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setClientId(Common.CLIENT_ID)
>>> .buildBodyMessage();
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
>>> @Test
>>> public void testInvalidClient() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setCode(Common.AUTHORIZATION_CODE)
>>> .setClientId("unknownid")
>>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>>>
>>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>>> }
>>> }
>>>
>>> @Test
>>> public void testInvalidGrantType() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
>>> .setCode(Common.AUTHORIZATION_CODE)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>>>
>>> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>>
>>> -
>>> try {
>>> oAuthclient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> }
>>> -
>>> }
>>>
>>> @Test
>>> public void testInvalidCode() throws Exception {
>>> OAuthClientRequest request = OAuthClientRequest
>>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setRedirectURI(Common.REDIRECT_URL)
>>> .setCode("unknown_code")
>>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
>>> oAuthClient.accessToken(request);
>>> fail("exception expected");
>>> } catch (OAuthProblemException e) {
>>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>>> }
>>> -
>>> }
>>> }
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java Wed May 15 20:56:34 2013
>>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
>>> @Path("/token")
>>> public class TokenEndpoint {
>>>
>>> + public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
>>> +
>>> @POST
>>> @Consumes("application/x-www-form-urlencoded")
>>> @Produces("application/json")
>>> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>>>
>>> try {
>>> oauthRequest = new OAuthTokenRequest(request);
>>> -
>>> - //check if clientid is valid
>>> - if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
>>> +
>>> + // check if clientid is valid
>>> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
>>> OAuthResponse response =
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> - .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
>>> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>>> + .buildJSONMessage();
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + }
>>> +
>>> + // check if client_secret is valid
>>> + if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) {
>>> + OAuthResponse response =
>>> + OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
>>> + .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>>> .buildJSONMessage();
>>> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> }
>>>
>>> - //do checking for different grant types
>>> + // do checking for different grant types
>>> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>>> if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
>>> @@ -97,6 +108,7 @@ public class TokenEndpoint {
>>> }
>>> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> .equals(GrantType.REFRESH_TOKEN.toString())) {
>>> + // refresh token is not supported in this implementation
>>> OAuthResponse response = OAuthASResponse
>>> .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> @@ -110,8 +122,8 @@ public class TokenEndpoint {
>>> .setAccessToken(oauthIssuerImpl.accessToken())
>>> .setExpiresIn("3600")
>>> .buildJSONMessage();
>>> -
>>> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> +
>>> } catch (OAuthProblemException e) {
>>> OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>>> .buildJSONMessage();
>>> @@ -119,19 +131,4 @@ public class TokenEndpoint {
>>> }
>>> }
>>>
>>> - @GET
>>> - @Consumes("application/x-www-form-urlencoded")
>>> - @Produces("application/json")
>>> - public Response authorizeGet(@Context HttpServletRequest request) throws OAuthSystemException {
>>> - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>>> -
>>> - OAuthResponse response = OAuthASResponse
>>> - .tokenResponse(HttpServletResponse.SC_OK)
>>> - .setAccessToken(oauthIssuerImpl.accessToken())
>>> - .setExpiresIn("3600")
>>> - .buildJSONMessage();
>>> -
>>> - return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> - }
>>> -
>>> }
>>> \ No newline at end of file
>>>
>>> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java (added)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java Wed May 15 20:56:34 2013
>>> @@ -0,0 +1,123 @@
>>> +/**
>>> + * Copyright 2010 Newcastle University
>>> + *
>>> + * http://research.ncl.ac.uk/smart/
>>> + *
>>> + * Licensed to the Apache Software Foundation (ASF) under one or more
>>> + * contributor license agreements. See the NOTICE file distributed with
>>> + * this work for additional information regarding copyright ownership.
>>> + * The ASF licenses this file to You under the Apache License, Version 2.0
>>> + * (the "License"); you may not use this file except in compliance with
>>> + * the License. You may obtain a copy of the License at
>>> + *
>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>> + *
>>> + * Unless required by applicable law or agreed to in writing, software
>>> + * distributed under the License is distributed on an "AS IS" BASIS,
>>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> + * See the License for the specific language governing permissions and
>>> + * limitations under the License.
