Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[cfid-283] Remove dependencies on scim from lower level packages

I think SCIM could be extracted into its own library at this point.  Let's try and keep
it that way.

[Fixes #39073217] [cfid-283] Remove cycles between authentication, audit and event packages in uaa

Change-Id: I8a407100c209d2b3958df086ecb2f1c3adb0ee79
  • Loading branch information...
commit 3579d4feadbdbad1acec8838cb9c7273ec473d03 1 parent 2a5e049
@dsyer dsyer authored
View
45 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenAdminEndpoints.java
@@ -19,9 +19,6 @@
import java.util.Map;
import org.cloudfoundry.identity.uaa.message.SimpleMessage;
-import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
-import org.cloudfoundry.identity.uaa.scim.ScimUser;
-import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -40,7 +37,6 @@
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
/**
@@ -53,24 +49,18 @@
private ConsumerTokenServices tokenServices;
- private ScimUserProvisioning scimProvisioning;
-
private PasswordEncoder encoder = new StandardPasswordEncoder();
- @RequestMapping("/oauth/users/{user}/tokens")
+ @RequestMapping("/oauth/users/{username}/tokens")
@ResponseBody
- public Collection<OAuth2AccessToken> listTokensForUser(@PathVariable String user, Principal principal,
- @RequestParam(required = false, defaultValue = "true") boolean lookup) throws Exception {
- String username = lookup ? getUserName(user) : user;
+ public Collection<OAuth2AccessToken> listTokensForUser(@PathVariable String username, Principal principal) throws Exception {
checkResourceOwner(username, principal);
return enhance(tokenServices.findTokensByUserName(username));
}
- @RequestMapping(value = "/oauth/users/{user}/tokens/{token}", method = RequestMethod.DELETE)
+ @RequestMapping(value = "/oauth/users/{username}/tokens/{token}", method = RequestMethod.DELETE)
@ResponseBody
- public SimpleMessage revokeUserToken(@PathVariable String user, @PathVariable String token, Principal principal,
- @RequestParam(required = false, defaultValue = "true") boolean lookup) throws Exception {
- String username = lookup ? getUserName(user) : user;
+ public SimpleMessage revokeUserToken(@PathVariable String username, @PathVariable String token, Principal principal) throws Exception {
checkResourceOwner(username, principal);
String tokenValue = getTokenValue(tokenServices.findTokensByUserName(username), token);
if (tokenValue != null && tokenServices.revokeToken(tokenValue)) {
@@ -104,26 +94,6 @@ public SimpleMessage revokeClientToken(@PathVariable String client, @PathVariabl
return new ResponseEntity<Void>(HttpStatus.NOT_FOUND);
}
- private String getUserName(String user) {
- if (scimProvisioning == null) {
- return user;
- }
- String username = user;
- try {
- if (scimProvisioning != null) {
- // If the request came in for a user by id we should be able to retrieve the username
- ScimUser scimUser = scimProvisioning.retrieveUser(username);
- if (scimUser != null) {
- username = scimUser.getUserName();
- }
- }
- }
- catch (ScimResourceNotFoundException e) {
- // ignore
- }
- return username;
- }
-
private String getTokenValue(Collection<OAuth2AccessToken> tokens, String hash) {
for (OAuth2AccessToken token : tokens) {
try {
@@ -201,11 +171,4 @@ public void setTokenServices(ConsumerTokenServices tokenServices) {
this.tokenServices = tokenServices;
}
- /**
- * @param scimProvisioning the scimProvisioning to set
- */
- public void setScimUserProvisioning(ScimUserProvisioning scimProvisioning) {
- this.scimProvisioning = scimProvisioning;
- }
-
}
View
2  ...dentity/uaa/config/HandlerAdapterFactoryBean.java → ...uaa/scim/endpoints/HandlerAdapterFactoryBean.java
@@ -10,7 +10,7 @@
* subcomponents is subject to the terms and conditions of the
* subcomponent's license, as noted in the LICENSE file.
