Java tutorial
/** * personium.io * Copyright 2014 FUJITSU LIMITED * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package io.personium.test.jersey.cell.auth; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.IOException; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.ws.rs.core.MediaType; import org.apache.http.HttpHeaders; import org.apache.http.HttpStatus; import org.apache.http.cookie.Cookie; import org.json.simple.JSONObject; import org.junit.After; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import com.sun.jersey.test.framework.JerseyTest; import com.sun.org.apache.xerces.internal.parsers.DOMParser; import io.personium.common.auth.token.AbstractOAuth2Token; import io.personium.common.auth.token.AbstractOAuth2Token.TokenDsigException; import io.personium.common.auth.token.AbstractOAuth2Token.TokenParseException; import io.personium.common.auth.token.AbstractOAuth2Token.TokenRootCrtException; import io.personium.common.auth.token.AccountAccessToken; import io.personium.common.auth.token.CellLocalAccessToken; import io.personium.common.auth.token.CellLocalRefreshToken; import io.personium.common.auth.token.TransCellAccessToken; import io.personium.common.auth.token.UnitLocalUnitUserToken; import io.personium.core.PersoniumCoreMessageUtils; import io.personium.core.PersoniumUnitConfig; import io.personium.core.auth.OAuth2Helper; import io.personium.core.model.lock.LockManager; import io.personium.core.rs.cell.AuthResourceUtils; import io.personium.test.categories.Integration; import io.personium.test.categories.Regression; import io.personium.test.categories.Unit; import io.personium.test.jersey.AbstractCase; import io.personium.test.jersey.PersoniumException; import io.personium.test.jersey.PersoniumIntegTestRunner; import io.personium.test.jersey.PersoniumResponse; import io.personium.test.jersey.PersoniumRestAdapter; import io.personium.test.setup.Setup; import io.personium.test.unit.core.UrlUtils; import io.personium.test.utils.AccountUtils; import io.personium.test.utils.BoxUtils; import io.personium.test.utils.CellUtils; import io.personium.test.utils.DavResourceUtils; import io.personium.test.utils.ExtCellUtils; import io.personium.test.utils.Http; import io.personium.test.utils.ResourceUtils; import io.personium.test.utils.TResponse; /** * ImplicitFlow??. */ @RunWith(PersoniumIntegTestRunner.class) @Category({ Unit.class, Integration.class, Regression.class }) @SuppressWarnings("restriction") public class ImplicitFlowTest extends JerseyTest { private static final String MAX_AGE = "maxAge"; private static final String SESSION_ID = OAuth2Helper.Key.SESSION_ID; private static final String REDIRECT_HTML = "__/redirect.html"; static final String DEFAULT_STATE = "0000000111"; private List<Cookie> cookies = null; /** * ??. */ @Before public void before() { LockManager.deleteAllLocks(); } /** * ?. */ @After public void after() { LockManager.deleteAllLocks(); } /** * . */ public ImplicitFlowTest() { super("io.personium.core.rs"); } /** * ???Cell???ImplicitFlow??404????. */ @Test public final void ???Cell???ImplicitFlow??404 ????() { String reqCell = UrlUtils.cellRoot("dummyCell"); PersoniumResponse res = requesttoAuthz(null, reqCell, Setup.TEST_CELL_SCHEMA1, null); assertEquals(HttpStatus.SC_NOT_FOUND, res.getStatusCode()); } /** * ???POST?200???. */ @Test public final void ???POST?200 ???() { PersoniumResponse res = requesttoAuthz(null); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0002", Setup.TEST_CELL1); } /** * ???POST?client_id???Cell???400????. */ @Test public final void ???POST?client_id???Cell???400 ????() { String clientId = UrlUtils.cellRoot(Setup.TEST_CELL1); try { // Box? BoxUtils.createWithSchema(Setup.TEST_CELL1, "authzBox", AbstractCase.MASTER_TOKEN_NAME, clientId); PersoniumResponse res = requesttoAuthz(null, Setup.TEST_CELL1, clientId, null); assertEquals(HttpStatus.SC_BAD_REQUEST, res.getStatusCode()); } finally { BoxUtils.delete(Setup.TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, "authzBox"); } } /** * ???POST?redirect_uri?client_id???400????. */ @Test public final void ???POST?redirect_uri?client_id???400????() { String redirectUri = UrlUtils.cellRoot(Setup.TEST_CELL2) + REDIRECT_HTML; PersoniumResponse res = requesttoAuthz(null, Setup.TEST_CELL1, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), redirectUri); assertEquals(HttpStatus.SC_BAD_REQUEST, res.getStatusCode()); } /** * ???POST?client_id???Cell???Box???????????. */ @Test public final void ???POST?client_id???Cell ???Box???????????