OpenAMResourceOwnerSessionValidatorTest.java revision 252ba3279625d5b00898aeb7fb73eaf160d811db
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
*/
/**
* @since 12.0.0
*/
public class OpenAMResourceOwnerSessionValidatorTest {
private SSOTokenManager mockSSOTokenManager;
private OAuth2ProviderSettings providerSettings;
private OAuth2Request mockOAuth2Request;
private Request restletRequest;
private HttpServletRequest mockHttpServletRequest;
restletRequest = new Request();
new OpenAMResourceOwnerSessionValidator(dnWrapper, mockSSOTokenManager, mockProviderSettingsFactory,
return mockHttpServletRequest;
}
};
}
public void shouldFailIfInvalidCombinationOfPromptsArePresent() throws Exception {
//Given
mockPrompt("login none");
//When
// Then
// BadRequestException
}
@Test
public void shouldForceAuthentication() throws Exception {
//Given
mockPrompt("");
try {
//When
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
// Then
}
}
@Test
public void shouldForceReauthenticationWhenLoginPromptIsPresent() throws Exception {
//Given
mockPrompt("login");
try {
//When
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
// Then
}
}
@Test
public void shouldForceReauthenticationWhenLoginAndConsentPromptsArePresent() throws Exception {
//Given
mockPrompt("login consent");
try {
//When
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
// Then
}
}
public void shouldFailIfUserIsNotAuthenticatedAndNonePromptIsPresent() throws Exception {
//Given
mockPrompt("none");
//When
// Then
// InteractionRequiredException
}
// OPENAM-4092: When the user has no SSO token and specifies prompt=consent the
// user should be presented with the OpenAM login page
//
public void shouldFailIfUserIsNotAuthenticatedAndOnlyConsentPromptIsPresent() throws Exception {
//Given
mockPrompt("consent");
//When
// Then
// LoginRequiredException
}
@Test
public void shouldUseAcrValuesIfSpecified() throws Exception {
// Given
mockPrompt("login");
// When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
}
// Then
}
@Test
public void shouldUseFirstAcrValueThatIsSupported() throws Exception {
// Given
mockPrompt("login");
// When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
}
// Then
}
@Test
public void shouldUseDefaultAuthChainIfNoAcrValuesSpecified() throws Exception {
// Given
mockPrompt("login");
// When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
}
// Then
}
@Test
public void shouldUseDefaultAuthChainWhenNoSupportedAcrValue() throws Exception {
// Given
mockPrompt("login");
mockRequestAcrValues("not_supported");
// When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired ex) {
}
// Then
}
@Test
public void shouldRedirectToCustomLoginUrl() throws Exception {
//Given
+ "<#if acrValues??>&acr_values=${acrValues}</#if><#if realm??>&realm=${realm}</#if>"
+ "<#if module??>&module=${module}</#if><#if service??>&service=${service}</#if>"
+ "<#if locale??>&locale=${locale}</#if>");
mockRequestAcrValues("1 2 3");
mockRequestRealm("SUB_REALM");
mockRequestLocale("LOCALE");
mockRequestModule("AUTHENTICATION_MODULE");
mockRequestService("AUTHENTICATION_CHAIN");
//When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired e) {
//Then
assertThat(e.getRedirectUri().toString()).isEqualTo("http://mylogin.com/login?goto=http%3A%2F%2Fopenam.example.com%3A8080%2Fopenam%2Foauth2%2Fauthorize&acr_values=1+2+3&realm=SUB_REALM&module=AUTHENTICATION_MODULE&service=AUTHENTICATION_CHAIN&locale=LOCALE");
}
}
@Test
public void shouldRedirectToCustomLoginUrlWithNoQueryParameters() throws Exception {
//Given
+ "<#if acrValues??>&acr_values=${acrValues}</#if><#if realm??>&realm=${realm}</#if>"
+ "<#if module??>&module=${module}</#if><#if service??>&service=${service}</#if>"
+ "<#if locale??>&locale=${locale}</#if>");
//When
try {
fail();
} catch (ResourceOwnerAuthenticationRequired e) {
//Then
assertThat(e.getRedirectUri().toString()).isEqualTo("http://mylogin.com/login?goto=http%3A%2F%2Fopenam.example.com%3A8080%2Fopenam%2Foauth2%2Fauthorize");
}
}
private void mockRequestRef() {
restletRequest.setResourceRef(new Reference("http://openam.example.com:8080/openam/oauth2/authorize"));
}
}
}
}
}
}
}
}
private void mockCustomLoginUrlTemplate(String customLoginUrlTemplate) throws ServerException, IOException {
Template template = new Template("", new StringReader(customLoginUrlTemplate), new Configuration());
}
}
}