*/
-package org.cloudfoundry.identity.uaa.config;
+package org.cloudfoundry.identity.uaa.scim.endpoints;
import java.io.IOException;
import java.util.Arrays;
View
4 ...dentity/uaa/openid/UserIdConversionEndpoints.java → ...uaa/scim/endpoints/UserIdConversionEndpoints.java
@@ -11,7 +11,7 @@
* subcomponent's license, as noted in the LICENSE file.
*/
-package org.cloudfoundry.identity.uaa.openid;
+package org.cloudfoundry.identity.uaa.scim.endpoints;
import java.util.HashSet;
import java.util.Set;
@@ -23,8 +23,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
-import org.cloudfoundry.identity.uaa.scim.endpoints.SearchResults;
-import org.cloudfoundry.identity.uaa.scim.endpoints.ScimUserEndpoints;
import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.springframework.beans.factory.InitializingBean;
View
116 common/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdInjector.java
@@ -0,0 +1,116 @@
+/*
+ * Cloud Foundry 2012.02.03 Beta
+ * Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+ *
+ * This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ * You may not use this product except in compliance with the License.
+ *
+ * This product includes a number of subcomponents with
+ * separate copyright notices and license terms. Your use of these
+ * subcomponents is subject to the terms and conditions of the
+ * subcomponent's license, as noted in the LICENSE file.
+ */
+
+package org.cloudfoundry.identity.uaa.scim.endpoints;
+
+import java.util.List;
+
+import org.aopalliance.intercept.MethodInterceptor;
+import org.aopalliance.intercept.MethodInvocation;
+import org.cloudfoundry.identity.uaa.scim.ScimUser;
+import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
+import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.util.Assert;
+
+/**
+ * Convenience aspect for converting user ids to user names (or vice versa) and injecting the result into the
+ * intercepted method call. Using this makes the conversion transparent to callers but it only makes sense where the
+ * SCIM features are available (i.e. the UAA controls its own user accounts).
+ *
+ * @author Dave Syer
+ *
+ */
+public class UserIdInjector implements MethodInterceptor, InitializingBean {
+
+ public static enum Mode {
+ ID_TO_NAME,
+ NAME_TO_ID
+ }
+
+ private ScimUserProvisioning scimUserProvisioning;
+
+ private int inputIndex = 0;
+
+ private Mode mode = Mode.ID_TO_NAME;
+
+ boolean lookup = false;
+
+ @Override
+ public void afterPropertiesSet() throws Exception {
+ Assert.state(scimUserProvisioning!=null, "ScimUserProvisioning must be provided");
+ }
+
+ /**
+ * @param inputIndex the index of the incoming args that may need to be converted
+ */
+ public void setInputIndex(int inputIndex) {
+ this.inputIndex = inputIndex;
+ }
+
+ /**
+ * @param scimUserProvisioning the scimUserProvisioning to set
+ */
+ public void setScimUserProvisioning(ScimUserProvisioning scimUserProvisioning) {
+ this.scimUserProvisioning = scimUserProvisioning;
+ }
+
+ /**
+ * @param lookup the flag to set
+ */
+ public void setLookup(boolean lookup) {
+ this.lookup = lookup;
+ }
+
+ @Override
+ public Object invoke(MethodInvocation invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ if (!lookup || !(args[inputIndex] instanceof String)) {
+ return invocation.proceed();
+ }
+ String result = (String) args[inputIndex];
+ if (mode == Mode.NAME_TO_ID) {
+ result = getUserId(result);
+ } else {
+ result = getUserName(result);
+ }
+ args[inputIndex] = result;
+ return invocation.proceed();
+ }
+
+ private String getUserName(String userId) {