() { String clientId = UrlUtils.cellRoot("dummyCell"); PersoniumResponse res = requesttoAuthz(null, Setup.TEST_CELL1, clientId, null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL1) + "__html/error?code=PS-ER-0003", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ???POST?client_id???Cell???Box??Cell?????????. */ @Test public final void ???POST?client_id???Cell ???Box??Cell?????????() { String clientId = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1); String cellName = "authztestcell"; try { // Cell? CellUtils.create(cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_CREATED); // __authz PersoniumResponse res = requesttoAuthz(null, cellName, clientId, null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); assertEquals(UrlUtils.cellRoot(cellName) + "__html/error?code=PS-ER-0003", res.getFirstHeader(HttpHeaders.LOCATION)); } finally { CellUtils.delete(AbstractCase.MASTER_TOKEN_NAME, cellName); } } /** * ????????. */ @Test public final void ????????() { // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // ???????? AuthTestCommon.accountLastAuthenticatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // cookie????? checkSessionId(false, Setup.TEST_CELL1); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AccountAccessToken aToken = AccountAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL1)); assertNotNull("access token parse error.", aToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ??????????????. */ @Test public final void ??????????????() { // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); String addbody = "&username=account2&password=dummypassword"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); AuthTestCommon.waitForAccountLock(); } /** * ?1???????200????html?????. * io.personium.core.lock.accountlock.time1??????Ignore */ @Test @Ignore public final void ?1???????200????html?????() { String lockType = PersoniumUnitConfig.getLockType(); if (lockType.equals("memcached")) { String addbody = "&username=account2&password=dummypassword"; // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); // ?() PersoniumResponse res = requesttoAuthz(addbody); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); addbody = "&username=account2&password=password2"; // 1??(401(PR401-AN-0019)) res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0006", Setup.TEST_CELL1); AuthTestCommon.waitForAccountLock(); } } /** * ?1??????200????html?????. * io.personium.core.lock.accountlock.time1??????Ignore */ @Test @Ignore public final void ?1??????200????html?????() { String lockType = PersoniumUnitConfig.getLockType(); if (lockType.equals("memcached")) { String addbody = "&username=account2&password=dummypassword"; // ?() PersoniumResponse res = requesttoAuthz(addbody); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); addbody = "&username=account2&password=dummypassword"; // 1??(401(PR401-AN-0019)) res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0006", Setup.TEST_CELL1); AuthTestCommon.waitForAccountLock(); } } /** * ?1???????302?????. */ @Test public final void ?1???????302?????() { String lockType = PersoniumUnitConfig.getLockType(); if (lockType.equals("memcached")) { String addbody = "&username=account2&password=dummypassword"; // ?() PersoniumResponse res = requesttoAuthz(addbody); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); addbody = "&username=account2&password=password2"; AuthTestCommon.waitForAccountLock(); // 1??(??) res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); Map<String, String> response = parseResponse(res); try { AccountAccessToken aToken = AccountAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL1)); assertNotNull("access token parse error.", aToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } } /** * ?1??????200????html?????. */ @Test public final void ?1??????200????html?????() { String lockType = PersoniumUnitConfig.getLockType(); if (lockType.equals("memcached")) { String addbody = "&username=account2&password=dummypassword"; // ?() PersoniumResponse res = requesttoAuthz(addbody); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); addbody = "&username=account2&password=dummypassword"; AuthTestCommon.waitForAccountLock(); // 1??(401(PS-AU-0004)) res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); AuthTestCommon.waitForAccountLock(); } } /** * ??????????????????. */ @Test public final void ??????????????????() { // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); // ??? String addbody = "&username=&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0003", Setup.TEST_CELL1); // ? addbody = "&username=account2&password="; res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0003", Setup.TEST_CELL1); AuthTestCommon.waitForAccountLock(); } /** * ?????????????. */ @Test public final void ?????????????() { String addbody = "&username=dummyaccount&password=dummypassword"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0004", Setup.TEST_CELL1); } /** * ????????. */ @Ignore @Test public final void ????????() { // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL2, "account4"); String addbody = "&username=account4&password=password4&p_target=" + UrlUtils.cellRoot(Setup.TEST_CELL1); PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL2, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // ???????? AuthTestCommon.accountLastAuthenticatedCheck(Setup.TEST_CELL2, "account4", lastAuthenticatedTime); // cookie????? checkSessionId(false, Setup.TEST_CELL2); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AbstractOAuth2Token tcToken = TransCellAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL1), UrlUtils.getHost()); assertNotNull("access token parse error.", tcToken); assertTrue("access token parse error.", tcToken instanceof TransCellAccessToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenDsigException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenRootCrtException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ??ULUUT??????. */ @Test @Ignore // UUT promotion setting API invalidation. public final void ??ULUUT??????() { // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); String addbody = "&username=account2&password=password2&p_owner=true"; // ?? DavResourceUtils.setProppatch(Setup.TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); PersoniumResponse res = requesttoAuthz(addbody); // ???????? AuthTestCommon.accountLastAuthenticatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { UnitLocalUnitUserToken uluut = UnitLocalUnitUserToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.getHost()); assertEquals(Setup.OWNER_VET, uluut.getSubject()); assertEquals(UrlUtils.getHost(), uluut.getIssuer()); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ??p_target?p_owner???ULUUT??????. */ @Test @Ignore // UUT promotion setting API invalidation. public final void ??p_target?p_owner???ULUUT??????() { String addbody = "&username=account2&password=password2&p_owner=true&p_target=" + UrlUtils.cellRoot(Setup.TEST_CELL1); // ?? DavResourceUtils.setProppatch(Setup.TEST_CELL2, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL2, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { UnitLocalUnitUserToken uluut = UnitLocalUnitUserToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.getHost()); assertEquals(Setup.OWNER_HMC, uluut.getSubject()); assertEquals(UrlUtils.getHost(), uluut.getIssuer()); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ??redirect_uri?URL????????302???. */ @Test public final void ??redirect_uri?URL????????302???() { String addbody = "&username=account2&password=password2"; String redirectUri = REDIRECT_HTML; // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL1, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), redirectUri); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL1) + "__html/error?code=PR400-AZ-0003", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??redirect_uri?client_id???302???. */ @Test public final void ??redirect_uri?client_id???302???() { String addbody = "&username=account2&password=password2"; String redirectUri = UrlUtils.cellRoot(Setup.TEST_CELL2) + REDIRECT_HTML; PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL1, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), redirectUri); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL1) + "__html/error?code=PR400-AZ-0003", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??response_type?token????302???. */ @Test public final void ??response_type?token????302???() { String responseType = "code"; String body = "response_type=" + responseType + "&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL1, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // #error={error}&error_description={error_description}&state={state}&code={code} assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "#error=unsupported_response_type&error_description=unsupported_response_type&state=" + DEFAULT_STATE + "&code=PR400-AZ-0001", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??keeplogin???Cookie??????. */ @Test public final void ??keeplogin???Cookie??? ???() { String addbody = "&username=account2&password=password2&keeplogin=true"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? checkSessionId(true, Setup.TEST_CELL1); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AccountAccessToken aToken = AccountAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL1)); assertNotNull("access token parse error.", aToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ????????. */ @Test public final void ????????