modify oauth scopes
This commit is contained in:
DOHA
@@ -28,8 +28,8 @@ app.controller('mainCtrl', function($scope,$resource,$http,$httpParamSerializer,
|
||||
$scope.foo = $scope.foos.get({fooId:$scope.foo.id});
|
||||
}
|
||||
|
||||
$scope.data = {grant_type:"password", username: "", password: "", client_id: "clientIdPassword"};
|
||||
$scope.encoded = btoa("clientIdPassword:secret");
|
||||
$scope.data = {grant_type:"password", username: "", password: "", client_id: "fooClientIdPassword"};
|
||||
$scope.encoded = btoa("fooClientIdPassword:secret");
|
||||
|
||||
var isLoginPage = window.location.href.indexOf("login") != -1;
|
||||
if(isLoginPage){
|
||||
|
||||
@@ -13,45 +13,76 @@ import com.jayway.restassured.response.Response;
|
||||
|
||||
public class AuthorizationLiveTest {
|
||||
|
||||
private String obtainAccessToken(String username, String password) {
|
||||
private String obtainAccessToken(String clientId, String username, String password) {
|
||||
final Map<String, String> params = new HashMap<String, String>();
|
||||
params.put("grant_type", "password");
|
||||
params.put("client_id", "clientIdPassword");
|
||||
params.put("client_id", clientId);
|
||||
params.put("username", username);
|
||||
params.put("password", password);
|
||||
final Response response = RestAssured.given().auth().preemptive().basic("clientIdPassword", "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
|
||||
final Response response = RestAssured.given().auth().preemptive().basic(clientId, "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
|
||||
return response.jsonPath().getString("access_token");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenUser_whenAccessFoosResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("john", "123");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenUser_whenUseFooClient_thenOkForFooResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("fooClientIdPassword", "john", "123");
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, fooResponse.getStatusCode());
|
||||
assertNotNull(fooResponse.jsonPath().get("name"));
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, barResponse.getStatusCode());
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(403, bazResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenUser_whenAccessBarssResource_thenUnauthorized() {
|
||||
final String accessToken = obtainAccessToken("john", "123");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, response.getStatusCode());
|
||||
public void givenUser_whenUseBarClient_thenOkForBarResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("barClientIdPassword", "john", "123");
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, barResponse.getStatusCode());
|
||||
assertNotNull(barResponse.jsonPath().get("name"));
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(403, fooResponse.getStatusCode());
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(403, bazResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenAdmin_whenAccessFoosResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("tom", "111");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenAdmin_whenUseFooClient_thenOkForFooAndBazResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("fooClientIdPassword", "tom", "111");
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, fooResponse.getStatusCode());
|
||||
assertNotNull(fooResponse.jsonPath().get("name"));
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(200, bazResponse.getStatusCode());
|
||||
assertNotNull(bazResponse.jsonPath().get("name"));
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, barResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenAdmin_whenAccessBarssResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("tom", "111");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenAdmin_whenUseBarClient_thenOkForBarAndBazResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("barClientIdPassword", "tom", "111");
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, barResponse.getStatusCode());
|
||||
assertNotNull(barResponse.jsonPath().get("name"));
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(200, bazResponse.getStatusCode());
|
||||
assertNotNull(bazResponse.jsonPath().get("name"));
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(403, fooResponse.getStatusCode());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user