+ String userName = userId;
+ try {
+ // If the request came in for a user by id we should be able to retrieve the userName
+ ScimUser scimUser = scimUserProvisioning.retrieveUser(userName);
+ if (scimUser != null) {
+ userName = scimUser.getUserName();
+ }
+ }
+ catch (ScimResourceNotFoundException e) {
+ // ignore
+ }
+ return userName;
+ }
+
+ private String getUserId(String userName) {
+ String userId = userName;
+ List<ScimUser> users = scimUserProvisioning.retrieveUsers("userName eq '" + userName + "'");
+ if (!users.isEmpty()) {
+ // Assume the userName is unique
+ userId = users.get(0).getId();
+ }
+ return userId;
+ }
+
+}
View
61 common/src/main/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java
@@ -26,6 +26,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
+import org.codehaus.jackson.map.ObjectMapper;
import org.junit.rules.TestWatchman;
import org.junit.runners.model.FrameworkMethod;
import org.junit.runners.model.Statement;
@@ -60,6 +61,8 @@
private final UaaTestAccounts testAccounts;
+ private ScimUser user;
+
private static boolean initialized = false;
private TestAccountSetup(UrlHelper serverRunning, UaaTestAccounts testAccounts) {
@@ -77,12 +80,19 @@ public Statement apply(Statement base, FrameworkMethod method, Object target) {
return super.apply(base, method, target);
}
+ /**
+ * @return the user (if already created null oetherwise)
+ */
+ public ScimUser getUser() {
+ return user;
+ }
+
private void initializeIfNecessary(FrameworkMethod method, Object target) {
+ OAuth2ProtectedResourceDetails resource = testAccounts.getAdminClientCredentialsResource();
+ OAuth2RestTemplate client = createRestTemplate(resource, new DefaultAccessTokenRequest());
// Cache statically to save time on a test suite
if (!initialized) {
- OAuth2ProtectedResourceDetails resource = testAccounts.getAdminClientCredentialsResource();
logger.info("Checking user account context for server=" + resource.getAccessTokenUri());
- OAuth2RestTemplate client = createRestTemplate(resource, new DefaultAccessTokenRequest());
if (!scimClientExists(client)) {
createScimClient(client);
}
@@ -95,13 +105,11 @@ private void initializeIfNecessary(FrameworkMethod method, Object target) {
if (!tokenClientExists(client)) {
createTokenClient(client);
}
- resource = testAccounts.getClientCredentialsResource("oauth.clients.scim", "scim", "scimsecret");
- client = createRestTemplate(resource, new DefaultAccessTokenRequest());
- if (!userAccountExists(client)) {
- createUserAccount(client);
- }
initialized = true;
}
+ resource = testAccounts.getClientCredentialsResource("oauth.clients.scim", "scim", "scimsecret");
+ client = createRestTemplate(resource, new DefaultAccessTokenRequest());
+ initializeUserAccount(client);
}
private void createTokenClient(RestOperations client) {
@@ -164,26 +172,29 @@ private boolean appClientExists(RestOperations client) {
testAccounts.getClientCredentialsResource("oauth.clients.app", "app", "appclientsecret"));
}
- private void createUserAccount(RestOperations client) {
- ScimUser user = testAccounts.getUser();
- ResponseEntity<ScimUser> response = client.postForEntity(serverRunning.getUserUri(), user, ScimUser.class);
- Assert.state(response.getStatusCode() == HttpStatus.CREATED);
- }
+ private void initializeUserAccount(RestOperations client) {
+
+ if (this.user == null) {
+
+ ScimUser user = testAccounts.getUser();
+ @SuppressWarnings("rawtypes")
+ ResponseEntity<Map> results = client.getForEntity(serverRunning.getUserUri() + "?filter=userName eq '"
