- test cases

src/community/security/oauth2-google/pom.xml

@@ -53,5 +53,20 @@
 			<artifactId>easymockclassextension</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-library</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-core</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>

src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2SecurityConfiguration.java

@@ -23,35 +23,29 @@
 /**
  * Google specific REST remplates for OAuth2 protocol.
  * <p>
- * First of all the user must create an API key through the Google API
- * Credentials <br/>
- * See:
- * <string>https://console.developers.google.com/apis/credentials/oauthclient
- * </strong>
+ * First of all the user must create an API key through the Google API Credentials <br/>
+ * See: <string>https://console.developers.google.com/apis/credentials/oauthclient </strong>
  * </p>
  * <p>
  * The procedure will provide a new <b>Client ID</b> and <b>Client Secret</b>
  * </p>
  * <p>
- * Also the user must specify the <b>Authorized redirect URIs</b> pointing to
- * the GeoServer instances <br/>
+ * Also the user must specify the <b>Authorized redirect URIs</b> pointing to the GeoServer instances <br/>
  * Example:
  * <ul>
  * <li>http://localhost:8080/geoserver</li>
  * <li>http://localhost:8080/geoserver/</li>
  * </ul>
  * </p>
  * <p>
- * The Google OAuth2 Filter Endpoint will automatically redirect the users to an
- * URL like the following one at first login <br/>
+ * The Google OAuth2 Filter Endpoint will automatically redirect the users to an URL like the following one at first login <br/>
  * <br/>
  * <code>
  * https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=my_client_id&redirect_uri=http://localhost:8080/geoserver&scope=https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile
  * </code>
  * </p>
  * <p>
- * Tipically a correct configuration for the Google OAuth2 Provider is like the
- * following:
+ * Tipically a correct configuration for the Google OAuth2 Provider is like the following:
  * </p>
  * <ul>
  * <li>Cliend Id: <b>my_client_id</b></li>
@@ -70,26 +64,28 @@
 @EnableOAuth2Client
 class GoogleOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfiguration {
 
-	/**
-	 * Must have "session" scope
-	 */
-	@Bean
-	@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
-	public OAuth2RestTemplate geoServerOauth2RestTemplate() {
+    /**
+     * Must have "session" scope
+     */
+    @Bean
+    @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
+    public OAuth2RestTemplate geoServerOauth2RestTemplate() {
 
-		OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(geoServerOAuth2Resource(),
-				new DefaultOAuth2ClientContext(accessTokenRequest));
+        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(geoServerOAuth2Resource(),
+                new DefaultOAuth2ClientContext(getAccessTokenRequest()));
 
-		AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider = new AuthorizationCodeAccessTokenProvider();
-		authorizationCodeAccessTokenProvider.setStateMandatory(false);
+        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider = new AuthorizationCodeAccessTokenProvider();
+        authorizationCodeAccessTokenProvider.setStateMandatory(false);
 
-		AccessTokenProvider accessTokenProviderChain = new AccessTokenProviderChain(Arrays.<AccessTokenProvider> asList(
-				authorizationCodeAccessTokenProvider, new ImplicitAccessTokenProvider(),
-				new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));
+        AccessTokenProvider accessTokenProviderChain = new AccessTokenProviderChain(
+                Arrays.<AccessTokenProvider> asList(authorizationCodeAccessTokenProvider,
+                        new ImplicitAccessTokenProvider(),
+                        new ResourceOwnerPasswordAccessTokenProvider(),
+                        new ClientCredentialsAccessTokenProvider()));
 
-		oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
+        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
 
-		return oAuth2RestTemplate;
-	}
+        return oAuth2RestTemplate;
+    }
 
 }

src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/services/GoogleAccessTokenConverter.java

@@ -25,52 +25,51 @@
  */
 public class GoogleAccessTokenConverter extends DefaultAccessTokenConverter {
 
-	private UserAuthenticationConverter userTokenConverter;
+    private UserAuthenticationConverter userTokenConverter;
 
