[BAEL-1410] Spring Boot OAuth2 Support (#3409)
* initial setup with spring boot/ spring data jpa/ flyway * BAEL-1315 - added flyway test extensions for spring * BAEL-1315 - added flyway test extensions for spring * BAEL-1315 - created multiple migration scripts and locations * BAEL-1315 - test insert after schema creation * cleanup * BAEL-1315 - test data changes by a migration * [BAEL-1410] Spring Boot Security Auto-Configuration * [BAEL-1410] Added some tests for incorrect credentials use case * [BAEL-1410] Added readme and some code improvements * [BAEL-1410] removed form based auth config because is redundant added oauth2 server auto-configuration sample with test * [BAEL-1410] added custom Authorization Server Config * [BAEL-1410] update README * [BAEL-1410]refactor tests * [BAEL-1410]oauth2 resource server * [BAEL-1410]oauth2 sso sample with facebook * [BAEL-1410]remove spring-flyway
This commit is contained in:
parent
293968321e
commit
f993bc0435
|
@ -1,6 +1,8 @@
|
||||||
### Spring Boot Security Auto-Configuration
|
### Spring Boot Security Auto-Configuration
|
||||||
|
|
||||||
- mvn clean install
|
- mvn clean install
|
||||||
- uncomment in application.properties spring.profiles.active=basic # for basic auth config
|
- uncomment actuator dependency simultaneously with the line from basic auth main class
|
||||||
- uncomment in application.properties spring.profiles.active=form # for form based auth config
|
- uncomment security properties for easy testing. If not random will be generated.
|
||||||
- uncomment actuator dependency simultaneously with the line from main class
|
|
||||||
|
### CURL commands
|
||||||
|
- curl -X POST -u baeldung-admin:baeldung -d grant_type=client_credentials -d username=baeldung-admin -d password=baeldung http://localhost:8080/oauth/token
|
||||||
|
|
|
@ -43,6 +43,10 @@
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security.oauth</groupId>
|
||||||
|
<artifactId>spring-security-oauth2</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-web</artifactId>
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
package com.baeldung.springbootsecurity;
|
package com.baeldung.springbootsecurity.basic_auth;
|
||||||
|
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
@ -7,7 +7,7 @@ import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
|
||||||
@SpringBootApplication(exclude = {
|
@SpringBootApplication(exclude = {
|
||||||
SecurityAutoConfiguration.class
|
SecurityAutoConfiguration.class
|
||||||
// ,ManagementWebSecurityAutoConfiguration.class
|
// ,ManagementWebSecurityAutoConfiguration.class
|
||||||
})
|
}, scanBasePackages = "com.baeldung.springbootsecurity.basic_auth")
|
||||||
public class SpringBootSecurityApplication {
|
public class SpringBootSecurityApplication {
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
|
@ -1,7 +1,6 @@
|
||||||
package com.baeldung.springbootsecurity.config;
|
package com.baeldung.springbootsecurity.basic_auth.config;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.Profile;
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
@ -9,8 +8,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@Profile("basic")
|
public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
public class BasicConfiguration extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
@ -1,39 +0,0 @@
|
||||||
package com.baeldung.springbootsecurity.config;
|
|
||||||
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.context.annotation.Profile;
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
@EnableWebSecurity
|
|
||||||
@Profile("form")
|
|
||||||
public class FormLoginConfiguration extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
||||||
auth
|
|
||||||
.inMemoryAuthentication()
|
|
||||||
.withUser("user")
|
|
||||||
.password("password")
|
|
||||||
.roles("USER")
|
|
||||||
.and()
|
|
||||||
.withUser("admin")
|
|
||||||
.password("password")
|
|
||||||
.roles("USER", "ADMIN");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.authorizeRequests()
|
|
||||||
.anyRequest()
|
|
||||||
.authenticated()
|
|
||||||
.and()
|
|
||||||
.formLogin()
|
|
||||||
.and()
|
|
||||||
.httpBasic();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2resource;
|
||||||
|
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
@EnableResourceServer
|
||||||
|
@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2resource")
|
||||||
|
public class SpringBootOAuth2ResourceApplication {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
new SpringApplicationBuilder()
|
||||||
|
.profiles("resource")
|
||||||
|
.sources(SpringBootOAuth2ResourceApplication.class)
|
||||||
|
.build()
|
||||||
|
.run(args);
|
||||||
|
}
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
class SecuredResourceController {
|
||||||
|
|
||||||
|
@GetMapping("/securedResource")
|
||||||
|
public String securedResource() {
|
||||||
|
return "Baeldung Secured Resource OK";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2server;