() { String transCellAccessToken = getTcToken(); // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); // ? String addbody = "&assertion=" + transCellAccessToken; PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL2, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { CellLocalAccessToken token = CellLocalAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL2)); assertNotNull("access token parse error.", token); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * ????????. */ @Ignore @Test public final void ????????() { try { // ??Cell? CellUtils.create("authzcell", AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_CREATED); // ExtCell? ExtCellUtils.create(AbstractCase.MASTER_TOKEN_NAME, "authzcell", UrlUtils.cellRoot(Setup.TEST_CELL2), HttpStatus.SC_CREATED); String transCellAccessToken = getTcToken(); // ? String addbody = "&assertion=" + transCellAccessToken + "&p_target=" + UrlUtils.cellRoot("authzcell"); PersoniumResponse res = requesttoAuthz(addbody, Setup.TEST_CELL2, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AbstractOAuth2Token tcToken = TransCellAccessToken.parse( response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL2), UrlUtils.getHost()); assertNotNull("access token parse error.", tcToken); assertTrue("access token parse error.", tcToken instanceof TransCellAccessToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenDsigException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenRootCrtException e) { fail(e.getMessage()); e.printStackTrace(); } } finally { ExtCellUtils.delete(AbstractCase.MASTER_TOKEN_NAME, "authzcell", UrlUtils.cellRoot(Setup.TEST_CELL2)); CellUtils.delete(AbstractCase.MASTER_TOKEN_NAME, "authzcell"); } } /** * ??response_type????302?????. */ @Test public final void ??response_type????302?????() { String transCellAccessToken = getTcToken(); // ? String addbody = "&assertion=" + transCellAccessToken; String clientId = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1); String redirecturi = clientId + REDIRECT_HTML; String body = "client_id=" + clientId + "&redirect_uri=" + redirecturi + "&state=" + DEFAULT_STATE + addbody; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL2, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // {redirect_uri}#error={error}&error_description={error_description}&state={state}&code={code} assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "#error=invalid_request&error_description=invalid_request&state=" + DEFAULT_STATE + "&code=PR400-AZ-0004", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??client_id????302?????. */ @Test public final void ??client_id????302?????() { String transCellAccessToken = getTcToken(); // ? String addbody = "&assertion=" + transCellAccessToken; String redirecturi = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML; String body = "response_type=token" + "&redirect_uri=" + redirecturi + "&state=" + DEFAULT_STATE + addbody; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL2, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL2) + "__html/error?code=PR400-AZ-0002", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??redirect_uri????302?????. */ @Test public final void ??redirect_uri????302?????() { String transCellAccessToken = getTcToken(); // ? String addbody = "&assertion=" + transCellAccessToken; String clientId = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1); String body = "response_type=token&client_id=" + clientId + "&state=" + DEFAULT_STATE + addbody; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL2, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL2) + "__html/error?code=PR400-AZ-0003", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??assertion??????302?????. */ @Test public final void ??assertion??????302?????() { // ? String addbody = "&assertion=dummytoken"; String clientId = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1); String redirecturi = clientId + REDIRECT_HTML; String body = "response_type=token&client_id=" + clientId + "&redirect_uri=" + redirecturi + "&state=" + DEFAULT_STATE + addbody; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL2, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // {redirect_uri}#error={error}&error_description={error_description}&state={state}&code={code} assertEquals(redirecturi + "#error=access_denied&error_description=access_denied&state=" + DEFAULT_STATE + "&code=PR401-AZ-0002", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * ??assertion???Cell??302?????. */ @Test public final void ??assertion???Cell??302?????() { String transCellAccessToken = getTcToken(); // ? String addbody = "&assertion=" + transCellAccessToken; String clientId = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1); String redirecturi = clientId + REDIRECT_HTML; String body = "response_type=token&client_id=" + clientId + "&redirect_uri=" + redirecturi + "&state=" + DEFAULT_STATE + addbody; PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL1, body); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // {redirect_uri}#error={error}&error_description={error_description}&state={state}&code={code} assertEquals(redirecturi + "#error=access_denied&error_description=access_denied&state=" + DEFAULT_STATE + "&code=PR401-AZ-0002", res.getFirstHeader(HttpHeaders.LOCATION)); } /** * Cookie????????. */ @Test public final void Cookie????????() { // ??? String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // ?????????? Long lastAuthenticatedTime = AuthTestCommon.getAccountLastAuthenticated(Setup.TEST_CELL1, "account2"); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); checkSessionId(true, Setup.TEST_CELL1); // ??????????? AuthTestCommon.accountLastAuthenticatedNotUpdatedCheck(Setup.TEST_CELL1, "account2", lastAuthenticatedTime); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AccountAccessToken aToken = AccountAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL1)); assertNotNull("access token parse error.", aToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * Cookie????????. */ @Ignore @Test public final void Cookie????????() { // ??? String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&p_target=" + UrlUtils.cellRoot(Setup.TEST_CELL2); HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); checkSessionId(true, Setup.TEST_CELL1); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { AbstractOAuth2Token tcToken = TransCellAccessToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.cellRoot(Setup.TEST_CELL2), UrlUtils.getHost()); assertNotNull("access token parse error.", tcToken); assertTrue("access token parse error.", tcToken instanceof TransCellAccessToken); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenDsigException e) { fail(e.getMessage()); e.printStackTrace(); } catch (TokenRootCrtException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * Cookie??p_owner???ULUUT??????. */ @Test @Ignore // UUT promotion setting API invalidation. public final void Cookie??p_owner???ULUUT??????() { // ??? String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // ?? DavResourceUtils.setProppatch(Setup.TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&p_owner=true"; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { UnitLocalUnitUserToken uluut = UnitLocalUnitUserToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.getHost()); assertEquals(Setup.OWNER_VET, uluut.getSubject()); assertEquals(UrlUtils.getHost(), uluut.getIssuer()); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * Cookie??p_target?p_owner???ULUUT??????. */ @Test @Ignore // UUT promotion setting API invalidation. public final void Cookie??p_target?p_owner???ULUUT??????() { // ??? String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // ?? DavResourceUtils.setProppatch(Setup.TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&p_owner=true&p_target=" + UrlUtils.cellRoot(Setup.TEST_CELL2); HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); // {redirect_uri}#access_token={access_token}&token_type=Bearer&expires_in={expires_in}&state={state} Map<String, String> response = parseResponse(res); try { UnitLocalUnitUserToken uluut = UnitLocalUnitUserToken.parse(response.get(OAuth2Helper.Key.ACCESS_TOKEN), UrlUtils.getHost()); assertEquals(Setup.OWNER_VET, uluut.getSubject()); assertEquals(UrlUtils.getHost(), uluut.getIssuer()); assertEquals(OAuth2Helper.Scheme.BEARER, response.get(OAuth2Helper.Key.TOKEN_TYPE)); assertEquals("3600", response.get(OAuth2Helper.Key.EXPIRES_IN)); assertEquals(DEFAULT_STATE, response.get(OAuth2Helper.Key.STATE)); } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } } /** * Cookie?????302???. */ @Test @Ignore // UUT promotion setting API invalidation. public final void Cookie?????302???() { // ??? String addbody = "&username=account4&password=password4"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // ?? DavResourceUtils.setProppatch(Setup.TEST_CELL1, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&p_owner=true"; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0005", Setup.TEST_CELL1, "true"); } /** * Cookie??????p_owner???302???. */ @Test @Ignore // UUT promotion setting API invalidation. public final void Cookie??????p_owner???302???