+ + user.getUserName() + "'", Map.class);
+ assertEquals(HttpStatus.OK, results.getStatusCode());
+ @SuppressWarnings("unchecked")
+ List<Map<String, ?>> resources = (List<Map<String, ?>>) results.getBody().get("resources");
+ if (!resources.isEmpty()) {
+ this.user = new ObjectMapper().convertValue(resources.get(0), ScimUser.class);
+ }
+ else {
+ ResponseEntity<ScimUser> response = client.postForEntity(serverRunning.getUserUri(), user,
+ ScimUser.class);
+ Assert.state(response.getStatusCode() == HttpStatus.CREATED);
+ this.user = response.getBody();
+ }
- private boolean userAccountExists(RestOperations client) {
- Map<?, ?> map = client.getForObject(
- serverRunning.getUsersUri() + "?filter=userName eq '" + testAccounts.getUserName() + "'", Map.class);
- Integer count = (Integer) map.get("totalResults");
- if (count == null) {
- throw new IllegalStateException("Null response from user exists query: " + map);
- }
- if (count > 1) {
- throw new IllegalStateException("More than one user already exists with the test user name.");
- }
- if (count == 1) {
- return true;
}
- return false;
+
}
private OAuth2RestTemplate createRestTemplate(OAuth2ProtectedResourceDetails resource,
View
34 common/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenAdminEndpointsTests.java
@@ -20,8 +20,6 @@
import java.util.Collections;
import org.cloudfoundry.identity.uaa.message.SimpleMessage;
-import org.cloudfoundry.identity.uaa.scim.ScimUser;
-import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.security.access.AccessDeniedException;
@@ -44,14 +42,11 @@
private ConsumerTokenServices tokenServices = Mockito.mock(ConsumerTokenServices.class);
- private ScimUserProvisioning scimProvisioning = Mockito.mock(ScimUserProvisioning.class);
-
private AuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(Collections.singletonMap(
"client_id", "foo"));
{
endpoints.setTokenServices(tokenServices);
- endpoints.setScimUserProvisioning(scimProvisioning);
}
@Test
@@ -59,7 +54,7 @@ public void testListTokensForOAuth2User() throws Exception {
Mockito.when(tokenServices.findTokensByUserName("marissa")).thenReturn(
Collections.<OAuth2AccessToken> singleton(new DefaultOAuth2AccessToken("FOO")));
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("marissa", new OAuth2Authentication(
- authorizationRequest, new TestingAuthenticationToken("marissa", "")), false);
+ authorizationRequest, new TestingAuthenticationToken("marissa", "")));
assertEquals(1, tokens.size());
assertNotNull(tokens.iterator().next().getAdditionalInformation().get(JwtTokenEnhancer.TOKEN_ID));
}
@@ -70,7 +65,7 @@ public void testListTokensForOAuth2UserWithClientId() throws Exception {
Collections.<OAuth2AccessToken> singleton(new DefaultOAuth2AccessToken("FOO")));
Mockito.when(tokenServices.getClientId("FOO")).thenReturn("foo");
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("marissa", new OAuth2Authentication(
- authorizationRequest, new TestingAuthenticationToken("marissa", "")), false);
+ authorizationRequest, new TestingAuthenticationToken("marissa", "")));
assertEquals(1, tokens.size());
assertNotNull(tokens.iterator().next().getAdditionalInformation().get(JwtTokenEnhancer.TOKEN_ID));
}
@@ -78,23 +73,14 @@ public void testListTokensForOAuth2UserWithClientId() throws Exception {
@Test
public void testListTokensForOAuth2UserByClient() throws Exception {
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("marissa", new OAuth2Authentication(
- authorizationRequest, null), false);
+ authorizationRequest, null));
assertEquals(0, tokens.size());
}
@Test