>>> + */
>>> +
>>> +package org.apache.oltu.oauth2.integration.endpoints;
>>> +
>>> +import javax.servlet.http.HttpServletRequest;
>>> +import javax.servlet.http.HttpServletResponse;
>>> +import javax.ws.rs.Consumes;
>>> +import javax.ws.rs.GET;
>>> +import javax.ws.rs.POST;
>>> +import javax.ws.rs.Path;
>>> +import javax.ws.rs.Produces;
>>> +import javax.ws.rs.core.Context;
>>> +import javax.ws.rs.core.Response;
>>> +
>>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
>>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
>>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
>>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
>>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
>>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
>>> +import org.apache.oltu.oauth2.common.OAuth;
>>> +import org.apache.oltu.oauth2.common.error.OAuthError;
>>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
>>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
>>> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
>>> +import org.apache.oltu.oauth2.common.message.types.GrantType;
>>> +import org.apache.oltu.oauth2.integration.Common;
>>> +
>>> +/**
>>> + *
>>> + *
>>> + *
>>> + */
>>> +@Path("/unauth-token")
>>> +public class UnauthenticatedTokenEndpoint {
>>> +
>>> + @POST
>>> + @Consumes("application/x-www-form-urlencoded")
>>> + @Produces("application/json")
>>> + public Response token(@Context HttpServletRequest request) throws OAuthSystemException {
>>> +
>>> + OAuthUnauthenticatedTokenRequest oauthRequest = null;
>>> +
>>> + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>>> +
>>> + try {
>>> + oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
>>> +
>>> + // check if clientid is valid
>>> + if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
>>> + OAuthResponse response =
>>> + OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
>>> + .buildJSONMessage();
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + }
>>> +
>>> + // do checking for different grant types
>>> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> + .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>>> + if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
>>> + OAuthResponse response = OAuthASResponse
>>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> + .setErrorDescription("invalid authorization code")
>>> + .buildJSONMessage();
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + }
>>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> + .equals(GrantType.PASSWORD.toString())) {
>>> + if (!Common.PASSWORD.equals(oauthRequest.getPassword())
>>> + || !Common.USERNAME.equals(oauthRequest.getUsername())) {
>>> + OAuthResponse response = OAuthASResponse
>>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> + .setErrorDescription("invalid username or password")
>>> + .buildJSONMessage();
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + }
>>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>>> + .equals(GrantType.REFRESH_TOKEN.toString())) {
>>> + // refresh token is not supported in this implementation hence the oauth error.
>>> + OAuthResponse response = OAuthASResponse
>>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>>> + .setErrorDescription("invalid username or password")
>>> + .buildJSONMessage();
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + }
>>> +
>>> + OAuthResponse response = OAuthASResponse
>>> + .tokenResponse(HttpServletResponse.SC_OK)
>>> + .setAccessToken(oauthIssuerImpl.accessToken())
>>> + .setExpiresIn("3600")
>>> + .buildJSONMessage();
>>> +
>>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>>> + } catch (OAuthProblemException e) {
>>> + OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>>> + .buildJSONMessage();
>>> + return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
>>> + }
>>> + }
>>> +}
>>> \ No newline at end of file
>>>
>>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
>>> ==============================================================================
>>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml (original)
>>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml Wed May 15 20:56:34 2013
>>> @@ -48,12 +48,13 @@
>>> <jaxrs:serviceBeans>
>>> <ref bean="authzEndpoint"/>
>>> <ref bean="tokenEndpoint"/>
>>> + <ref bean="unauthenticatedTokenEndpoint"/>
>>> </jaxrs:serviceBeans>
>>> </jaxrs:server>
>>>
>>> - <bean id="authzEndpoint"
>>> - class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>>> + <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>>> <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
>>> + <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>>>
>>> <!--OAuth Client -->
>>> <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>>>
>>>
>
Re: svn commit: r1483076 - in /oltu/trunk/oauth-2.0/integration-tests/src/test: java/org/apache/oltu/oauth2/integration/ java/org/apache/oltu/oauth2/integration/endpoints/ resources/
Posted by Stein Welberg <st...@innovation-district.com>.
