From 220a0bffe06107362ff6aa7aeb978bea5b91d624 Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Tue, 19 Feb 2019 20:18:13 +0200
Subject: [PATCH] add user-info endpoint live test

---
 .../org/baeldung/config/AuthServerConfig.java |  2 +-
 .../org/baeldung/config/SecurityConfig.java   |  3 +-
 .../baeldung/UserInfoEndpointLiveTest.java    | 51 +++++++++++++++++++
 3 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java

diff --git a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
index 07057c3875..0835f3d721 100644
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
@@ -30,7 +30,7 @@ public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
             .authorizedGrantTypes("authorization_code")
             .scopes("user_info")
             .autoApprove(true)
-            .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login")
+            .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login","http://www.example.com/")
         // .accessTokenValiditySeconds(3600)
         ; // 1 hour
     }
diff --git a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
index 5cebf4f4d2..2254de8e39 100644
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
@@ -22,7 +22,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             .authenticated()
             .and()
             .formLogin()
-            .permitAll();
+            .permitAll()
+            .and().csrf().disable();
     } // @formatter:on
 
     @Override
diff --git a/spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java b/spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java
new file mode 100644
index 0000000000..ffdb1df8fe
--- /dev/null
+++ b/spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java
@@ -0,0 +1,51 @@
+package org.baeldung;
+import static org.junit.Assert.assertEquals;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+
+import io.restassured.RestAssured;
+import io.restassured.response.Response;
+
+public class UserInfoEndpointLiveTest {
+    
+    @Test
+    public void givenAccessToken_whenAccessUserInfoEndpoint_thenSuccess() {
+        String accessToken = obtainAccessTokenUsingAuthorizationCodeFlow("john","123");
+        Response response = RestAssured.given().header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken).get("http://localhost:8081/auth/user/me");
+        
+        assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+        assertEquals("john", response.jsonPath().get("name"));
+    }
+    
+    private String obtainAccessTokenUsingAuthorizationCodeFlow(String username, String password) {
+        final String authServerUri = "http://localhost:8081/auth";
+        final String redirectUrl = "http://www.example.com/";
+        final String authorizeUrl = authServerUri + "/oauth/authorize?response_type=code&client_id=SampleClientId&redirect_uri=" + redirectUrl;
+        final String tokenUrl = authServerUri + "/oauth/token";
+
+        // user login
+        Response response = RestAssured.given().formParams("username", username, "password", password).post(authServerUri + "/login");
+        final String cookieValue = response.getCookie("JSESSIONID");
+        
+        // get authorization code
+        RestAssured.given().cookie("JSESSIONID", cookieValue).get(authorizeUrl); 
+        response = RestAssured.given().cookie("JSESSIONID", cookieValue).post(authorizeUrl);
+        assertEquals(HttpStatus.FOUND.value(), response.getStatusCode());
+        final String location = response.getHeader(HttpHeaders.LOCATION);
+        final String code = location.substring(location.indexOf("code=") + 5);
+
+        // get access token
+        Map<String, String> params = new HashMap<String, String>();
+        params.put("grant_type", "authorization_code");
+        params.put("code", code);
+        params.put("client_id", "SampleClientId");
+        params.put("redirect_uri", redirectUrl);
+        response = RestAssured.given().auth().basic("SampleClientId", "secret").formParams(params).post(tokenUrl);
+        return response.jsonPath().getString("access_token");
+    }
+}