oauth2 live test

spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/MethodSecurityConfig.java

@@ -0,0 +1,16 @@
+package org.baeldung.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+    @Override
+    protected MethodSecurityExpressionHandler createExpressionHandler() {
+        return new OAuth2MethodSecurityExpressionHandler();
+    }
+}

spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java

@@ -9,7 +9,6 @@ import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.HttpMethod;
 import org.springframework.jdbc.datasource.DriverManagerDataSource;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@@ -20,7 +19,6 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 @Configuration
 @PropertySource({ "classpath:persistence.properties" })
 @EnableResourceServer
-@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
     @Autowired
     private Environment env;

spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java

@@ -21,7 +21,7 @@ public class BarController {
     }
 
     // API - read
-    // @PreAuthorize("#oauth2.hasScope('read')")
+    // @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
     @RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
     @ResponseBody
     public Bar findById(@PathVariable final long id) {
@@ -29,7 +29,7 @@ public class BarController {
     }
 
     // API - write
-    // @PreAuthorize("#oauth2.hasScope('write')")
+    // @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
     @RequestMapping(method = RequestMethod.POST, value = "/bars")
     @ResponseStatus(HttpStatus.CREATED)
     @ResponseBody

spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java

@@ -55,7 +55,7 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
                .withClient("clientIdPassword")
                .secret("secret")
                .authorizedGrantTypes("password","authorization_code", "refresh_token")
-               .scopes("read");
+               .scopes("read","write");
 
      // @formatter:on
     }

spring-security-oauth/spring-security-oauth-ui-password/pom.xml

@@ -22,8 +22,48 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
         </dependency>
+    
+    
+    <!-- test  -->
+    
+    <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-library</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.jayway.restassured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <version>${rest-assured.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <artifactId>commons-logging</artifactId>
+                    <groupId>commons-logging</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
     </dependencies>
     
+    
     <build>
         <finalName>spring-security-oauth-ui-password</finalName>
         <resources>

spring-security-oauth/spring-security-oauth-ui-password/src/test/java/org/baeldung/live/AuthorizationLiveTest.java

@@ -0,0 +1,57 @@
+package org.baeldung.live;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+
+import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.response.Response;
+
+public class AuthorizationLiveTest {
+
+    private String obtainAccessToken(String username, String password) {
+        final Map<String, String> params = new HashMap<String, String>();
+        params.put("grant_type", "password");
+        params.put("client_id", "clientIdPassword");
+        params.put("username", username);
+        params.put("password", password);
+        final Response response = RestAssured.given().auth().preemptive().basic("clientIdPassword", "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
+        return response.jsonPath().getString("access_token");
+    }
+
+    @Test
+    public void givenUser_whenAccessFoosResource_thenOk() {
+        final String accessToken = obtainAccessToken("john", "123");
+        final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
+        assertEquals(200, response.getStatusCode());
+        assertNotNull(response.jsonPath().get("name"));
+    }
+
+    @Test
+    public void givenUser_whenAccessBarssResource_thenUnauthorized() {
+        final String accessToken = obtainAccessToken("john", "123");
+        final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
+        assertEquals(403, response.getStatusCode());
+    }
+
+    @Test
+    public void givenAdmin_whenAccessFoosResource_thenOk() {
+        final String accessToken = obtainAccessToken("tom", "111");
+        final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
+        assertEquals(200, response.getStatusCode());
+        assertNotNull(response.jsonPath().get("name"));
+    }
+
+    @Test
+    public void givenAdmin_whenAccessBarssResource_thenOk() {
+        final String accessToken = obtainAccessToken("tom", "111");
+        final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
+        assertEquals(200, response.getStatusCode());
+        assertNotNull(response.jsonPath().get("name"));
+    }
+
+}