public void testListTokensForUser() throws Exception {
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("marissa", new TestingAuthenticationToken(
- "marissa", ""), false);
- assertEquals(0, tokens.size());
- }
-
- @Test
- public void testListTokensForUserId() throws Exception {
- Mockito.when(scimProvisioning.retrieveUser("12345")).thenReturn(
- new ScimUser("12345", "marissa", "Marissa", "Bloggs"));
- Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("12345", new TestingAuthenticationToken(
- "marissa", ""), true);
+ "marissa", ""));
assertEquals(0, tokens.size());
}
@@ -104,7 +90,7 @@ public void testRevokeTokenForUser() throws Exception {
Collections.<OAuth2AccessToken> singleton(new DefaultOAuth2AccessToken("FOO")));
Mockito.when(tokenServices.revokeToken("FOO")).thenReturn(true);
SimpleMessage result = endpoints.revokeUserToken("marissa", new StandardPasswordEncoder().encode("FOO"),
- new TestingAuthenticationToken("marissa", ""), false);
+ new TestingAuthenticationToken("marissa", ""));
assertEquals("ok", result.getStatus());
}
@@ -116,7 +102,7 @@ public void testRevokeTokenForUserWithTokenId() throws Exception {
Collections.<OAuth2AccessToken> singleton(token));
Mockito.when(tokenServices.revokeToken("FOO")).thenReturn(true);
SimpleMessage result = endpoints.revokeUserToken("marissa", "BAR", new TestingAuthenticationToken(
- "marissa", ""), false);
+ "marissa", ""));
assertEquals("ok", result.getStatus());
}
@@ -125,28 +111,28 @@ public void testRevokeInvalidTokenForUser() throws Exception {
OAuth2AccessToken token = new DefaultOAuth2AccessToken("BAR");
Mockito.when(tokenServices.findTokensByUserName("marissa")).thenReturn(Collections.singleton(token));
SimpleMessage result = endpoints.revokeUserToken("marissa", "FOO", new TestingAuthenticationToken(
- "marissa", ""), false);
+ "marissa", ""));
assertEquals("ok", result.getStatus());
}
@Test(expected=NoSuchTokenException.class)
public void testRevokeNullTokenForUser() throws Exception {
SimpleMessage result = endpoints.revokeUserToken("marissa", null, new TestingAuthenticationToken("marissa",
- ""), false);
+ ""));
assertEquals("ok", result.getStatus());
}
@Test(expected = AccessDeniedException.class)
public void testListTokensForWrongUser() throws Exception {
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("barry", new TestingAuthenticationToken(
- "marissa", ""), false);
+ "marissa", ""));
assertEquals(0, tokens.size());
}
@Test(expected = AccessDeniedException.class)
public void testListTokensForWrongOAuth2User() throws Exception {
Collection<OAuth2AccessToken> tokens = endpoints.listTokensForUser("barry", new OAuth2Authentication(
- authorizationRequest, new TestingAuthenticationToken("marissa", "")), false);
+ authorizationRequest, new TestingAuthenticationToken("marissa", "")));
assertEquals(0, tokens.size());
}
View
3  ...ty/uaa/config/HandlerAdapterFactoryBeanTests.java → ...cim/endpoints/HandlerAdapterFactoryBeanTests.java
@@ -8,10 +8,11 @@
* subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file.
*/
-package org.cloudfoundry.identity.uaa.config;
+package org.cloudfoundry.identity.uaa.scim.endpoints;
import static org.junit.Assert.assertNotNull;
+import org.cloudfoundry.identity.uaa.scim.endpoints.HandlerAdapterFactoryBean;
import org.junit.Test;
import org.springframework.context.support.GenericApplicationContext;
View
3  ...ty/uaa/openid/UserIdConversionEndpointsTests.java → ...cim/endpoints/UserIdConversionEndpointsTests.java
@@ -11,13 +11,14 @@
* subcomponent's license, as noted in the LICENSE file.
