Hi Stein, thanks - having new energies on Oltu is priceless!!!
I'd suggest to get a little step back to our old best-practices, splitting commits per issue, otherwise it is not easy to understand which changes are related to OLTU-16, which to OLTU-31 and which to OLTU-5. WDYT? Tia and all the best! -Simo http://people.apache.org/~simonetripodi/ http://simonetripodi.livejournal.com/ http://twitter.com/simonetripodi http://www.99soft.org/ On Wed, May 15, 2013 at 10:56 PM, <[email protected]> wrote: > Author: stein > Date: Wed May 15 20:56:34 2013 > New Revision: 1483076 > > URL: http://svn.apache.org/r1483076 > Log: > OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token > endpoint > > Added: > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java > - copied, changed from r1483016, > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java > Modified: > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java > > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java > oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml > > Modified: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > (original) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > Wed May 15 20:56:34 2013 > @@ -38,10 +38,8 @@ import org.junit.Test; > */ > public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { > > - > @Test > public void testSuccessfullAccesToken() throws Exception { > - > OAuthClientRequest request = OAuthClientRequest > .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > .setGrantType(GrantType.AUTHORIZATION_CODE) > @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest > OAuthAccessTokenResponse response = oAuthClient.accessToken(request); > assertNotNull(response.getAccessToken()); > assertNotNull(response.getExpiresIn()); > - > - > } > > @Test > - public void testSuccessfullAccesTokenGETMethod() throws Exception { > - > + public void testInvalidClientCredentials() throws Exception { > OAuthClientRequest request = OAuthClientRequest > .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > .setGrantType(GrantType.AUTHORIZATION_CODE) > - .setCode(Common.AUTHORIZATION_CODE) > .setRedirectURI(Common.REDIRECT_URL) > + .setCode(Common.AUTHORIZATION_CODE) > .setClientId(Common.CLIENT_ID) > - .setClientSecret(Common.CLIENT_SECRET) > - .buildQueryMessage(); > + .setClientSecret("wrongSecret") > + .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, > OAuth.HttpMethod.GET); > - assertNotNull(response.getAccessToken()); > - assertNotNull(response.getExpiresIn()); > - > > + try { > + oAuthClient.accessToken(request); > + fail("exception expected"); > + } catch (OAuthProblemException e) { > + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, > e.getError()); > + } > } > > @Test > @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest > .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > .setGrantType(null) > .setClientId(Common.CLIENT_ID) > + .setClientSecret(Common.CLIENT_SECRET) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest > .setGrantType(GrantType.AUTHORIZATION_CODE) > .setCode(Common.AUTHORIZATION_CODE) > .setClientId("unknownid") > + .setClientSecret(Common.CLIENT_SECRET) > .setRedirectURI(Common.REDIRECT_URL) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, > e.getError()); > } > } > > @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest > .setCode(Common.AUTHORIZATION_CODE) > .setRedirectURI(Common.REDIRECT_URL) > .setClientId(Common.CLIENT_ID) > + .setClientSecret(Common.CLIENT_SECRET) > .buildBodyMessage(); > > OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthclient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > } > - > } > > @Test > @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest > .setRedirectURI(Common.REDIRECT_URL) > .setCode("unknown_code") > .setClientId(Common.CLIENT_ID) > + .setClientSecret(Common.CLIENT_SECRET) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest > oAuthClient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, > e.getError()); > } > - > } > } > \ No newline at end of file > > Modified: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java > (original) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java > Wed May 15 20:56:34 2013 > @@ -78,7 +78,7 @@ public final class Common { > public static final String HEADER_AUTHORIZATION = "Authorization"; > > public static final String AUTHORIZATION_CODE = "known_authz_code"; > - > + public static final String STATE = "abcde"; > > public static final String ASSERTION = "<samlp:AuthnRequest\n" > + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" > @@ -96,6 +96,7 @@ public final class Common { > public static final String ASSERTION_TYPE = > "http://xml.coverpages.org/saml.html";; > > public static final String ACCESS_TOKEN_ENDPOINT = > "http://localhost:9001/auth/oauth2/token";; > + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = > "http://localhost:9001/auth/oauth2/unauth-token";; > public static final String AUTHORIZATION_ENPOINT = > "http://localhost:9001/auth/oauth2/authz";; > public static final String REDIRECT_URL = > "http://localhost:9002/auth/oauth2/redirect";; > public static final String RESOURCE_SERVER = > "http://localhost:9003/resource_server";; > > Modified: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java > (original) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java > Wed May 15 20:56:34 2013 > @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex > > @Test > public void testWrongParametersEndUserAuthorization() throws Exception { > - > - > OAuthClientRequest request = OAuthClientRequest > .authorizationLocation(Common.AUTHORIZATION_ENPOINT) > .setClientId(Common.CLIENT_ID) > @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex > > @Test > public void testCorrectParametersEndUserAuthorization() throws Exception > { > - > OAuthClientRequest request = OAuthClientRequest > .authorizationLocation(Common.AUTHORIZATION_ENPOINT) > .setClientId(Common.CLIENT_ID) > .setRedirectURI(Common.REDIRECT_URL + "1") > .setResponseType(ResponseType.CODE.toString()) > + .setState(Common.STATE) > .buildQueryMessage(); > > Common.doRequest(request); > @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex > @GET > @Path("/redirect") > public Response callback(@Context HttpServletRequest request) throws > Exception { > - > OAuthClientResponse resp = null; > try { > OAuthAuthzResponse.oauthCodeAuthzResponse(request); > @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex > assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, > e.getError()); > } > > - > return Response.ok().build(); > } > > @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex > fail("exception not expected"); > } > > - > return Response.ok().build(); > } > > > Copied: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java > (from r1483016, > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java) > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java > (original) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java > Wed May 15 20:56:34 2013 > @@ -36,60 +36,34 @@ import org.junit.Test; > * > * > */ > -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { > - > +public class UnauthenticatedAccessTokenTestAuthCodeTest extends > ClientServerOAuthTest { > > @Test > - public void testSuccessfullAccesToken() throws Exception { > - > + public void testSuccessfulAccessToken() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setGrantType(GrantType.AUTHORIZATION_CODE) > .setCode(Common.AUTHORIZATION_CODE) > .setRedirectURI(Common.REDIRECT_URL) > .setClientId(Common.CLIENT_ID) > - .setClientSecret(Common.CLIENT_SECRET) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > OAuthAccessTokenResponse response = oAuthClient.accessToken(request); > assertNotNull(response.getAccessToken()); > assertNotNull(response.getExpiresIn()); > - > - > - } > - > - @Test > - public void testSuccessfullAccesTokenGETMethod() throws Exception { > - > - OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > - .setGrantType(GrantType.AUTHORIZATION_CODE) > - .setCode(Common.AUTHORIZATION_CODE) > - .setRedirectURI(Common.REDIRECT_URL) > - .setClientId(Common.CLIENT_ID) > - .setClientSecret(Common.CLIENT_SECRET) > - .buildQueryMessage(); > - > - OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > - OAuthAccessTokenResponse response = oAuthClient.accessToken(request, > OAuth.HttpMethod.GET); > - assertNotNull(response.getAccessToken()); > - assertNotNull(response.getExpiresIn()); > - > - > } > > @Test > public void testNoneGrantType() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setGrantType(null) > .setClientId(Common.CLIENT_ID) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest > @Test > public void testInvalidRequest() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setClientId(Common.CLIENT_ID) > .buildBodyMessage(); > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest > @Test > public void testInvalidClient() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setGrantType(GrantType.AUTHORIZATION_CODE) > .setCode(Common.AUTHORIZATION_CODE) > .setClientId("unknownid") > @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest > > OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthClient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, > e.getError()); > } > } > > @Test > public void testInvalidGrantType() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type") > .setCode(Common.AUTHORIZATION_CODE) > .setRedirectURI(Common.REDIRECT_URL) > @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest > > OAuthClient oAuthclient = new OAuthClient(new URLConnectionClient()); > > - > try { > oAuthclient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > } > - > } > > @Test > public void testInvalidCode() throws Exception { > OAuthClientRequest request = OAuthClientRequest > - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) > + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) > .setGrantType(GrantType.AUTHORIZATION_CODE) > .setRedirectURI(Common.REDIRECT_URL) > .setCode("unknown_code") > @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest > oAuthClient.accessToken(request); > fail("exception expected"); > } catch (OAuthProblemException e) { > - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, > e.getError()); > + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, > e.getError()); > } > - > } > } > \ No newline at end of file > > Modified: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java > (original) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java > Wed May 15 20:56:34 2013 > @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio > @Path("/token") > public class TokenEndpoint { > > + public static final String INVALID_CLIENT_DESCRIPTION = "Client > authentication failed (e.g., unknown client, no client authentication > included, or unsupported authentication method)."; > + > @POST > @Consumes("application/x-www-form-urlencoded") > @Produces("application/json") > @@ -63,17 +65,26 @@ public class TokenEndpoint { > > try { > oauthRequest = new OAuthTokenRequest(request); > - > - //check if clientid is valid > - if > (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { > + > + // check if clientid is valid > + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) { > OAuthResponse response = > > OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) > - > .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id > not found") > + > .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) > + .buildJSONMessage(); > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } > + > + // check if client_secret is valid > + if > (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) { > + OAuthResponse response = > + > OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED) > + > .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) > .buildJSONMessage(); > return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > } > > - //do checking for different grant types > + // do checking for different grant types > if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) > .equals(GrantType.AUTHORIZATION_CODE.toString())) { > if > (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) { > @@ -97,6 +108,7 @@ public class TokenEndpoint { > } > } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) > .equals(GrantType.REFRESH_TOKEN.toString())) { > + // refresh token is not supported in this implementation > OAuthResponse response = OAuthASResponse > .errorResponse(HttpServletResponse.SC_BAD_REQUEST) > .setError(OAuthError.TokenResponse.INVALID_GRANT) > @@ -110,8 +122,8 @@ public class TokenEndpoint { > .setAccessToken(oauthIssuerImpl.accessToken()) > .setExpiresIn("3600") > .buildJSONMessage(); > - > return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + > } catch (OAuthProblemException e) { > OAuthResponse res = > OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) > .buildJSONMessage(); > @@ -119,19 +131,4 @@ public class TokenEndpoint { > } > } > > - @GET > - @Consumes("application/x-www-form-urlencoded") > - @Produces("application/json") > - public Response authorizeGet(@Context HttpServletRequest request) throws > OAuthSystemException { > - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new > MD5Generator()); > - > - OAuthResponse response = OAuthASResponse > - .tokenResponse(HttpServletResponse.SC_OK) > - .setAccessToken(oauthIssuerImpl.accessToken()) > - .setExpiresIn("3600") > - .buildJSONMessage(); > - > - return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > - } > - > } > \ No newline at end of file > > Added: > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto > ============================================================================== > --- > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java > (added) > +++ > oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java > Wed May 15 20:56:34 2013 > @@ -0,0 +1,123 @@ > +/** > + * Copyright 2010 Newcastle University > + * > + * http://research.ncl.ac.uk/smart/ > + * > + * Licensed to the Apache Software Foundation (ASF) under one or more > + * contributor license agreements. See the NOTICE file distributed with > + * this work for additional information regarding copyright ownership. > + * The ASF licenses this file to You under the Apache License, Version 2.0 > + * (the "License"); you may not use this file except in compliance with > + * the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > + * See the License for the specific language governing permissions and > + * limitations under the License. > + */ > + > +package org.apache.oltu.oauth2.integration.endpoints; > + > +import javax.servlet.http.HttpServletRequest; > +import javax.servlet.http.HttpServletResponse; > +import javax.ws.rs.Consumes; > +import javax.ws.rs.GET; > +import javax.ws.rs.POST; > +import javax.ws.rs.Path; > +import