This repository has been archived by the owner on May 31, 2022. It is now read-only.
/
OAuth2ContextSetup.java
384 lines (335 loc) · 13.3 KB
/
OAuth2ContextSetup.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
/*
* Copyright 2006-2010 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.springframework.security.oauth2.client.test;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.HttpURLConnection;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.internal.AssumptionViolatedException;
import org.junit.internal.runners.statements.RunBefores;
import org.junit.rules.TestWatchman;
import org.junit.runners.model.FrameworkMethod;
import org.junit.runners.model.Statement;
import org.junit.runners.model.TestClass;
import org.springframework.beans.BeanUtils;
import org.springframework.core.env.Environment;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.ClassUtils;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestOperations;
/**
* <p>
* A rule that sets up an OAuth2 context for tests and makes the access token available inside a test method. In
* combination with the {@link OAuth2ContextConfiguration} annotation provides a number of different strategies for
* configuring an {@link OAuth2ProtectedResourceDetails} instance that will be used to create the OAuth2 context for
* tests. Example:
* </p>
*
* <pre>
* @OAuth2ContextConfiguration(ResourceOwnerPasswordProtectedResourceDetails.class)
* public class MyIntegrationTests implements RestTemplateHolder {
*
* @Rule
* public OAuth2ContextSetup context = OAuth2ContextSetup.withEnvironment(this, TestEnvironment.instance());
*
* @Test
* public void testSomethingWithClientCredentials() {
* // This call will be authenticated with the client credentials in MyClientDetailsResource
* getRestTemplate().getForObject("http://myserver/resource", String.class);
* }
*
* // This class is used to initialize the OAuth2 context for the test methods.
* static class MyClientDetailsResource extends ResourceOwnerPasswordProtectedResourceDetails {
* public MyClientDetailsResource(Environment environment) {
* ... do stuff with environment to initialize the password credentials
* }
* }
*
* }
* </pre>
*
* @see OAuth2ContextConfiguration
* @see BeforeOAuth2Context
*
* @author Dave Syer
*
*/
public class OAuth2ContextSetup extends TestWatchman {
private static Log logger = LogFactory.getLog(OAuth2ContextSetup.class);
private OAuth2ProtectedResourceDetails resource;
private OAuth2RestTemplate client;
private Map<String, String> parameters = new LinkedHashMap<String, String>();
private final RestTemplateHolder clientHolder;
private final TestAccounts testAccounts;
private OAuth2AccessToken accessToken;
private boolean initializeAccessToken = true;
private RestOperations savedClient;
private AccessTokenProvider accessTokenProvider;
private final Environment environment;
/**
* Create a new client that can inject an Environment into its protected resource details.
*
* @param clientHolder receives an OAuth2RestTemplate with the authenticated client for the duration of a test
* @param environment a Spring Environment that can be used to initialize the client
*
* @return a rule that wraps test methods in an OAuth2 context
*/
public static OAuth2ContextSetup withEnvironment(RestTemplateHolder clientHolder, Environment environment) {
return new OAuth2ContextSetup(clientHolder, null, environment);
}
/**
* Create a new client that can inject a {@link TestAccounts} instance into its protected resource details.
*
* @param clientHolder receives an OAuth2RestTemplate with the authenticated client for the duration of a test
* @param testAccounts a test account generator that can be used to initialize the client
*
* @return a rule that wraps test methods in an OAuth2 context
*/
public static OAuth2ContextSetup withTestAccounts(RestTemplateHolder clientHolder, TestAccounts testAccounts) {
return new OAuth2ContextSetup(clientHolder, testAccounts, null);
}
/**
* Create a new client that knows how to create its protected resource with no externalization help. Typically it
* will use resource details which accept an instance of the current test case (downcasting it from Object). For
* example
*
* <pre>
* static class MyClientDetailsResource extends ClientCredentialsProtectedResourceDetails {
* public MyClientDetailsResource(Object target) {
* MyIntegrationTests test = (MyIntegrationTests) target;
* ... do stuff with test instance to initialize the client credentials
* }
* }
* </pre>
*
* @param clientHolder receives an OAuth2RestTemplate with the authenticated client for the duration of a test
*
* @return a rule that wraps test methods in an OAuth2 context
*/
public static OAuth2ContextSetup standard(RestTemplateHolder clientHolder) {
return new OAuth2ContextSetup(clientHolder, null, null);
}
private OAuth2ContextSetup(RestTemplateHolder clientHolder, TestAccounts testAccounts, Environment environment) {
this.clientHolder = clientHolder;
this.testAccounts = testAccounts;
this.environment = environment;
}
@Override
public Statement apply(Statement base, FrameworkMethod method, Object target) {
initializeIfNecessary(method, target);
return super.apply(base, method, target);
}
@Override
public void starting(FrameworkMethod method) {
if (resource != null) {
logger.info("Starting OAuth2 context for: " + resource);
AccessTokenRequest request = new DefaultAccessTokenRequest();
request.setAll(parameters);
client = createRestTemplate(resource, request);
if (initializeAccessToken) {
this.accessToken = null;
this.accessToken = getAccessToken();
}
savedClient = clientHolder.getRestTemplate();
clientHolder.setRestTemplate(client);
}
}
@Override
public void finished(FrameworkMethod method) {
if (resource != null) {
logger.info("Ending OAuth2 context for: " + resource);
if (savedClient != null) {
clientHolder.setRestTemplate(savedClient);
}
}
}
public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) {
this.accessTokenProvider = accessTokenProvider;
}
public void setParameters(Map<String, String> parameters) {
this.parameters = parameters;
}
/**
* Get the current access token. Should be available inside a test method as long as a resource has been setup with
* {@link OAuth2ContextConfiguration @OAuth2ContextConfiguration}.