|
||||||
|
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import java.security.Principal;
|
||||||
|
|
||||||
|
@EnableResourceServer
|
||||||
|
@EnableAuthorizationServer
|
||||||
|
@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2server")
|
||||||
|
public class SpringBootAuthorizationServerApplication {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(SpringBootAuthorizationServerApplication.class, args);
|
||||||
|
}
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
class UserController {
|
||||||
|
|
||||||
|
@GetMapping("/user")
|
||||||
|
public Principal user(Principal user) {
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2server.config;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Profile;
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@Profile("authz")
|
||||||
|
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AuthenticationManager authenticationManager;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
||||||
|
endpoints.authenticationManager(authenticationManager);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
||||||
|
clients
|
||||||
|
.inMemory()
|
||||||
|
.withClient("baeldung")
|
||||||
|
.secret("baeldung")
|
||||||
|
.authorizedGrantTypes("client_credentials", "password", "authorization_code")
|
||||||
|
.scopes("openid", "read")
|
||||||
|
.autoApprove(true)
|
||||||
|
.and()
|
||||||
|
.withClient("baeldung-admin")
|
||||||
|
.secret("baeldung")
|
||||||
|
.authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
|
||||||
|
.scopes("read", "write")
|
||||||
|
.autoApprove(true);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,18 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2sso;
|
||||||
|
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
|
||||||
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
|
|
||||||
|
@EnableOAuth2Sso
|
||||||
|
@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2sso")
|
||||||
|
public class SpringBootOAuth2SsoApplication {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
new SpringApplicationBuilder()
|
||||||
|
.profiles("sso")
|
||||||
|
.sources(SpringBootOAuth2SsoApplication.class)
|
||||||
|
.build()
|
||||||
|
.run(args);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
security.user.password=password
|
||||||
|
security.oauth2.client.client-id=client
|
||||||
|
security.oauth2.client.client-secret=secret
|
|
@ -0,0 +1,2 @@
|
||||||
|
server.port=8081
|
||||||
|
security.oauth2.resource.userInfoUri=http://localhost:8080/user
|
|
@ -0,0 +1,9 @@
|
||||||
|
server.port=8082
|
||||||
|
security.oauth2.client.clientId=<generated_app_id>
|
||||||
|
security.oauth2.client.clientSecret=<app_secret>
|
||||||
|
security.oauth2.client.accessTokenUri=https://graph.facebook.com/oauth/access_token
|
||||||
|
security.oauth2.client.userAuthorizationUri=https://www.facebook.com/dialog/oauth
|
||||||
|
security.oauth2.client.tokenName=oauth_token
|
||||||
|
security.oauth2.client.authenticationScheme=query
|
||||||
|
security.oauth2.client.clientAuthenticationScheme=form
|
||||||
|
security.oauth2.resource.userInfoUri=https://graph.facebook.com/me
|
|
@ -1,4 +1,4 @@
|
||||||
#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
|
#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
|
||||||
#spring.profiles.active=form
|
#security.user.password=password
|
||||||
#spring.profiles.active=basic
|
#security.oauth2.client.client-id=client
|
||||||
#security.user.password=password
|
#security.oauth2.client.client-secret=secret
|
||||||
|
|
|
@ -1,106 +0,0 @@
|
||||||
package com.baeldung.springbootsecurity;
|
|
||||||
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.boot.context.embedded.LocalServerPort;
|
|
||||||
import org.springframework.boot.test.context.SpringBootTest;
|
|
||||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
|
||||||
import org.springframework.http.*;
|
|
||||||
import org.springframework.test.context.ActiveProfiles;
|
|
||||||
import org.springframework.test.context.junit4.SpringRunner;
|
|
||||||
import org.springframework.util.LinkedMultiValueMap;
|
|
||||||
import org.springframework.util.MultiValueMap;
|
|
||||||
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.regex.Matcher;
|
|
||||||
import java.util.regex.Pattern;
|
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
|
||||||
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
|
|
||||||
|
|
||||||
@RunWith(SpringRunner.class)
|
|
||||||
@SpringBootTest(webEnvironment = RANDOM_PORT)
|
|
||||||
@ActiveProfiles("form")
|
|
||||||
public class FormConfigurationIntegrationTest {
|
|
||||||
|
|
||||||
@Autowired TestRestTemplate restTemplate;
|
|
||||||
@LocalServerPort int port;
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void whenLoginPageIsRequested_ThenSuccess() {
|
|
||||||
HttpHeaders httpHeaders = new HttpHeaders();
|
|
||||||
httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