I agree,
However these issues (and the fix) were really related to each other. (And I was a little to eager to take on both at the same time ;-))
Also OLTU-5 and OLTU-31 were the same issues..
Regards,
Stein
On 15 mei 2013, at 23:34, Simone Tripodi <si...@apache.org> wrote:
> Hi Stein,
>
> thanks - having new energies on Oltu is priceless!!!
>
> I'd suggest to get a little step back to our old best-practices,
> splitting commits per issue, otherwise it is not easy to understand
> which changes are related to OLTU-16, which to OLTU-31 and which to
> OLTU-5.
>
> WDYT?
> Tia and all the best!
> -Simo
>
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
>
> On Wed, May 15, 2013 at 10:56 PM, <st...@apache.org> wrote:
>> Author: stein
>> Date: Wed May 15 20:56:34 2013
>> New Revision: 1483076
>>
>> URL: http://svn.apache.org/r1483076
>> Log:
>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token endpoint
>>
>> Added:
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java
>> - copied, changed from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>> Modified:
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>>
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
>> @@ -38,10 +38,8 @@ import org.junit.Test;
>> */
>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>
>> -
>> @Test
>> public void testSuccessfullAccesToken() throws Exception {
>> -
>> OAuthClientRequest request = OAuthClientRequest
>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest
>> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>> assertNotNull(response.getAccessToken());
>> assertNotNull(response.getExpiresIn());
>> -
>> -
>> }
>>
>> @Test
>> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
>> -
>> + public void testInvalidClientCredentials() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> - .setCode(Common.AUTHORIZATION_CODE)
>> .setRedirectURI(Common.REDIRECT_URL)
>> + .setCode(Common.AUTHORIZATION_CODE)
>> .setClientId(Common.CLIENT_ID)
>> - .setClientSecret(Common.CLIENT_SECRET)
>> - .buildQueryMessage();
>> + .setClientSecret("wrongSecret")
>> + .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>> - assertNotNull(response.getAccessToken());
>> - assertNotNull(response.getExpiresIn());
>> -
>>
>> + try {
>> + oAuthClient.accessToken(request);
>> + fail("exception expected");
>> + } catch (OAuthProblemException e) {
>> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, e.getError());
>> + }
>> }
>>
>> @Test
>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest
>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(null)
>> .setClientId(Common.CLIENT_ID)
>> + .setClientSecret(Common.CLIENT_SECRET)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setCode(Common.AUTHORIZATION_CODE)
>> .setClientId("unknownid")
>> + .setClientSecret(Common.CLIENT_SECRET)
>> .setRedirectURI(Common.REDIRECT_URL)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>> }
>> }
>>
>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest
>> .setCode(Common.AUTHORIZATION_CODE)
>> .setRedirectURI(Common.REDIRECT_URL)
>> .setClientId(Common.CLIENT_ID)
>> + .setClientSecret(Common.CLIENT_SECRET)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthclient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> }
>> -
>> }
>>
>> @Test
>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest
>> .setRedirectURI(Common.REDIRECT_URL)
>> .setCode("unknown_code")
>> .setClientId(Common.CLIENT_ID)
>> + .setClientSecret(Common.CLIENT_SECRET)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>> }
>> -
>> }
>> }
>> \ No newline at end of file
>>
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java Wed May 15 20:56:34 2013
>> @@ -78,7 +78,7 @@ public final class Common {
>> public static final String HEADER_AUTHORIZATION = "Authorization";
>>
>> public static final String AUTHORIZATION_CODE = "known_authz_code";
>> -
>> + public static final String STATE = "abcde";
>>
>> public static final String ASSERTION = "<samlp:AuthnRequest\n"
>> + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n"
>> @@ -96,6 +96,7 @@ public final class Common {
>> public static final String ASSERTION_TYPE = "http://xml.coverpages.org/saml.html";
>>
>> public static final String ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/token";
>> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = "http://localhost:9001/auth/oauth2/unauth-token";
>> public static final String AUTHORIZATION_ENPOINT = "http://localhost:9001/auth/oauth2/authz";
