GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Boot
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6826 Commits
25 Branches
214 Tags
283 MiB
 
 
Tree: 2a8a3741f5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2a8a3741f5'
${ noResults }
spring-boot/spring-boot-samples/spring-boot-sample-secure-o.../src/test/java/sample/secure/oauth2/SampleSecureOAuth2Applicati...

110 lines
4.3 KiB
Raw Blame History

package sample.secure.oauth2;
import java.util.Map;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.boot.test.WebIntegrationTest;
import org.springframework.hateoas.MediaTypes;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.web.context.WebApplicationContext;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.webAppContextSetup;
/**
* Series of automated integration tests to verify proper behavior of auto-configured,
* OAuth2-secured system
*
* @author Greg Turnquist
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(SampleSecureOAuth2Application.class)
@WebIntegrationTest(randomPort = true)
public class SampleSecureOAuth2ApplicationTests {
@Autowired
WebApplicationContext context;
@Autowired
FilterChainProxy filterChain;
private MockMvc mvc;
private final ObjectMapper objectMapper = new ObjectMapper();
@Before
public void setUp() {
this.mvc = webAppContextSetup(this.context).addFilters(this.filterChain).build();
SecurityContextHolder.clearContext();
}
@Test
public void everythingIsSecuredByDefault() throws Exception {
this.mvc.perform(get("/").accept(MediaTypes.HAL_JSON))
.andExpect(status().isUnauthorized()).andDo(print());
this.mvc.perform(get("/flights").accept(MediaTypes.HAL_JSON))
.andExpect(status().isUnauthorized()).andDo(print());
this.mvc.perform(get("/flights/1").accept(MediaTypes.HAL_JSON))
.andExpect(status().isUnauthorized()).andDo(print());
this.mvc.perform(get("/alps").accept(MediaTypes.HAL_JSON))
.andExpect(status().isUnauthorized()).andDo(print());
}
@Test
@Ignore
public void accessingRootUriPossibleWithUserAccount() throws Exception {
String header = "Basic " + new String(Base64.encode("greg:turnquist".getBytes()));
this.mvc.perform(
get("/").accept(MediaTypes.HAL_JSON).header("Authorization", header))
.andExpect(
header().string("Content-Type", MediaTypes.HAL_JSON.toString()))
.andExpect(status().isOk()).andDo(print());
}
@Test
public void useAppSecretsPlusUserAccountToGetBearerToken() throws Exception {
String header = "Basic " + new String(Base64.encode("foo:bar".getBytes()));
MvcResult result = this.mvc
.perform(post("/oauth/token").header("Authorization", header)
.param("grant_type", "password").param("scope", "read")
.param("username", "greg").param("password", "turnquist"))
.andExpect(status().isOk()).andDo(print()).andReturn();
Object accessToken = this.objectMapper
.readValue(result.getResponse().getContentAsString(), Map.class)
.get("access_token");
MvcResult flightsAction = this.mvc
.perform(get("/flights/1").accept(MediaTypes.HAL_JSON)
.header("Authorization", "Bearer " + accessToken))
.andExpect(
header().string("Content-Type", MediaTypes.HAL_JSON.toString()))
.andExpect(status().isOk()).andDo(print()).andReturn();
Flight flight = this.objectMapper.readValue(
flightsAction.getResponse().getContentAsString(), Flight.class);
assertThat(flight.getOrigin(), is("Nashville"));
assertThat(flight.getDestination(), is("Dallas"));
assertThat(flight.getAirline(), is("Spring Ways"));
assertThat(flight.getFlightNumber(), is("OAUTH2"));
assertThat(flight.getTraveler(), is("Greg Turnquist"));
}
}