-	public GoogleAccessTokenConverter() {
-		final DefaultUserAuthenticationConverter defaultUserAuthConverter = 
-				new GoogleUserAuthenticationConverter("email");
-		setUserTokenConverter(defaultUserAuthConverter);
-	}
+    public GoogleAccessTokenConverter() {
+        final DefaultUserAuthenticationConverter defaultUserAuthConverter = new GoogleUserAuthenticationConverter(
+                "email");
+        setUserTokenConverter(defaultUserAuthConverter);
+    }
 
-	/**
-	 * Converter for the part of the data in the token representing a user.
-	 *
-	 * @param userTokenConverter
-	 *            the userTokenConverter to set
-	 */
-	public final void setUserTokenConverter(UserAuthenticationConverter userTokenConverter) {
-		this.userTokenConverter = userTokenConverter;
-		super.setUserTokenConverter(userTokenConverter);
-	}
+    /**
+     * Converter for the part of the data in the token representing a user.
+     *
+     * @param userTokenConverter the userTokenConverter to set
+     */
+    public final void setUserTokenConverter(UserAuthenticationConverter userTokenConverter) {
+        this.userTokenConverter = userTokenConverter;
+        super.setUserTokenConverter(userTokenConverter);
+    }
 
-	@Override
-	public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
-		Map<String, String> parameters = new HashMap<>();
-		Set<String> scope = parseScopes(map);
-		Authentication user = userTokenConverter.extractAuthentication(map);
-		String clientId = (String) map.get(CLIENT_ID);
-		parameters.put(CLIENT_ID, clientId);
-		Set<String> resourceIds = new LinkedHashSet<>(
-				map.containsKey(AUD) ? (Collection<String>) map.get(AUD) : Collections.<String> emptySet());
-		OAuth2Request request = new OAuth2Request(parameters, clientId, null, true, scope, resourceIds, null, null,
-				null);
-		return new OAuth2Authentication(request, user);
-	}
+    @Override
+    public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
+        Map<String, String> parameters = new HashMap<>();
+        Set<String> scope = parseScopes(map);
+        Authentication user = userTokenConverter.extractAuthentication(map);
+        String clientId = (String) map.get(CLIENT_ID);
+        parameters.put(CLIENT_ID, clientId);
+        Set<String> resourceIds = new LinkedHashSet<>(map.containsKey(AUD)
+                ? (Collection<String>) map.get(AUD) : Collections.<String> emptySet());
+        OAuth2Request request = new OAuth2Request(parameters, clientId, null, true, scope,
+                resourceIds, null, null, null);
+        return new OAuth2Authentication(request, user);
+    }
 
-	private Set<String> parseScopes(Map<String, ?> map) {
-		// Parsing of scopes coming back from Google are slightly different from
-		// the default implementation. Instead of it being a collection it is a
-		// String where multiple scopes are separated by a space.
-		Object scopeAsObject = map.containsKey(SCOPE) ? map.get(SCOPE) : "";
-		Set<String> scope = new LinkedHashSet<>();
-		if (String.class.isAssignableFrom(scopeAsObject.getClass())) {
-			String scopeAsString = (String) scopeAsObject;
-			Collections.addAll(scope, scopeAsString.split(" "));
-		} else if (Collection.class.isAssignableFrom(scopeAsObject.getClass())) {
-			Collection<String> scopes = (Collection<String>) scopeAsObject;
-			scope.addAll(scopes);
-		}
-		return scope;
-	}
+    private Set<String> parseScopes(Map<String, ?> map) {
+        // Parsing of scopes coming back from Google are slightly different from
+        // the default implementation. Instead of it being a collection it is a
+        // String where multiple scopes are separated by a space.
+        Object scopeAsObject = map.containsKey(SCOPE) ? map.get(SCOPE) : "";
+        Set<String> scope = new LinkedHashSet<>();
+        if (String.class.isAssignableFrom(scopeAsObject.getClass())) {
+            String scopeAsString = (String) scopeAsObject;
+            Collections.addAll(scope, scopeAsString.split(" "));
+        } else if (Collection.class.isAssignableFrom(scopeAsObject.getClass())) {
+            Collection<String> scopes = (Collection<String>) scopeAsObject;
+            scope.addAll(scopes);
+        }
+        return scope;
+    }
 }

src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/services/GoogleTokenServices.java