*/
-package org.cloudfoundry.identity.uaa.openid;
+package org.cloudfoundry.identity.uaa.scim.endpoints;
import static org.junit.internal.matchers.StringContains.containsString;
import java.util.Collection;
import org.cloudfoundry.identity.uaa.scim.endpoints.ScimUserEndpoints;
+import org.cloudfoundry.identity.uaa.scim.endpoints.UserIdConversionEndpoints;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor;
import org.junit.Before;
View
4 uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
@@ -51,7 +51,7 @@
</bean>
<!-- Add a handler adapter with special knowledge of the ScimUser endpoints -->
- <bean class="org.cloudfoundry.identity.uaa.config.HandlerAdapterFactoryBean" />
+ <bean class="org.cloudfoundry.identity.uaa.scim.endpoints.HandlerAdapterFactoryBean" />
<util:map id="exceptionToStatusMap" key-type="java.lang.Class" value-type="org.springframework.http.HttpStatus">
<entry key="org.springframework.dao.DataIntegrityViolationException" value="BAD_REQUEST" />
@@ -134,7 +134,7 @@
<constructor-arg value="${scim.userids_enabled:false}" />
</bean>
- <bean id="idConversionEndpoints" class="org.cloudfoundry.identity.uaa.openid.UserIdConversionEndpoints">
+ <bean id="idConversionEndpoints" class="org.cloudfoundry.identity.uaa.scim.endpoints.UserIdConversionEndpoints">
<property name="scimUserEndpoints" ref="scimUserEndpoints" />
<property name="enabled" ref="userIdsEnabled" />
</bean>
View
27 uaa/src/main/webapp/WEB-INF/spring/token-admin-endpoints.xml
@@ -1,17 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Cloud Foundry 2012.02.03 Beta Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved. This product is licensed to
- you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.
- This product includes a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents
+<!-- Cloud Foundry 2012.02.03 Beta Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved. This product is licensed to
+ you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License.
+ This product includes a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents
is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. -->
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
- xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+ http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
- <http name="tokenAdminSecurity" pattern="/oauth/(users|clients)/(.*?)/tokens.*" request-matcher="regex" create-session="stateless"
- entry-point-ref="oauthAuthenticationEntryPoint" use-expressions="true" authentication-manager-ref="emptyAuthenticationManager"
- xmlns="http://www.springframework.org/schema/security">
+ <http name="tokenAdminSecurity" pattern="/oauth/(users|clients)/(.*?)/tokens.*" request-matcher="regex"
+ create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint" use-expressions="true"
+ authentication-manager-ref="emptyAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/users/([^/].*?)/tokens/.*" access="hasRole('uaa.admin') or (#oauth2.isUser() and #oauth2.hasScope('tokens.write'))"
method="DELETE" />
<intercept-url pattern="/oauth/users/.*" access="hasRole('uaa.admin') or (#oauth2.isUser() and #oauth2.hasScope('tokens.read'))"
@@ -30,7 +33,17 @@
<bean id="tokenAdminEndpoints" class="org.cloudfoundry.identity.uaa.oauth.TokenAdminEndpoints">
<property name="tokenServices" ref="tokenServices" />
+ </bean>
+
+ <bean id="userIdInjector" class="org.cloudfoundry.identity.uaa.scim.endpoints.UserIdInjector" scope="request">
+ <aop:scoped-proxy proxy-target-class="true" />
+ <property name="inputIndex" value="0" />
<property name="scimUserProvisioning" ref="scimUserProvisioning" />
+ <property name="lookup" value="#{request.getParameter('lookup')!=null and request.getParameter('lookup')}" />
</bean>
+ <aop:config proxy-target-class="true">
+ <aop:advisor advice-ref="userIdInjector" pointcut="execution(* *..TokenAdminEndpoints.*User*(..)) and bean(tokenAdminEndpoints)" />
+ </aop:config>
+
</beans>
View
10 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/TokenAdminEndpointsIntegrationTests.java
@@ -69,6 +69,16 @@ public void testListTokensByUser() throws Exception {
@Test
@OAuth2ContextConfiguration(resource = TokenResourceOwnerPassword.class)
+ public void testListTokensByUserId() throws Exception {
+
+ ResponseEntity<String> result = serverRunning.getForString("/oauth/users/" + testAccountSetup.getUser().getId()
+ + "/tokens?lookup=true");
+ assertEquals(HttpStatus.OK, result.getStatusCode());
+ assertTrue(result.getBody().contains(context.getAccessToken().getValue()));
+ }
+
+ @Test
+ @OAuth2ContextConfiguration(resource = TokenResourceOwnerPassword.class)
public void testRevokeTokenByUser() throws Exception {
OAuth2AccessToken token = context.getAccessToken();
Please sign in to comment.
Something went wrong with that request. Please try again.