|
|
||||||
ResponseEntity<String> responseEntity = restTemplate.exchange("/login", HttpMethod.GET, new HttpEntity<Void>(httpHeaders), String.class);
|
|
||||||
assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
|
|
||||||
assertTrue(responseEntity
|
|
||||||
.getBody()
|
|
||||||
.contains("_csrf"));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void whenTryingToLoginWithCorrectCredentials_ThenAuthenticateWithSuccess() {
|
|
||||||
HttpHeaders httpHeaders = getHeaders();
|
|
||||||
httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
|
|
||||||
httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
|
|
||||||
MultiValueMap<String, String> form = getFormSubmitCorrectCredentials();
|
|
||||||
ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
|
|
||||||
assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
|
|
||||||
assertTrue(responseEntity
|
|
||||||
.getHeaders()
|
|
||||||
.getLocation()
|
|
||||||
.toString()
|
|
||||||
.endsWith(this.port + "/"));
|
|
||||||
assertNotNull(responseEntity
|
|
||||||
.getHeaders()
|
|
||||||
.get("Set-Cookie"));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void whenTryingToLoginWithInorrectCredentials_ThenAuthenticationFailed() {
|
|
||||||
HttpHeaders httpHeaders = getHeaders();
|
|
||||||
httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
|
|
||||||
httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
|
|
||||||
MultiValueMap<String, String> form = getFormSubmitIncorrectCredentials();
|
|
||||||
ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
|
|
||||||
assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
|
|
||||||
assertTrue(responseEntity
|
|
||||||
.getHeaders()
|
|
||||||
.getLocation()
|
|
||||||
.toString()
|
|
||||||
.endsWith(this.port + "/login?error"));
|
|
||||||
assertNull(responseEntity
|
|
||||||
.getHeaders()
|
|
||||||
.get("Set-Cookie"));
|
|
||||||
}
|
|
||||||
|
|
||||||
private MultiValueMap<String, String> getFormSubmitCorrectCredentials() {
|
|
||||||
MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
|
|
||||||
form.set("username", "user");
|
|
||||||
form.set("password", "password");
|
|
||||||
return form;
|
|
||||||
}
|
|
||||||
|
|
||||||
private MultiValueMap<String, String> getFormSubmitIncorrectCredentials() {
|
|
||||||
MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
|
|
||||||
form.set("username", "user");
|
|
||||||
form.set("password", "wrongpassword");
|
|
||||||
return form;
|
|
||||||
}
|
|
||||||
|
|
||||||
private HttpHeaders getHeaders() {
|
|
||||||
HttpHeaders headers = new HttpHeaders();
|
|
||||||
ResponseEntity<String> page = this.restTemplate.getForEntity("/login", String.class);
|
|
||||||
assertEquals(page.getStatusCode(), HttpStatus.OK);
|
|
||||||
String cookie = page
|
|
||||||
.getHeaders()
|
|
||||||
.getFirst("Set-Cookie");
|
|
||||||
headers.set("Cookie", cookie);
|
|
||||||
Pattern pattern = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*");
|
|
||||||
Matcher matcher = pattern.matcher(page.getBody());
|
|
||||||
assertTrue(matcher.matches());
|
|
||||||
headers.set("X-CSRF-TOKEN", matcher.group(1));
|
|
||||||
return headers;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,5 +1,6 @@
|
||||||
package com.baeldung.springbootsecurity;
|
package com.baeldung.springbootsecurity.basic_auth;
|
||||||
|
|
||||||
|
import com.baeldung.springbootsecurity.basic_auth.SpringBootSecurityApplication;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.runner.RunWith;
|
||||||
|
@ -8,7 +9,6 @@ import org.springframework.boot.test.context.SpringBootTest;
|
||||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.test.context.ActiveProfiles;
|
|
||||||
import org.springframework.test.context.junit4.SpringRunner;
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -20,9 +20,8 @@ import static org.junit.Assert.assertTrue;
|
||||||
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
|
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
|
||||||
|
|
||||||
@RunWith(SpringRunner.class)
|
@RunWith(SpringRunner.class)
|
||||||
@SpringBootTest(webEnvironment = RANDOM_PORT)
|
@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
|
||||||
@ActiveProfiles("basic")
|
public class BasicAuthConfigurationIntegrationTest {
|
||||||
public class BasicConfigurationIntegrationTest {
|
|
||||||
|
|
||||||
TestRestTemplate restTemplate;
|
TestRestTemplate restTemplate;
|
||||||
URL base;
|
URL base;
|
|
@ -0,0 +1,75 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2server;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.boot.test.context.SpringBootTest;
|
||||||
|
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
||||||
|
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
|
||||||
|
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
|
||||||
|
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
|
||||||
|
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
|
||||||
|