*
* @return the current access token initializing it if necessary
*/
public OAuth2AccessToken getAccessToken() {
if (resource == null || client == null) {
return null;
}
if (accessToken != null) {
return accessToken;
}
try {
if (accessTokenProvider != null) {
client.setAccessTokenProvider(accessTokenProvider);
}
return client.getAccessToken();
}
catch (OAuth2AccessDeniedException e) {
Throwable cause = e.getCause();
if (cause instanceof RuntimeException) {
throw (RuntimeException) cause;
}
if (cause instanceof Error) {
throw (Error) cause;
}
throw e;
}
}
/**
* @return the client template
*/
public OAuth2RestTemplate getRestTemplate() {
return client;
}
/**
* @return the current client resource details
*/
public OAuth2ProtectedResourceDetails getResource() {
return resource;
}
/**
* @return the current access token request
*/
public AccessTokenRequest getAccessTokenRequest() {
return client.getOAuth2ClientContext().getAccessTokenRequest();
}
/**
* @return the current OAuth2 context
*/
public OAuth2ClientContext getOAuth2ClientContext() {
return client.getOAuth2ClientContext();
}
private void initializeIfNecessary(FrameworkMethod method, final Object target) {
final TestClass testClass = new TestClass(target.getClass());
OAuth2ContextConfiguration contextConfiguration = findOAuthContextConfiguration(method, testClass);
if (contextConfiguration == null) {
// Nothing to do
return;
}
this.initializeAccessToken = contextConfiguration.initialize();
this.resource = creatResource(target, contextConfiguration);
final List<FrameworkMethod> befores = testClass.getAnnotatedMethods(BeforeOAuth2Context.class);
if (!befores.isEmpty()) {
logger.debug("Running @BeforeOAuth2Context methods");
for (FrameworkMethod before : befores) {
RestOperations savedServerClient = clientHolder.getRestTemplate();
OAuth2ContextConfiguration beforeConfiguration = findOAuthContextConfiguration(before, testClass);
if (beforeConfiguration != null) {
OAuth2ProtectedResourceDetails resource = creatResource(target, beforeConfiguration);
AccessTokenRequest beforeRequest = new DefaultAccessTokenRequest();
beforeRequest.setAll(parameters);
OAuth2RestTemplate client = createRestTemplate(resource, beforeRequest);
clientHolder.setRestTemplate(client);
}
AccessTokenRequest request = new DefaultAccessTokenRequest();
request.setAll(parameters);
this.client = createRestTemplate(this.resource, request);
List<FrameworkMethod> list = Arrays.asList(before);
try {
new RunBefores(new Statement() {
public void evaluate() {
}
}, list, target).evaluate();
}
catch (AssumptionViolatedException e) {
throw e;
}
catch (RuntimeException e) {
throw e;
}
catch (Throwable e) {
logger.debug("Exception in befores", e);
Assert.assertThat(e, CoreMatchers.not(CoreMatchers.anything()));
}
finally {
clientHolder.setRestTemplate(savedServerClient);
}
}
}
}
private OAuth2RestTemplate createRestTemplate(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) {
OAuth2ClientContext context = new DefaultOAuth2ClientContext(request);
OAuth2RestTemplate client = new OAuth2RestTemplate(resource, context);
client.setRequestFactory(new SimpleClientHttpRequestFactory() {
@Override
protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
super.prepareConnection(connection, httpMethod);
connection.setInstanceFollowRedirects(false);
}
});
client.setErrorHandler(new ResponseErrorHandler() {
// Pass errors through in response entity for status code analysis
public boolean hasError(ClientHttpResponse response) throws IOException {
return false;
}
public void handleError(ClientHttpResponse response) throws IOException {
}
});
if (accessTokenProvider != null) {
client.setAccessTokenProvider(accessTokenProvider);
}
return client;
}
private OAuth2ProtectedResourceDetails creatResource(Object target, OAuth2ContextConfiguration contextLoader) {
Class<? extends OAuth2ProtectedResourceDetails> type = contextLoader.value();
if (type == OAuth2ProtectedResourceDetails.class) {
type = contextLoader.resource();
}
Constructor<? extends OAuth2ProtectedResourceDetails> constructor = ClassUtils.getConstructorIfAvailable(type,
TestAccounts.class);
if (constructor != null && testAccounts != null) {
return BeanUtils.instantiateClass(constructor, testAccounts);
}
constructor = ClassUtils.getConstructorIfAvailable(type, Environment.class);
if (constructor != null && environment != null) {
return BeanUtils.instantiateClass(constructor, environment);
}
constructor = ClassUtils.getConstructorIfAvailable(type, Object.class);
if (constructor != null) {
return BeanUtils.instantiateClass(constructor, target);
}
// Fallback to default constructor
return BeanUtils.instantiate(type);
}
private OAuth2ContextConfiguration findOAuthContextConfiguration(FrameworkMethod method, TestClass testClass) {
OAuth2ContextConfiguration methodConfiguration = method.getAnnotation(OAuth2ContextConfiguration.class);
if (methodConfiguration != null) {
return methodConfiguration;
}
if (testClass.getJavaClass().isAnnotationPresent(OAuth2ContextConfiguration.class)) {
return testClass.getJavaClass().getAnnotation(OAuth2ContextConfiguration.class);
}
return null;
}
}