@@ -33,7 +33,7 @@
 public class GoogleTokenServices extends GeoServerOAuthRemoteTokenServices {
 
     public GoogleTokenServices() {
-    	tokenConverter = new GoogleAccessTokenConverter();
+        tokenConverter = new GoogleAccessTokenConverter();
         restTemplate = new RestTemplate();
         ((RestTemplate) restTemplate).setErrorHandler(new DefaultResponseErrorHandler() {
             @Override
@@ -47,7 +47,8 @@ public void handleError(ClientHttpResponse response) throws IOException {
     }
 
     @Override
-    public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException {
+    public OAuth2Authentication loadAuthentication(String accessToken)
+            throws AuthenticationException, InvalidTokenException {
         Map<String, Object> checkTokenResponse = checkToken(accessToken);
 
         if (checkTokenResponse.containsKey("error")) {
@@ -57,7 +58,8 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
 
         transformNonStandardValuesToStandardValues(checkTokenResponse);
 
-        Assert.state(checkTokenResponse.containsKey("client_id"), "Client id must be present in response from auth server");
+        Assert.state(checkTokenResponse.containsKey("client_id"),
+                "Client id must be present in response from auth server");
         return tokenConverter.extractAuthentication(checkTokenResponse);
     }
 
@@ -66,7 +68,8 @@ private Map<String, Object> checkToken(String accessToken) {
         formData.add("token", accessToken);
         HttpHeaders headers = new HttpHeaders();
         headers.set("Authorization", getAuthorizationHeader(clientId, clientSecret));
-        String accessTokenUrl = new StringBuilder(checkTokenEndpointUrl).append("?access_token=").append(accessToken).toString();
+        String accessTokenUrl = new StringBuilder(checkTokenEndpointUrl).append("?access_token=")
+                .append(accessToken).toString();
         return postForMap(accessTokenUrl, formData, headers);
     }
 
@@ -86,11 +89,15 @@ private String getAuthorizationHeader(String clientId, String clientSecret) {
         }
     }
 
-    private Map<String, Object> postForMap(String path, MultiValueMap<String, String> formData, HttpHeaders headers) {
+    private Map<String, Object> postForMap(String path, MultiValueMap<String, String> formData,
+            HttpHeaders headers) {
         if (headers.getContentType() == null) {
             headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
         }
-        ParameterizedTypeReference<Map<String, Object>> map = new ParameterizedTypeReference<Map<String, Object>>() {};
-        return restTemplate.exchange(path, HttpMethod.POST, new HttpEntity<>(formData, headers), map).getBody();
+        ParameterizedTypeReference<Map<String, Object>> map = new ParameterizedTypeReference<Map<String, Object>>() {
+        };
+        return restTemplate
+                .exchange(path, HttpMethod.POST, new HttpEntity<>(formData, headers), map)
+                .getBody();
     }
 }

src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/services/GoogleUserAuthenticationConverter.java

@@ -17,24 +17,24 @@
  */
 public class GoogleUserAuthenticationConverter extends DefaultUserAuthenticationConverter {
 
-	private static Object USERNAME_KEY = USERNAME;
-	
-	/**
-	 * Default Constructor.
-	 * 
-	 * @param username_key
-	 */
-	public GoogleUserAuthenticationConverter(String username_key) {
-		super();
-		
-		USERNAME_KEY = username_key;
-	}
-	
-	@Override
-	public Authentication extractAuthentication(Map<String, ?> map) {
-		if (map.containsKey(USERNAME_KEY)) {
-			return new UsernamePasswordAuthenticationToken(map.get(USERNAME_KEY), "N/A", null);
-		}
-		return null;
-	}
+    private static Object USERNAME_KEY = USERNAME;
+
+    /**
+     * Default Constructor.
+     * 
+     * @param username_key
+     */
+    public GoogleUserAuthenticationConverter(String username_key) {
+        super();
+
+        USERNAME_KEY = username_key;
+    }
+
+    @Override
+    public Authentication extractAuthentication(Map<String, ?> map) {
+        if (map.containsKey(USERNAME_KEY)) {
+            return new UsernamePasswordAuthenticationToken(map.get(USERNAME_KEY), "N/A", null);
+        }
+        return null;
+    }
 }