>> public static final String REDIRECT_URL = "http://localhost:9002/auth/oauth2/redirect";
>> public static final String RESOURCE_SERVER = "http://localhost:9003/resource_server";
>>
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java Wed May 15 20:56:34 2013
>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex
>>
>> @Test
>> public void testWrongParametersEndUserAuthorization() throws Exception {
>> -
>> -
>> OAuthClientRequest request = OAuthClientRequest
>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>> .setClientId(Common.CLIENT_ID)
>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex
>>
>> @Test
>> public void testCorrectParametersEndUserAuthorization() throws Exception {
>> -
>> OAuthClientRequest request = OAuthClientRequest
>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT)
>> .setClientId(Common.CLIENT_ID)
>> .setRedirectURI(Common.REDIRECT_URL + "1")
>> .setResponseType(ResponseType.CODE.toString())
>> + .setState(Common.STATE)
>> .buildQueryMessage();
>>
>> Common.doRequest(request);
>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex
>> @GET
>> @Path("/redirect")
>> public Response callback(@Context HttpServletRequest request) throws Exception {
>> -
>> OAuthClientResponse resp = null;
>> try {
>> OAuthAuthzResponse.oauthCodeAuthzResponse(request);
>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex
>> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, e.getError());
>> }
>>
>> -
>> return Response.ok().build();
>> }
>>
>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex
>> fail("exception not expected");
>> }
>>
>> -
>> return Response.ok().build();
>> }
>>
>>
>> Copied: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java (from r1483016, oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java)
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java Wed May 15 20:56:34 2013
>> @@ -36,60 +36,34 @@ import org.junit.Test;
>> *
>> *
>> */
>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>> -
>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends ClientServerOAuthTest {
>>
>> @Test
>> - public void testSuccessfullAccesToken() throws Exception {
>> -
>> + public void testSuccessfulAccessToken() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setCode(Common.AUTHORIZATION_CODE)
>> .setRedirectURI(Common.REDIRECT_URL)
>> .setClientId(Common.CLIENT_ID)
>> - .setClientSecret(Common.CLIENT_SECRET)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> OAuthAccessTokenResponse response = oAuthClient.accessToken(request);
>> assertNotNull(response.getAccessToken());
>> assertNotNull(response.getExpiresIn());
>> -
>> -
>> - }
>> -
>> - @Test
>> - public void testSuccessfullAccesTokenGETMethod() throws Exception {
>> -
>> - OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> - .setGrantType(GrantType.AUTHORIZATION_CODE)
>> - .setCode(Common.AUTHORIZATION_CODE)
>> - .setRedirectURI(Common.REDIRECT_URL)
>> - .setClientId(Common.CLIENT_ID)
>> - .setClientSecret(Common.CLIENT_SECRET)
>> - .buildQueryMessage();
>> -
>> - OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>> - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, OAuth.HttpMethod.GET);
>> - assertNotNull(response.getAccessToken());
>> - assertNotNull(response.getExpiresIn());
>> -
>> -
>> }
>>
>> @Test
>> public void testNoneGrantType() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(null)
>> .setClientId(Common.CLIENT_ID)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest
>> @Test
>> public void testInvalidRequest() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setClientId(Common.CLIENT_ID)
>> .buildBodyMessage();
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest
>> @Test
>> public void testInvalidClient() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setCode(Common.AUTHORIZATION_CODE)
>> .setClientId("unknownid")
>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest
>>
>> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, e.getError());
>> }
>> }
>>
>> @Test
>> public void testInvalidGrantType() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type")
>> .setCode(Common.AUTHORIZATION_CODE)
>> .setRedirectURI(Common.REDIRECT_URL)
>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest
>>
>> OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient());
>>
>> -
>> try {
>> oAuthclient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> }
>> -
>> }
