@Test(expected = InvalidScopeException.class) public void testValidateScopesNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singleton("scim.read")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Collections.singletonList("scim.write"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("scim.write"), ex.getMessage()); throw ex; } }
@Test(expected = InvalidScopeException.class) public void testValidateScopesSomeNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("scim.read", "scim.write")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Arrays.asList("scim.read", "ponies.ride"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("ponies.ride"), ex.getMessage()); throw ex; } }
@Test(expected = InvalidScopeException.class) public void testValidateScopesMultipleNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singletonList("cat.pet")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Arrays.asList("scim.write", "scim.read"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("scim.write", "scim.read"), ex.getMessage()); throw ex; } }
@Override @RequestMapping public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> requestParameters, SessionStatus sessionStatus, Principal principal) { try { modifyRequestParameters(requestParameters); } catch (InvalidScopeException ise) { String redirectUri = requestParameters.get("redirect_uri"); String redirectUriWithParams = ""; if(redirectUri != null) { redirectUriWithParams = redirectUri; } redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } return super.authorize(model, requestParameters, sessionStatus, principal); }