() { String cellName = "authzcell"; try { // Cell? CellUtils.create(cellName, AbstractCase.MASTER_TOKEN_NAME, HttpStatus.SC_CREATED); // Account? AccountUtils.create(AbstractCase.MASTER_TOKEN_NAME, cellName, "account1", "password1", HttpStatus.SC_CREATED); // Box? BoxUtils.createWithSchema(cellName, "box", AbstractCase.MASTER_TOKEN_NAME, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1)); // ??? String addbody = "&username=account1&password=password1"; PersoniumResponse res = requesttoAuthz(addbody, cellName, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, cellName); // ?? DavResourceUtils.setProppatch(cellName, AbstractCase.MASTER_TOKEN_NAME, "cell/proppatch-uluut.txt", HttpStatus.SC_MULTI_STATUS); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE + "&p_owner=true"; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(cellName, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0005", cellName, "true"); } finally { // Box BoxUtils.delete(cellName, AbstractCase.MASTER_TOKEN_NAME, "box"); // Account AccountUtils.delete(cellName, AbstractCase.MASTER_TOKEN_NAME, "account1", -1); // Cell CellUtils.delete(AbstractCase.MASTER_TOKEN_NAME, cellName); } } /** * Cookie??session_id??????302????. */ @Test public final void Cookie??session_id??????302????() { // ??? String addbody = "&username=account2&password=password2"; PersoniumResponse res = requesttoAuthz(addbody); assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, res.getStatusCode()); // cookie????? String sessionId = checkSessionId(false, Setup.TEST_CELL1); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); res = requesttoAuthzWithBody(Setup.TEST_CELL2, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0005", Setup.TEST_CELL2); } /** * Cookie??session_id????302????. */ @Test public final void Cookie??session_id????302????() { // ?? String sessionId = ResourceUtils.getMyCellLocalToken(Setup.TEST_CELL1, "account2", "password2"); // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0005", Setup.TEST_CELL1); } /** * Cookie??session_id????302????. */ @Test public final void Cookie??session_id????302????() { // ?? String sessionId = ""; // Cookie? String body = "response_type=token&client_id=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "&redirect_uri=" + UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML + "&state=" + DEFAULT_STATE; HashMap<String, String> headers = new HashMap<String, String>(); headers.put("session-id", sessionId); PersoniumResponse res = requesttoAuthzWithBody(Setup.TEST_CELL1, body, headers); // cookie?????????? Map<String, Object> sessionMap = getSessionMap(); assertNull(sessionMap.get(SESSION_ID)); assertEquals(HttpStatus.SC_OK, res.getStatusCode()); // ??? assertEquals(MediaType.TEXT_HTML + ";charset=UTF-8", res.getFirstHeader(HttpHeaders.CONTENT_TYPE)); // ??? checkHtmlBody(res, "PS-AU-0005", Setup.TEST_CELL1); } /** * __authz???. * @param addbody ? * @return ? */ private PersoniumResponse requesttoAuthz(String addbody) { return requesttoAuthz(addbody, Setup.TEST_CELL1, UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), null); } /** * __authz???. * @param addbody ? * @param requestCellName requestCellName * @param clientId client_id * @param redirecturi redirect_uri * @return ? */ private PersoniumResponse requesttoAuthz(String addbody, String requestCellName, String clientId, String redirecturi) { if (addbody == null) { addbody = ""; } // ?body?????? if (redirecturi == null) { redirecturi = clientId + REDIRECT_HTML; } String body = "response_type=token&client_id=" + clientId + "&redirect_uri=" + redirecturi + "&state=" + DEFAULT_STATE + addbody; return requesttoAuthzWithBody(requestCellName, body); } /** * __authz???. * @param requestCellName requestCellName * @param body * @return ? */ private PersoniumResponse requesttoAuthzWithBody(String requestCellName, String body) { return requesttoAuthzWithBody(requestCellName, body, null); } /** * __authz???. * @param requestCellName requestCellName * @param body * @param requestheaders ? * @return ? */ private PersoniumResponse requesttoAuthzWithBody(String requestCellName, String body, HashMap<String, String> requestheaders) { PersoniumRestAdapter rest = new PersoniumRestAdapter(); PersoniumResponse res = null; // if (requestheaders == null) { requestheaders = new HashMap<String, String>(); } requestheaders.put(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED); try { cookies = null; res = rest.post(UrlUtils.cellRoot(requestCellName) + "__authz", body, requestheaders); cookies = rest.getCookies(); } catch (PersoniumException e) { e.printStackTrace(); } return res; } private Map<String, String> parseResponse(PersoniumResponse res) { String location = res.getFirstHeader(HttpHeaders.LOCATION); System.out.println(location); String[] locations = location.split("#"); String[] responses = locations[1].split("&"); Map<String, String> map = new HashMap<String, String>(); for (String response : responses) { String[] value = response.split("="); map.put(value[0], value[1]); } return map; } private String checkSessionId(boolean keeplogin, String cellName) { Map<String, Object> sessionMap = getSessionMap(); try { CellLocalRefreshToken rToken = CellLocalRefreshToken.parse((String) sessionMap.get(SESSION_ID), UrlUtils.cellRoot(cellName)); assertNotNull("can't get session-id from response.", rToken); if (keeplogin) { assertNotNull("can't get ExpiryDate from response.", sessionMap.get(MAX_AGE)); } else { assertNull("ExpiryDate is exists from response.", sessionMap.get(MAX_AGE)); } } catch (TokenParseException e) { fail(e.getMessage()); e.printStackTrace(); } return (String) sessionMap.get(SESSION_ID); } private Map<String, Object> getSessionMap() { Map<String, Object> sessionMap = new HashMap<String, Object>(); String sessionId = null; Date maxAge = null; for (Cookie cookie : cookies) { if (SESSION_ID.equals(cookie.getName())) { sessionId = cookie.getValue(); maxAge = cookie.getExpiryDate(); } } sessionMap.put(SESSION_ID, sessionId); sessionMap.put(MAX_AGE, maxAge); return sessionMap; } static void checkHtmlBody(PersoniumResponse res, String messageId, String dataCellName) { checkHtmlBody(res, messageId, dataCellName, ""); } static void checkHtmlBody(PersoniumResponse res, String messageId, String dataCellName, String dcOwner) { DOMParser parser = new DOMParser(); InputSource body = null; body = new InputSource(res.bodyAsStream()); try { parser.parse(body); } catch (SAXException e) { fail(e.getMessage()); } catch (IOException e) { fail(e.getMessage()); } Document document = parser.getDocument(); NodeList nodeList = document.getElementsByTagName("script"); assertEquals(AuthResourceUtils.getJavascript("ajax.js"), ((Element) nodeList.item(0)).getTextContent()); nodeList = document.getElementsByTagName("title"); assertEquals(PersoniumCoreMessageUtils.getMessage("PS-AU-0001"), ((Element) nodeList.item(0)).getTextContent()); nodeList = document.getElementsByTagName("body"); String expectedAppUrl = UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + "__/profile.json"; String expectedDataUrl = UrlUtils.cellRoot(dataCellName) + "__/profile.json"; assertEquals("requestFile('GET', '" + expectedAppUrl + "' , '" + expectedDataUrl + "' ,true )", ((Element) nodeList.item(0)).getAttribute("onload")); nodeList = document.getElementsByTagName("h1"); assertEquals(PersoniumCoreMessageUtils.getMessage("PS-AU-0001"), ((Element) nodeList.item(0)).getTextContent()); nodeList = document.getElementsByTagName("form"); String expectedFormUrl = UrlUtils.cellRoot(dataCellName) + "__authz"; assertEquals(expectedFormUrl, ((Element) nodeList.item(0)).getAttribute("action")); nodeList = document.getElementsByTagName("div"); for (int i = 0; i < nodeList.getLength(); i++) { Element element = (Element) nodeList.item(i); String id = element.getAttribute("id"); if ("message".equals(id)) { assertEquals(PersoniumCoreMessageUtils.getMessage(messageId).replaceAll("<br />", ""), element.getTextContent()); } } nodeList = document.getElementsByTagName("input"); for (int i = 0; i < nodeList.getLength(); i++) { Element element = (Element) nodeList.item(i); String id = element.getAttribute("id"); if ("state".equals(id)) { assertEquals(DEFAULT_STATE, element.getAttribute("value")); } else if ("p_target".equals(id)) { assertEquals("", element.getAttribute("value")); } else if ("p_owner".equals(id)) { assertEquals(dcOwner, element.getAttribute("value")); } else if ("client_id".equals(id)) { assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1), element.getAttribute("value")); } else if ("redirect_uri".equals(id)) { assertEquals(UrlUtils.cellRoot(Setup.TEST_CELL_SCHEMA1) + REDIRECT_HTML, element.getAttribute("value")); } } } private String getTcToken() { // ??????? TResponse resPassAuth = Http.request("authn/password-tc-c0.txt").with("remoteCell", Setup.TEST_CELL1) .with("username", "account1").with("password", "password1") .with("p_target", UrlUtils.cellRoot(Setup.TEST_CELL2)).returns().statusCode(HttpStatus.SC_OK); JSONObject json = resPassAuth.bodyAsJson(); String transCellAccessToken = (String) json.get(OAuth2Helper.Key.ACCESS_TOKEN); return transCellAccessToken; } }