private HttpHeaders getTokenHeaders(String clientId) { HttpHeaders headers = new HttpHeaders(); if (clientId != null) { headers.set("Authorization", "Basic " + new String(Base64.encode((clientId + ":").getBytes()))); } return headers ; }
private HttpHeaders getTokenHeaders(String clientId) { HttpHeaders headers = new HttpHeaders(); if (clientId != null) { headers.set("Authorization", "Basic " + new String(Base64.encode((clientId + ":").getBytes()))); } return headers ; }
private String getAuthorizationHeader(String clientId, String clientSecret) { if(clientId == null || clientSecret == null) { logger.warn("Null Client ID or Client Secret detected. Endpoint that requires authentication will reject request with 401 error."); } String creds = String.format("%s:%s", clientId, clientSecret); try { return "Basic " + new String(Base64.encode(creds.getBytes("UTF-8"))); } catch (UnsupportedEncodingException e) { throw new IllegalStateException("Could not convert String"); } }
private String getAuthorizationHeader(String clientId, String clientSecret) { String creds = String.format("%s:%s", clientId, clientSecret); try { return "Basic " + new String(Base64.encode(creds.getBytes("UTF-8"))); } catch (UnsupportedEncodingException e) { throw new IllegalStateException("Could not convert String"); } }
@Override public String toString() { String response = null; if (decompressInToString) { try { response = decompress(compressed); } catch (IOException e) { //do nothing } } else { response = compressed!=null?new String(Base64.encode(compressed)):"" + "\n"; } return response; } }
public void setKeyPair(KeyPair keyPair) { PrivateKey privateKey = keyPair.getPrivate(); Assert.state(privateKey instanceof RSAPrivateKey, "KeyPair must be an RSA "); signer = new RsaSigner((RSAPrivateKey) privateKey); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); verifier = new RsaVerifier(publicKey); verifierKey = "-----BEGIN PUBLIC KEY-----\n" + new String(Base64.encode(publicKey.getEncoded())) + "\n-----END PUBLIC KEY-----"; }
protected String getBasicAuthentication() { return "Basic " + new String(Base64.encode((getUsername() + ":" + getPassword()).getBytes())); }
/** * tests that we get the correct error response if the media type is unacceptable. */ @Test public void testMissingGrantType() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", String.format("Basic %s", new String(Base64.encode("my-trusted-client:".getBytes())))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); ResponseEntity<String> response = http.postForString(tokenPath(), headers, new LinkedMultiValueMap<String, String>()); assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode()); assertTrue(response.getBody().contains("invalid_request")); }
private HttpHeaders getAuthenticatedHeaders() { HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.TEXT_HTML)); headers.set("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes()))); if (context.getRestTemplate() != null) { context.getAccessTokenRequest().setHeaders(headers); } return headers; }
/** * tests that we get the correct error response if the media type is unacceptable. */ @Test public void testMissingGrantType() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.set( "Authorization", String.format("Basic %s", new String(Base64.encode("my-trusted-client:".getBytes())))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); ResponseEntity<String> response = http.postForString(tokenPath(), headers, new LinkedMultiValueMap<String, String>()); assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode()); assertTrue(response.getBody().contains("invalid_request")); }
@Override public String encodePassword(char[] rawPass, Object salt) { byte[] bytes = toBytes(rawPass); try { return new String(Base64.encode(byteEncrypter.encrypt(bytes))); } finally { scramble(bytes); } } };
public String getAuthorizationHeader(String username, String password) { String credentials = String.format("%s:%s", username, password); return String.format("Basic %s", new String(Base64.encode(credentials.getBytes()))); }
@Override public AuditEvent getAuditEvent() { String name = getAuthentication().getName(); try { // Store hash of name, to conceal accidental entry of sensitive info // (e.g. password) name = Utf8.decode(Base64.encode(MessageDigest.getInstance("SHA-1").digest(Utf8.encode(name)))); } catch (NoSuchAlgorithmException shouldNeverHappen) { name = "NOSHA"; } return createAuditRecord(name, AuditEventType.UserNotFound, getOrigin(getAuthenticationDetails()), ""); } }