>>
>> @Test
>> public void testInvalidCode() throws Exception {
>> OAuthClientRequest request = OAuthClientRequest
>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT)
>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT)
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setRedirectURI(Common.REDIRECT_URL)
>> .setCode("unknown_code")
>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest
>> oAuthClient.accessToken(request);
>> fail("exception expected");
>> } catch (OAuthProblemException e) {
>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, e.getError());
>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, e.getError());
>> }
>> -
>> }
>> }
>> \ No newline at end of file
>>
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java Wed May 15 20:56:34 2013
>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio
>> @Path("/token")
>> public class TokenEndpoint {
>>
>> + public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
>> +
>> @POST
>> @Consumes("application/x-www-form-urlencoded")
>> @Produces("application/json")
>> @@ -63,17 +65,26 @@ public class TokenEndpoint {
>>
>> try {
>> oauthRequest = new OAuthTokenRequest(request);
>> -
>> - //check if clientid is valid
>> - if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
>> +
>> + // check if clientid is valid
>> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) {
>> OAuthResponse response =
>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> - .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
>> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>> + .buildJSONMessage();
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + }
>> +
>> + // check if client_secret is valid
>> + if (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) {
>> + OAuthResponse response =
>> + OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
>> + .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION)
>> .buildJSONMessage();
>> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> }
>>
>> - //do checking for different grant types
>> + // do checking for different grant types
>> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>> if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
>> @@ -97,6 +108,7 @@ public class TokenEndpoint {
>> }
>> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> .equals(GrantType.REFRESH_TOKEN.toString())) {
>> + // refresh token is not supported in this implementation
>> OAuthResponse response = OAuthASResponse
>> .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> @@ -110,8 +122,8 @@ public class TokenEndpoint {
>> .setAccessToken(oauthIssuerImpl.accessToken())
>> .setExpiresIn("3600")
>> .buildJSONMessage();
>> -
>> return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> +
>> } catch (OAuthProblemException e) {
>> OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>> .buildJSONMessage();
>> @@ -119,19 +131,4 @@ public class TokenEndpoint {
>> }
>> }
>>
>> - @GET
>> - @Consumes("application/x-www-form-urlencoded")
>> - @Produces("application/json")
>> - public Response authorizeGet(@Context HttpServletRequest request) throws OAuthSystemException {
>> - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>> -
>> - OAuthResponse response = OAuthASResponse
>> - .tokenResponse(HttpServletResponse.SC_OK)
>> - .setAccessToken(oauthIssuerImpl.accessToken())
>> - .setExpiresIn("3600")
>> - .buildJSONMessage();
>> -
>> - return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> - }
>> -
>> }
>> \ No newline at end of file
>>
>> Added: oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java (added)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java Wed May 15 20:56:34 2013
>> @@ -0,0 +1,123 @@
>> +/**
>> + * Copyright 2010 Newcastle University
>> + *
>> + * http://research.ncl.ac.uk/smart/
>> + *
>> + * Licensed to the Apache Software Foundation (ASF) under one or more
>> + * contributor license agreements. See the NOTICE file distributed with
>> + * this work for additional information regarding copyright ownership.
>> + * The ASF licenses this file to You under the Apache License, Version 2.0
>> + * (the "License"); you may not use this file except in compliance with
>> + * the License. You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing, software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> + * See the License for the specific language governing permissions and
>> + * limitations under the License.