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||||
|
import org.springframework.test.context.ActiveProfiles;
|
||||||
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
|
|
||||||
|
import static java.lang.String.format;
|
||||||
|
import static java.util.Collections.singletonList;
|
||||||
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
|
||||||
|
|
||||||
|
@RunWith(SpringRunner.class)
|
||||||
|
@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class)
|
||||||
|
@ActiveProfiles("authz")
|
||||||
|
public class CustomConfigAuthorizationServerIntegrationTest {
|
||||||
|
|
||||||
|
@Value("${local.server.port}") protected int port;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
|
||||||
|
ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
|
||||||
|
resourceDetails.setClientId("baeldung");
|
||||||
|
resourceDetails.setClientSecret("baeldung");
|
||||||
|
resourceDetails.setScope(singletonList("read"));
|
||||||
|
DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
|
||||||
|
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
|
||||||
|
restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
|
||||||
|
OAuth2AccessToken accessToken = restTemplate.getAccessToken();
|
||||||
|
assertNotNull(accessToken);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(expected = OAuth2AccessDeniedException.class)
|
||||||
|
public void whenAccessTokenIsRequestedWithInvalidException_ThenExceptionIsThrown() {
|
||||||
|
ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
|
||||||
|
resourceDetails.setClientId("baeldung");
|
||||||
|
resourceDetails.setClientSecret("baeldung");
|
||||||
|
resourceDetails.setScope(singletonList("write"));
|
||||||
|
DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
|
||||||
|
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
|
||||||
|
restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
|
||||||
|
restTemplate.getAccessToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void whenAccessTokenIsRequestedByClientWithWriteScope_ThenAccessTokenIsNotNull() {
|
||||||
|
ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
|
||||||
|
resourceDetails.setClientId("baeldung-admin");
|
||||||
|
resourceDetails.setClientSecret("baeldung");
|
||||||
|
resourceDetails.setScope(singletonList("write"));
|
||||||
|
DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
|
||||||
|
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
|
||||||
|
restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
|
||||||
|
OAuth2AccessToken accessToken = restTemplate.getAccessToken();
|
||||||
|
assertNotNull(accessToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
private ClientCredentialsResourceDetails getClientCredentialsResourceDetails() {
|
||||||
|
ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
|
||||||
|
resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
|
||||||
|
resourceDetails.setGrantType("client_credentials");
|
||||||
|
return resourceDetails;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
package com.baeldung.springbootsecurity.oauth2server;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.boot.test.context.SpringBootTest;
|
||||||
|
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
||||||
|
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
|
||||||
|
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
|
||||||
|
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
|
||||||
|
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||||
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
|
|
||||||
|
import static java.lang.String.format;
|
||||||
|
import static java.util.Arrays.asList;
|
||||||
|
import static java.util.Collections.singletonList;
|
||||||
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
|
||||||
|
|
||||||
|
@RunWith(SpringRunner.class)
|
||||||
|
@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class,
|
||||||
|
properties = { "security.oauth2.client.client-id=client", "security.oauth2.client.client-secret=secret" })
|
||||||
|
public class DefaultConfigAuthorizationServerIntegrationTest {
|
||||||
|
|
||||||
|
@Value("${local.server.port}") protected int port;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
|
||||||
|
ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
|
||||||
|
resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
|
||||||
|
resourceDetails.setClientId("client");
|
||||||
|
resourceDetails.setClientSecret("secret");
|
||||||
|
resourceDetails.setGrantType("client_credentials");
|
||||||
|
resourceDetails.setScope(asList("read", "write"));
|
||||||
|
DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
|
||||||
|
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
|
||||||
|
restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
|
||||||
|
OAuth2AccessToken accessToken = restTemplate.getAccessToken();
|
||||||
|
assertNotNull(accessToken);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue