Cool, thanks for the update! Alles Gute, -Simo
http://people.apache.org/~simonetripodi/ http://simonetripodi.livejournal.com/ http://twitter.com/simonetripodi http://www.99soft.org/ On Wed, May 15, 2013 at 11:50 PM, Stein Welberg <[email protected]> wrote: > I agree, > > However these issues (and the fix) were really related to each other. (And I > was a little to eager to take on both at the same time ;-)) > > Also OLTU-5 and OLTU-31 were the same issues.. > > Regards, > Stein > > On 15 mei 2013, at 23:34, Simone Tripodi <[email protected]> wrote: > >> Hi Stein, >> >> thanks - having new energies on Oltu is priceless!!! >> >> I'd suggest to get a little step back to our old best-practices, >> splitting commits per issue, otherwise it is not easy to understand >> which changes are related to OLTU-16, which to OLTU-31 and which to >> OLTU-5. >> >> WDYT? >> Tia and all the best! >> -Simo >> >> http://people.apache.org/~simonetripodi/ >> http://simonetripodi.livejournal.com/ >> http://twitter.com/simonetripodi >> http://www.99soft.org/ >> >> >> On Wed, May 15, 2013 at 10:56 PM, <[email protected]> wrote: >>> Author: stein >>> Date: Wed May 15 20:56:34 2013 >>> New Revision: 1483076 >>> >>> URL: http://svn.apache.org/r1483076 >>> Log: >>> OLTU-16 OLTU-31 OLTU-5 Update integration tests. Add unauthenticated token >>> endpoint >>> >>> Added: >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >>> - copied, changed from r1483016, >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> Modified: >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >>> >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >>> >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> Wed May 15 20:56:34 2013 >>> @@ -38,10 +38,8 @@ import org.junit.Test; >>> */ >>> public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { >>> >>> - >>> @Test >>> public void testSuccessfullAccesToken() throws Exception { >>> - >>> OAuthClientRequest request = OAuthClientRequest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> @@ -55,28 +53,27 @@ public class AccessTokenTestAuthCodeTest >>> OAuthAccessTokenResponse response = >>> oAuthClient.accessToken(request); >>> assertNotNull(response.getAccessToken()); >>> assertNotNull(response.getExpiresIn()); >>> - >>> - >>> } >>> >>> @Test >>> - public void testSuccessfullAccesTokenGETMethod() throws Exception { >>> - >>> + public void testInvalidClientCredentials() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> - .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> + .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> - .buildQueryMessage(); >>> + .setClientSecret("wrongSecret") >>> + .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> - OAuthAccessTokenResponse response = >>> oAuthClient.accessToken(request, OAuth.HttpMethod.GET); >>> - assertNotNull(response.getAccessToken()); >>> - assertNotNull(response.getExpiresIn()); >>> - >>> >>> + try { >>> + oAuthClient.accessToken(request); >>> + fail("exception expected"); >>> + } catch (OAuthProblemException e) { >>> + assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, >>> e.getError()); >>> + } >>> } >>> >>> @Test >>> @@ -85,11 +82,11 @@ public class AccessTokenTestAuthCodeTest >>> .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(null) >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -107,7 +104,6 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -123,17 +119,17 @@ public class AccessTokenTestAuthCodeTest >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId("unknownid") >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, >>> e.getError()); >>> } >>> } >>> >>> @@ -145,18 +141,17 @@ public class AccessTokenTestAuthCodeTest >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthclient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthclient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> } >>> - >>> } >>> >>> @Test >>> @@ -167,6 +162,7 @@ public class AccessTokenTestAuthCodeTest >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setCode("unknown_code") >>> .setClientId(Common.CLIENT_ID) >>> + .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> @@ -175,8 +171,7 @@ public class AccessTokenTestAuthCodeTest >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, >>> e.getError()); >>> } >>> - >>> } >>> } >>> \ No newline at end of file >>> >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java?rev=1483076&r1=1483075&r2=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/Common.java >>> Wed May 15 20:56:34 2013 >>> @@ -78,7 +78,7 @@ public final class Common { >>> public static final String HEADER_AUTHORIZATION = "Authorization"; >>> >>> public static final String AUTHORIZATION_CODE = "known_authz_code"; >>> - >>> + public static final String STATE = "abcde"; >>> >>> public static final String ASSERTION = "<samlp:AuthnRequest\n" >>> + " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n" >>> @@ -96,6 +96,7 @@ public final class Common { >>> public static final String ASSERTION_TYPE = >>> "http://xml.coverpages.org/saml.html";; >>> >>> public static final String ACCESS_TOKEN_ENDPOINT = >>> "http://localhost:9001/auth/oauth2/token";; >>> + public static final String UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT = >>> "http://localhost:9001/auth/oauth2/unauth-token";; >>> public static final String AUTHORIZATION_ENPOINT = >>> "http://localhost:9001/auth/oauth2/authz";; >>> public static final String REDIRECT_URL = >>> "http://localhost:9002/auth/oauth2/redirect";; >>> public static final String RESOURCE_SERVER = >>> "http://localhost:9003/resource_server";; >>> >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java?rev=1483076&r1=1483075&r2=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/EndUserAuthorizationTest.java >>> Wed May 15 20:56:34 2013 >>> @@ -51,8 +51,6 @@ public class EndUserAuthorizationTest ex >>> >>> @Test >>> public void testWrongParametersEndUserAuthorization() throws Exception { >>> - >>> - >>> OAuthClientRequest request = OAuthClientRequest >>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >>> .setClientId(Common.CLIENT_ID) >>> @@ -65,12 +63,12 @@ public class EndUserAuthorizationTest ex >>> >>> @Test >>> public void testCorrectParametersEndUserAuthorization() throws >>> Exception { >>> - >>> OAuthClientRequest request = OAuthClientRequest >>> .authorizationLocation(Common.AUTHORIZATION_ENPOINT) >>> .setClientId(Common.CLIENT_ID) >>> .setRedirectURI(Common.REDIRECT_URL + "1") >>> .setResponseType(ResponseType.CODE.toString()) >>> + .setState(Common.STATE) >>> .buildQueryMessage(); >>> >>> Common.doRequest(request); >>> @@ -98,7 +96,6 @@ public class EndUserAuthorizationTest ex >>> @GET >>> @Path("/redirect") >>> public Response callback(@Context HttpServletRequest request) throws >>> Exception { >>> - >>> OAuthClientResponse resp = null; >>> try { >>> OAuthAuthzResponse.oauthCodeAuthzResponse(request); >>> @@ -107,7 +104,6 @@ public class EndUserAuthorizationTest ex >>> assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, >>> e.getError()); >>> } >>> >>> - >>> return Response.ok().build(); >>> } >>> >>> @@ -122,7 +118,6 @@ public class EndUserAuthorizationTest ex >>> fail("exception not expected"); >>> } >>> >>> - >>> return Response.ok().build(); >>> } >>> >>> >>> Copied: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >>> (from r1483016, >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java) >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java?p2=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java&p1=oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java&r1=1483016&r2=1483076&rev=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenTestAuthCodeTest.java >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/UnauthenticatedAccessTokenTestAuthCodeTest.java >>> Wed May 15 20:56:34 2013 >>> @@ -36,60 +36,34 @@ import org.junit.Test; >>> * >>> * >>> */ >>> -public class AccessTokenTestAuthCodeTest extends ClientServerOAuthTest { >>> - >>> +public class UnauthenticatedAccessTokenTestAuthCodeTest extends >>> ClientServerOAuthTest { >>> >>> @Test >>> - public void testSuccessfullAccesToken() throws Exception { >>> - >>> + public void testSuccessfulAccessToken() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> OAuthAccessTokenResponse response = >>> oAuthClient.accessToken(request); >>> assertNotNull(response.getAccessToken()); >>> assertNotNull(response.getExpiresIn()); >>> - >>> - >>> - } >>> - >>> - @Test >>> - public void testSuccessfullAccesTokenGETMethod() throws Exception { >>> - >>> - OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> - .setGrantType(GrantType.AUTHORIZATION_CODE) >>> - .setCode(Common.AUTHORIZATION_CODE) >>> - .setRedirectURI(Common.REDIRECT_URL) >>> - .setClientId(Common.CLIENT_ID) >>> - .setClientSecret(Common.CLIENT_SECRET) >>> - .buildQueryMessage(); >>> - >>> - OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> - OAuthAccessTokenResponse response = >>> oAuthClient.accessToken(request, OAuth.HttpMethod.GET); >>> - assertNotNull(response.getAccessToken()); >>> - assertNotNull(response.getExpiresIn()); >>> - >>> - >>> } >>> >>> @Test >>> public void testNoneGrantType() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(null) >>> .setClientId(Common.CLIENT_ID) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -101,13 +75,12 @@ public class AccessTokenTestAuthCodeTest >>> @Test >>> public void testInvalidRequest() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setClientId(Common.CLIENT_ID) >>> .buildBodyMessage(); >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> @@ -119,7 +92,7 @@ public class AccessTokenTestAuthCodeTest >>> @Test >>> public void testInvalidClient() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setClientId("unknownid") >>> @@ -128,19 +101,18 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthClient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_CLIENT, >>> e.getError()); >>> } >>> } >>> >>> @Test >>> public void testInvalidGrantType() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setParameter(OAuth.OAUTH_GRANT_TYPE, "unknown_grant_type") >>> .setCode(Common.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> @@ -149,20 +121,18 @@ public class AccessTokenTestAuthCodeTest >>> >>> OAuthClient oAuthclient = new OAuthClient(new >>> URLConnectionClient()); >>> >>> - >>> try { >>> oAuthclient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> } >>> - >>> } >>> >>> @Test >>> public void testInvalidCode() throws Exception { >>> OAuthClientRequest request = OAuthClientRequest >>> - .tokenLocation(Common.ACCESS_TOKEN_ENDPOINT) >>> + .tokenLocation(Common.UNAUTHENTICATED_ACCESS_TOKEN_ENDPOINT) >>> .setGrantType(GrantType.AUTHORIZATION_CODE) >>> .setRedirectURI(Common.REDIRECT_URL) >>> .setCode("unknown_code") >>> @@ -175,8 +145,7 @@ public class AccessTokenTestAuthCodeTest >>> oAuthClient.accessToken(request); >>> fail("exception expected"); >>> } catch (OAuthProblemException e) { >>> - assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, >>> e.getError()); >>> + assertEquals(OAuthError.TokenResponse.INVALID_GRANT, >>> e.getError()); >>> } >>> - >>> } >>> } >>> \ No newline at end of file >>> >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java?rev=1483076&r1=1483075&r2=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/TokenEndpoint.java >>> Wed May 15 20:56:34 2013 >>> @@ -52,6 +52,8 @@ import org.apache.oltu.oauth2.integratio >>> @Path("/token") >>> public class TokenEndpoint { >>> >>> + public static final String INVALID_CLIENT_DESCRIPTION = "Client >>> authentication failed (e.g., unknown client, no client authentication >>> included, or unsupported authentication method)."; >>> + >>> @POST >>> @Consumes("application/x-www-form-urlencoded") >>> @Produces("application/json") >>> @@ -63,17 +65,26 @@ public class TokenEndpoint { >>> >>> try { >>> oauthRequest = new OAuthTokenRequest(request); >>> - >>> - //check if clientid is valid >>> - if >>> (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { >>> + >>> + // check if clientid is valid >>> + if (!Common.CLIENT_ID.equals(oauthRequest.getClientId())) { >>> OAuthResponse response = >>> >>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> - >>> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id >>> not found") >>> + >>> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >>> + .buildJSONMessage(); >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } >>> + >>> + // check if client_secret is valid >>> + if >>> (!Common.CLIENT_SECRET.equals(oauthRequest.getClientSecret())) { >>> + OAuthResponse response = >>> + >>> OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED) >>> + >>> .setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).setErrorDescription(INVALID_CLIENT_DESCRIPTION) >>> .buildJSONMessage(); >>> return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> } >>> >>> - //do checking for different grant types >>> + // do checking for different grant types >>> if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> .equals(GrantType.AUTHORIZATION_CODE.toString())) { >>> if >>> (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) >>> { >>> @@ -97,6 +108,7 @@ public class TokenEndpoint { >>> } >>> } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> .equals(GrantType.REFRESH_TOKEN.toString())) { >>> + // refresh token is not supported in this implementation >>> OAuthResponse response = OAuthASResponse >>> .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> @@ -110,8 +122,8 @@ public class TokenEndpoint { >>> .setAccessToken(oauthIssuerImpl.accessToken()) >>> .setExpiresIn("3600") >>> .buildJSONMessage(); >>> - >>> return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + >>> } catch (OAuthProblemException e) { >>> OAuthResponse res = >>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) >>> .buildJSONMessage(); >>> @@ -119,19 +131,4 @@ public class TokenEndpoint { >>> } >>> } >>> >>> - @GET >>> - @Consumes("application/x-www-form-urlencoded") >>> - @Produces("application/json") >>> - public Response authorizeGet(@Context HttpServletRequest request) >>> throws OAuthSystemException { >>> - OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new >>> MD5Generator()); >>> - >>> - OAuthResponse response = OAuthASResponse >>> - .tokenResponse(HttpServletResponse.SC_OK) >>> - .setAccessToken(oauthIssuerImpl.accessToken()) >>> - .setExpiresIn("3600") >>> - .buildJSONMessage(); >>> - >>> - return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> - } >>> - >>> } >>> \ No newline at end of file >>> >>> Added: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java?rev=1483076&view=auto >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> (added) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/endpoints/UnauthenticatedTokenEndpoint.java >>> Wed May 15 20:56:34 2013 >>> @@ -0,0 +1,123 @@ >>> +/** >>> + * Copyright 2010 Newcastle University >>> + * >>> + * http://research.ncl.ac.uk/smart/ >>> + * >>> + * Licensed to the Apache Software Foundation (ASF) under one or more >>> + * contributor license agreements. See the NOTICE file distributed with >>> + * this work for additional information regarding copyright ownership. >>> + * The ASF licenses this file to You under the Apache License, Version 2.0 >>> + * (the "License"); you may not use this file except in compliance with >>> + * the License. You may obtain a copy of the License at >>> + * >>> + * http://www.apache.org/licenses/LICENSE-2.0 >>> + * >>> + * Unless required by applicable law or agreed to in writing, software >>> + * distributed under the License is distributed on an "AS IS" BASIS, >>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >>> + * See the License for the specific language governing permissions and >>> + * limitations under the License. >>> + */ >>> + >>> +package org.apache.oltu.oauth2.integration.endpoints; >>> + >>> +import javax.servlet.http.HttpServletRequest; >>> +import javax.servlet.http.HttpServletResponse; >>> +import javax.ws.rs.Consumes; >>> +import javax.ws.rs.GET; >>> +import javax.ws.rs.POST; >>> +import javax.ws.rs.Path; >>> +import javax.ws.rs.Produces; >>> +import javax.ws.rs.core.Context; >>> +import javax.ws.rs.core.Response; >>> + >>> +import org.apache.oltu.oauth2.as.issuer.MD5Generator; >>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuer; >>> +import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl; >>> +import org.apache.oltu.oauth2.as.request.OAuthTokenRequest; >>> +import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest; >>> +import org.apache.oltu.oauth2.as.response.OAuthASResponse; >>> +import org.apache.oltu.oauth2.common.OAuth; >>> +import org.apache.oltu.oauth2.common.error.OAuthError; >>> +import org.apache.oltu.oauth2.common.exception.OAuthProblemException; >>> +import org.apache.oltu.oauth2.common.exception.OAuthSystemException; >>> +import org.apache.oltu.oauth2.common.message.OAuthResponse; >>> +import org.apache.oltu.oauth2.common.message.types.GrantType; >>> +import org.apache.oltu.oauth2.integration.Common; >>> + >>> +/** >>> + * >>> + * >>> + * >>> + */ >>> +@Path("/unauth-token") >>> +public class UnauthenticatedTokenEndpoint { >>> + >>> + @POST >>> + @Consumes("application/x-www-form-urlencoded") >>> + @Produces("application/json") >>> + public Response token(@Context HttpServletRequest request) throws >>> OAuthSystemException { >>> + >>> + OAuthUnauthenticatedTokenRequest oauthRequest = null; >>> + >>> + OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new >>> MD5Generator()); >>> + >>> + try { >>> + oauthRequest = new OAuthUnauthenticatedTokenRequest(request); >>> + >>> + // check if clientid is valid >>> + if >>> (!Common.CLIENT_ID.equals(oauthRequest.getParam(OAuth.OAUTH_CLIENT_ID))) { >>> + OAuthResponse response = >>> + >>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> + >>> .setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("client_id >>> not found") >>> + .buildJSONMessage(); >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } >>> + >>> + // do checking for different grant types >>> + if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.AUTHORIZATION_CODE.toString())) { >>> + if >>> (!Common.AUTHORIZATION_CODE.equals(oauthRequest.getParam(OAuth.OAUTH_CODE))) >>> { >>> + OAuthResponse response = OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> + .setErrorDescription("invalid authorization code") >>> + .buildJSONMessage(); >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } >>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.PASSWORD.toString())) { >>> + if (!Common.PASSWORD.equals(oauthRequest.getPassword()) >>> + || >>> !Common.USERNAME.equals(oauthRequest.getUsername())) { >>> + OAuthResponse response = OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> + .setErrorDescription("invalid username or >>> password") >>> + .buildJSONMessage(); >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } >>> + } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE) >>> + .equals(GrantType.REFRESH_TOKEN.toString())) { >>> + // refresh token is not supported in this implementation >>> hence the oauth error. >>> + OAuthResponse response = OAuthASResponse >>> + .errorResponse(HttpServletResponse.SC_BAD_REQUEST) >>> + .setError(OAuthError.TokenResponse.INVALID_GRANT) >>> + .setErrorDescription("invalid username or password") >>> + .buildJSONMessage(); >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } >>> + >>> + OAuthResponse response = OAuthASResponse >>> + .tokenResponse(HttpServletResponse.SC_OK) >>> + .setAccessToken(oauthIssuerImpl.accessToken()) >>> + .setExpiresIn("3600") >>> + .buildJSONMessage(); >>> + >>> + return >>> Response.status(response.getResponseStatus()).entity(response.getBody()).build(); >>> + } catch (OAuthProblemException e) { >>> + OAuthResponse res = >>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e) >>> + .buildJSONMessage(); >>> + return >>> Response.status(res.getResponseStatus()).entity(res.getBody()).build(); >>> + } >>> + } >>> +} >>> \ No newline at end of file >>> >>> Modified: >>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >>> URL: >>> http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml?rev=1483076&r1=1483075&r2=1483076&view=diff >>> ============================================================================== >>> --- >>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >>> (original) >>> +++ >>> oltu/trunk/oauth-2.0/integration-tests/src/test/resources/oauth-beans.xml >>> Wed May 15 20:56:34 2013 >>> @@ -48,12 +48,13 @@ >>> <jaxrs:serviceBeans> >>> <ref bean="authzEndpoint"/> >>> <ref bean="tokenEndpoint"/> >>> + <ref bean="unauthenticatedTokenEndpoint"/> >>> </jaxrs:serviceBeans> >>> </jaxrs:server> >>> >>> - <bean id="authzEndpoint" >>> - >>> class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> >>> + <bean id="authzEndpoint" >>> class="org.apache.oltu.oauth2.integration.endpoints.AuthzEndpoint"/> >>> <bean id="tokenEndpoint" >>> class="org.apache.oltu.oauth2.integration.endpoints.TokenEndpoint"/> >>> + <bean id="unauthenticatedTokenEndpoint" >>> class="org.apache.oltu.oauth2.integration.endpoints.UnauthenticatedTokenEndpoint"/> >>> >>> <!--OAuth Client --> >>> <jaxrs:server id="oauthClient" >>> address="http://localhost:9002/auth/oauth2/";> >>> >>> >
