Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reliable Error State Tests 

Some of Resource Server Configurer's tests were relying on specific
error messaging from Nimbus and from the JDK, which makes them
brittle.

These tests now simply confirm that resource server responses
contain the correct error state without relying on specific wording
outside of our control.
This commit is contained in:
Josh Cummings 2018-07-16 14:19:23 -06:00
parent d595098823
commit a9bc384b48
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
View File

@ -25,6 +25,10 @@ import javax.annotation.PreDestroy;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import org.hamcrest.core.AllOf;
import org.hamcrest.core.StringContains;
import org.hamcrest.core.StringEndsWith;
import org.hamcrest.core.StringStartsWith;
import org.junit.Rule;
import org.junit.Test;
@ -115,7 +119,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(get("/").with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Expired JWT"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
}
@Test
@ -141,8 +145,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(get("/").with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
"Couldn't retrieve remote JWK set: Connection refused (Connection refused)"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
}
@Test
@ -166,8 +169,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(get("/").with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
"Malformed payload"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
}
@Test
@ -192,8 +194,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(get("/").with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
"JWT before use time"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
}
@Test
@ -313,8 +314,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(get("/")
.with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
"Signed JWT rejected: Another algorithm expected, or no matching key(s) found"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
}
@Test
@ -456,7 +456,7 @@ public class OAuth2ResourceServerConfigurerTests {
this.mvc.perform(post("/authenticated")
.with(bearerToken(token)))
.andExpect(status().isUnauthorized())
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Expired JWT"));
.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
}
// -- Resource Server should not create sessions
@ -785,17 +785,29 @@ public class OAuth2ResourceServerConfigurerTests {
}
private static ResultMatcher invalidRequestHeader(String message) {
return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
"error=\"invalid_request\", " +
"error_description=\"" + message + "\", " +
"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
return header().string(HttpHeaders.WWW_AUTHENTICATE,
AllOf.allOf(
new StringStartsWith("Bearer " +
"error=\"invalid_request\", " +
"error_description=\""),
new StringContains(message),
new StringEndsWith(", " +
"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
)
);
}
private static ResultMatcher invalidTokenHeader(String message) {
return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
"error=\"invalid_token\", " +
"error_description=\"" + message + "\", " +
"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
return header().string(HttpHeaders.WWW_AUTHENTICATE,
AllOf.allOf(
new StringStartsWith("Bearer " +
"error=\"invalid_token\", " +
"error_description=\""),
new StringContains(message),
new StringEndsWith(", " +
"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
)
);
}
private static ResultMatcher insufficientScopeHeader(String scope) {