@Test public void testForbidden() throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("token", "FOO"); HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", "Basic " + new String(Base64.encode("cf:".getBytes("UTF-8")))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/check_token", formData, headers); assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode()); @SuppressWarnings("unchecked") Map<String, String> map = response.getBody(); assertTrue(map.containsKey("error")); }
private OAuth2AccessToken getClientCredentialsAccessToken(String scope) throws Exception { String clientId = testAccounts.getAdminClientId(); String clientSecret = testAccounts.getAdminClientSecret(); MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "client_credentials"); formData.add("client_id", clientId); formData.add("scope", scope); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); headers.set("Authorization", "Basic " + new String(Base64.encode(String.format("%s:%s", clientId, clientSecret).getBytes()))); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers); assertEquals(HttpStatus.OK, response.getStatusCode()); @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody()); return accessToken; }
public static String getClientCredentialsToken(ServerRunning serverRunning, String clientId, String clientSecret) throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "client_credentials"); formData.add("client_id", clientId); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); headers.set("Authorization", "Basic " + new String(Base64.encode(String.format("%s:%s", clientId, clientSecret).getBytes()))); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers); Assert.assertEquals(HttpStatus.OK, response.getStatusCode()); @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody()); return accessToken.getValue(); }
@Test @OAuth2ContextConfiguration(resource = NonAutoApproveImplicit.class, initialize = false) public void testPostForNonAutomaticApprovalToken() throws Exception { HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes()))); context.getAccessTokenRequest().setHeaders(headers); try { assertNotNull(context.getAccessToken()); fail("Expected UserRedirectRequiredException"); } catch (UserRedirectRequiredException e) { // ignore } // add user approval parameter for the second request context.getAccessTokenRequest().add(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); context.getAccessTokenRequest().add("scope.read", "true"); assertNotNull(context.getAccessToken()); }
private OAuth2AccessToken getClientCredentialsAccessToken(String scope) throws Exception { String clientId = testAccounts.getAdminClientId(); String clientSecret = testAccounts.getAdminClientSecret(); MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "client_credentials"); formData.add("client_id", clientId); formData.add("scope", scope); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); headers.set("Authorization", "Basic " + new String(Base64.encode(String.format("%s:%s", clientId, clientSecret).getBytes()))); @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/oauth/token", formData, headers); assertEquals(HttpStatus.OK, response.getStatusCode()); @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody()); return accessToken; }
/** * tests that a client secret is required. */ @Test public void testSecretRequired() throws Exception { MultiValueMap<String, String> formData = new LinkedMultiValueMap<String, String>(); formData.add("grant_type", "password"); formData.add("username", resource.getUsername()); formData.add("password", resource.getPassword()); formData.add("scope", "cloud_controller.read"); HttpHeaders headers = new HttpHeaders(); headers.set("Authorization", "Basic " + new String(Base64.encode("no-such-client:".getBytes("UTF-8")))); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); ResponseEntity<String> response = serverRunning.postForString("/oauth/token", formData, headers); assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode()); }
@Test void autologin_with_validCode_RedirectsToHome( @Autowired JdbcExpiringCodeStore jdbcExpiringCodeStore ) throws Exception { MockMvcUtils.PredictableGenerator generator = new MockMvcUtils.PredictableGenerator(); jdbcExpiringCodeStore.setGenerator(generator); AutologinRequest request = new AutologinRequest(); request.setUsername("marissa"); request.setPassword("koala"); mockMvc.perform(post("/autologin") .header("Authorization", "Basic " + new String(Base64.encode("admin:adminsecret".getBytes()))) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isOk()); mockMvc.perform(get("/autologin") .param("code", "test" + generator.counter.get()) .param("client_id", "admin")) .andExpect(redirectedUrl("home")); }