javax.ws.rs.Produces; > +import javax.ws.rs.core.Context; > +import javax.ws.rs.core.Response; > + > +import org.apache.oltu.oauth2.as.issuer.MD5Generator; > +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer; > +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; > +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest; > +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest; > +import org.apache.oltu.oauth2.as.response.OAuthASResponse; > +import org.apache.oltu.oauth2.common.OAuth; > +import org.apache.oltu.oauth2.common.error.OAuthError; > +import org.apache.oltu.oauth2.common.exception.OAuthProblemException; > +import org.apache.oltu.oauth2.common.exception.OAuthSystemException; > +import org.apache.oltu.oauth2.common.message.OAuthResponse; > +import org.apache.oltu.oauth2.common.message.types.GrantType; > +import org.apache.oltu.oauth2.integration.Common; > + > +/** > + * > + * > + * > + */ > +@Path("/unauth-token") > +public class UnauthenticatedTokenEndpoint { > + > + @POST > + @Consumes("application/x-www-form-urlencoded") > + @Produces("application/json") > + public Response token(@Context HttpServletRequest request) throws > OAuthSystemException { > + > + OAuthUnauthenticatedTokenRequest oauthRequest = null; > + > + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new > MD5Generator()); > + > + try { > + oauthRequest = new OAuthUnauthenticatedTokenRequest(request); > + > + // check if clientid is valid > + if > (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { > + OAuthResponse response = > + > OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) > + > .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id > not found") > + .buildJSONMessage(); > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } > + > + // do checking for different grant types > + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) > + .equals(GrantType.AUTHORIZATION_CODE.toString())) { > + if > (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) { > + OAuthResponse response = OAuthASResponse > + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) > + .setError(OAuthError.TokenResponse.INVALID_GRANT) > + .setErrorDescription("invalid authorization code") > + .buildJSONMessage(); > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } > + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) > + .equals(GrantType.PASSWORD.toString())) { > + if (!Common.PASSWORD.equals(oauthRequest.getPassword()) > + || !Common.USERNAME.equals(oauthRequest.getUsername())) { > + OAuthResponse response = OAuthASResponse > + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) > + .setError(OAuthError.TokenResponse.INVALID_GRANT) > + .setErrorDescription("invalid username or password") > + .buildJSONMessage(); > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } > + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) > + .equals(GrantType.REFRESH_TOKEN.toString())) { > + // refresh token is not supported in this implementation > hence the oauth error. > + OAuthResponse response = OAuthASResponse > + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) > + .setError(OAuthError.TokenResponse.INVALID_GRANT) > + .setErrorDescription("invalid username or password") > + .buildJSONMessage(); > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } > + > + OAuthResponse response = OAuthASResponse > + .tokenResponse(HttpServletResponse.SC_OK) > + .setAccessToken(oauthIssuerImpl.accessToken()) > + .setExpiresIn("3600") > + .buildJSONMessage(); > + > + return > Response.status(response.getResponseStatus()).entity(response.getBody()).build(); > + } catch (OAuthProblemException e) { > + OAuthResponse res = > OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) > + .buildJSONMessage(); > + return > Response.status(res.getResponseStatus()).entity(res.getBody()).build(); > + } > + } > +} > \ No newline at end of file > > Modified: > oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml > URL: > http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff > ============================================================================== > --- oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml > (original) > +++ oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml > Wed May 15 20:56:34 2013 > @@ -48,12 +48,13 @@ > <jaxrs:serviceBeans> > <ref bean="authzEndpoint"/> > <ref bean="tokenEndpoint"/> > + <ref bean="unauthenticatedTokenEndpoint"/> > </jaxrs:serviceBeans> > </jaxrs:server> > > - <bean id="authzEndpoint" > - > class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> > + <bean id="authzEndpoint" > class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> > <bean id="tokenEndpoint" > class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/> > + <bean id="unauthenticatedTokenEndpoint" > class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/> > > <!--OAuth Client --> > <jaxrs:server id="oauthClient" > address="http://localhost:9002/auth/oauth2/";> > >