>> + */
>> +
>> +package org.apache.oltu.oauth2.integration.endpoints;
>> +
>> +import javax.servlet.http.HttpServletRequest;
>> +import javax.servlet.http.HttpServletResponse;
>> +import javax.ws.rs.Consumes;
>> +import javax.ws.rs.GET;
>> +import javax.ws.rs.POST;
>> +import javax.ws.rs.Path;
>> +import javax.ws.rs.Produces;
>> +import javax.ws.rs.core.Context;
>> +import javax.ws.rs.core.Response;
>> +
>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator;
>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse;
>> +import org.apache.oltu.oauth2.common.OAuth;
>> +import org.apache.oltu.oauth2.common.error.OAuthError;
>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
>> +import org.apache.oltu.oauth2.common.message.OAuthResponse;
>> +import org.apache.oltu.oauth2.common.message.types.GrantType;
>> +import org.apache.oltu.oauth2.integration.Common;
>> +
>> +/**
>> + *
>> + *
>> + *
>> + */
>> +@Path("/unauth-token")
>> +public class UnauthenticatedTokenEndpoint {
>> +
>> + @POST
>> + @Consumes("application/x-www-form-urlencoded")
>> + @Produces("application/json")
>> + public Response token(@Context HttpServletRequest request) throws OAuthSystemException {
>> +
>> + OAuthUnauthenticatedTokenRequest oauthRequest = null;
>> +
>> + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
>> +
>> + try {
>> + oauthRequest = new OAuthUnauthenticatedTokenRequest(request);
>> +
>> + // check if clientid is valid
>> + if (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) {
>> + OAuthResponse response =
>> + OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> + .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id not found")
>> + .buildJSONMessage();
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + }
>> +
>> + // do checking for different grant types
>> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> + .equals(GrantType.AUTHORIZATION_CODE.toString())) {
>> + if (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) {
>> + OAuthResponse response = OAuthASResponse
>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> + .setErrorDescription("invalid authorization code")
>> + .buildJSONMessage();
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + }
>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> + .equals(GrantType.PASSWORD.toString())) {
>> + if (!Common.PASSWORD.equals(oauthRequest.getPassword())
>> + || !Common.USERNAME.equals(oauthRequest.getUsername())) {
>> + OAuthResponse response = OAuthASResponse
>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> + .setErrorDescription("invalid username or password")
>> + .buildJSONMessage();
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + }
>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE)
>> + .equals(GrantType.REFRESH_TOKEN.toString())) {
>> + // refresh token is not supported in this implementation hence the oauth error.
>> + OAuthResponse response = OAuthASResponse
>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> + .setError(OAuthError.TokenResponse.INVALID_GRANT)
>> + .setErrorDescription("invalid username or password")
>> + .buildJSONMessage();
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + }
>> +
>> + OAuthResponse response = OAuthASResponse
>> + .tokenResponse(HttpServletResponse.SC_OK)
>> + .setAccessToken(oauthIssuerImpl.accessToken())
>> + .setExpiresIn("3600")
>> + .buildJSONMessage();
>> +
>> + return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
>> + } catch (OAuthProblemException e) {
>> + OAuthResponse res = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
>> + .buildJSONMessage();
>> + return Response.status(res.getResponseStatus()).entity(res.getBody()).build();
>> + }
>> + }
>> +}
>> \ No newline at end of file
>>
>> Modified: oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml
>> URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff
>> ==============================================================================
>> --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml (original)
>> +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml Wed May 15 20:56:34 2013
>> @@ -48,12 +48,13 @@
>> <jaxrs:serviceBeans>
>> <ref bean="authzEndpoint"/>
>> <ref bean="tokenEndpoint"/>
>> + <ref bean="unauthenticatedTokenEndpoint"/>
>> </jaxrs:serviceBeans>
>> </jaxrs:server>
>>
>> - <bean id="authzEndpoint"
>> - class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>> + <bean id="authzEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/>
>> <bean id="tokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/>
>> + <bean id="unauthenticatedTokenEndpoint" class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/>
>>
>> <!--OAuth Client -->
>> <jaxrs:server id="oauthClient" address="http://localhost:9002/auth/oauth2/">
>>
>>