Spring Security Oauth客户端-像邮递员示例的请求
[英]Spring security Oauth client - Request like a postman example
问题描述
I am trying to do a JUnit Tests that executes an OAuth flow. 
我正在尝试执行一个执行OAuth流的JUnit测试。
My customer built a OAuth provider, when I make a test using postman, the postman show me a screen to fill down the credentials, after that, the postman store the information (access_token, id_token, all JWT informations), it is ok. 我的客户建立了一个OAuth提供程序,当我使用邮递员进行测试时,邮递员会显示一个屏幕以填写凭据,然后邮递员存储信息(access_token,id_token和所有JWT信息),就可以了。
See the example: 参见示例:
My code to test is: 我要测试的代码是:
@Test
public void getAccessTokenViaSpringSecurityOAuthClient() {
try {
OAuth2ProtectedResourceDetails resourceDetails = googleOAuth2Details();
OAuth2RestTemplate oAuthRestTemplate = new OAuth2RestTemplate(resourceDetails);
org.springframework.http.HttpHeaders headers = new org.springframework.http.HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
OAuth2AccessToken token = oAuthRestTemplate.getAccessToken();
System.out.println(oAuthRestTemplate.getResource());
System.out.println(oAuthRestTemplate.getOAuth2ClientContext());
System.out.println(token);
Assert.assertTrue(token != null);
} catch (Exception e) {
e.printStackTrace();
}
}
public OAuth2ProtectedResourceDetails googleOAuth2Details() {
AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails();
googleOAuth2Details.setClientId("xxxxx");
googleOAuth2Details.setUserAuthorizationUri("https://xxx/yyy/oauth2/authorize");
googleOAuth2Details.setAccessTokenUri("https://xxx/yyy/oauth2/token");
googleOAuth2Details.setScope(Arrays.asList("openid"));
googleOAuth2Details.setPreEstablishedRedirectUri("https://www.getpostman.com/oauth2/callback");
googleOAuth2Details.setAuthenticationScheme(AuthenticationScheme.query);
googleOAuth2Details.setClientAuthenticationScheme(AuthenticationScheme.form);
return googleOAuth2Details;
}
When I run the task, this exception happens: 当我运行任务时,会发生以下异常:
org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
Is it possible to test this flow? 是否可以测试此流程? How can I do it? 我该怎么做?
1 个解决方案
解决方案1
0 已采纳 2018-02-08 16:48:27
The exception explains the problem : A redirect is required to get the users approval . 异常说明了问题: A redirect is required to get the users approval 。
Postman is hiding the fact that once the authorization process is over, the authorization server redirects your browser to a redirect_uri , or Callback URL as Postman names it. Postman隐藏了以下事实:授权过程结束后,授权服务器会将您的浏览器redirect_uri到redirect_uri或Postman为其命名的Callback URL。 This URL collects the authorization code delivered by the authorization server, and requests a token. 该URL收集授权服务器提供的授权代码,并请求令牌。
See the authorization code flow for more details : 有关更多详细信息,请参见授权代码流:
This means that you cannot "unit test" the authorization code grant of an authorization server. 这意味着您不能对授权服务器的授权代码授予进行“单元测试”。 You need some kind of web server to process the callback of the authorization code flow. 您需要某种Web服务器来处理授权代码流的回调。
You could probably test your authorization a lot faster by creating a @SpringBootTest with a Spring Boot application using @EnableOAuth2Sso . 通过使用@EnableOAuth2Sso与Spring Boot应用程序创建@SpringBootTest ,您可能可以更快地测试授权。 Spring Boot will auto-configure an OAuth2RestTemplate for you, and you can have it @Autowired in your JUnit test. Spring Boot将为您自动配置一个OAuth2RestTemplate ,您可以在JUnit测试中将它@Autowired 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.