diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java new file mode 100644 index 000000000000..5cbc6fa12c34 --- /dev/null +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/AADSeleniumITHelper.java @@ -0,0 +1,115 @@ +package com.azure.test.aad.selenium; + +import com.azure.test.utils.AppRunner; +import org.junit.Assert; +import org.openqa.selenium.By; +import org.openqa.selenium.Keys; +import org.openqa.selenium.WebDriver; +import org.openqa.selenium.chrome.ChromeDriver; +import org.openqa.selenium.chrome.ChromeDriverService; +import org.openqa.selenium.chrome.ChromeOptions; +import org.openqa.selenium.support.ui.WebDriverWait; + +import java.io.File; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import java.util.regex.Pattern; + +import static com.azure.test.aad.AADTestUtils.AAD_MULTI_TENANT_CLIENT_ID; +import static com.azure.test.aad.AADTestUtils.AAD_MULTI_TENANT_CLIENT_SECRET; +import static com.azure.test.aad.AADTestUtils.AAD_TENANT_ID_1; +import static com.azure.test.aad.AADTestUtils.AAD_USER_NAME_1; +import static com.azure.test.aad.AADTestUtils.AAD_USER_PASSWORD_1; +import static org.openqa.selenium.support.ui.ExpectedConditions.presenceOfElementLocated; + +public class AADSeleniumITHelper { + + private final String username; + private final String password; + private final AppRunner app; + private final WebDriver driver; + private static final Map DEFAULT_PROPERTIES = new HashMap<>(); + + static { + DEFAULT_PROPERTIES.put("azure.activedirectory.tenant-id", System.getenv(AAD_TENANT_ID_1)); + DEFAULT_PROPERTIES.put("azure.activedirectory.client-id", System.getenv(AAD_MULTI_TENANT_CLIENT_ID)); + DEFAULT_PROPERTIES.put("azure.activedirectory.client-secret", System.getenv(AAD_MULTI_TENANT_CLIENT_SECRET)); + DEFAULT_PROPERTIES.put("azure.activedirectory.user-group.allowed-groups", "group1"); + DEFAULT_PROPERTIES.put("azure.activedirectory.post-logout-redirect-uri", "http://localhost:${server.port}"); + + final String directory = "src/test/resources/driver/"; + final String chromedriverLinux = "chromedriver_linux64"; + final String chromedriverWin32 = "chromedriver_win32.exe"; + final String chromedriverMac = "chromedriver_mac64"; + String osName = System.getProperty("os.name").toLowerCase(); + Process process = null; + try { + File dir = new File(directory); + if (Pattern.matches("linux.*", osName)) { + process = Runtime.getRuntime().exec("chmod +x " + chromedriverLinux, null, dir); + process.waitFor(); + System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverLinux); + } else if (Pattern.matches("windows.*", osName)) { + System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverWin32); + } else if (Pattern.matches("mac.*", osName)) { + process = Runtime.getRuntime().exec("chmod +x " + chromedriverMac, null, dir); + process.waitFor(); + System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverMac); + } else { + throw new IllegalStateException("Unrecognized osName. osName = " + System.getProperty("os.name")); + } + } catch (InterruptedException | IOException e) { + throw new RuntimeException(e); + } finally { + if (process != null) { + process.destroy(); + } + } + } + + public AADSeleniumITHelper(Class appClass, Map properties) throws InterruptedException { + username = System.getenv(AAD_USER_NAME_1); + password = System.getenv(AAD_USER_PASSWORD_1); + app = new AppRunner(appClass); + DEFAULT_PROPERTIES.forEach(app::property); + properties.forEach(app::property); + + ChromeOptions options = new ChromeOptions(); + options.addArguments("--headless"); + options.addArguments("--incognito", "--no-sandbox", "--disable-dev-shm-usage"); + this.driver = new ChromeDriver(options); + + this.app.start(); + login(); + } + + private void login() throws InterruptedException { + WebDriverWait wait = new WebDriverWait(this.driver, 10); + driver.get(app.root() + "oauth2/authorization/azure"); + wait.until(presenceOfElementLocated(By.name("loginfmt"))).sendKeys(username + Keys.ENTER); + Thread.sleep(10000); + driver.findElement(By.name("passwd")).sendKeys(password + Keys.ENTER); + Thread.sleep(10000); + driver.findElement(By.cssSelector("input[type='submit']")).click(); + Thread.sleep(10000); + } + + public String httpGet(String endpoint) throws InterruptedException { + driver.get((app.root() + endpoint)); + Thread.sleep(1000); + return driver.findElement(By.tagName("body")).getText(); + } + + public void logoutTest() throws InterruptedException { + WebDriverWait wait = new WebDriverWait(driver, 10); + driver.get(app.root() + "logout"); + wait.until(presenceOfElementLocated(By.cssSelector("button[type='submit']"))).click(); + Thread.sleep(10000); + String cssSelector = "div[data-test-id='" + username + "']"; + driver.findElement(By.cssSelector(cssSelector)).click(); + Thread.sleep(10000); + String id = driver.findElement(By.cssSelector("div[tabindex='0']")).getAttribute("data-test-id"); + Assert.assertEquals(username, id); + } +} diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/SeleniumTestUtils.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/SeleniumTestUtils.java deleted file mode 100644 index ea0ba145182a..000000000000 --- a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/SeleniumTestUtils.java +++ /dev/null @@ -1,107 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.test.aad.selenium; - -import com.azure.test.utils.AppRunner; -import org.openqa.selenium.By; -import org.openqa.selenium.Keys; -import org.openqa.selenium.WebDriver; -import org.openqa.selenium.chrome.ChromeDriver; -import org.openqa.selenium.chrome.ChromeDriverService; -import org.openqa.selenium.chrome.ChromeOptions; -import org.openqa.selenium.support.ui.WebDriverWait; - -import java.io.File; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.regex.Pattern; - -import static com.azure.test.aad.AADTestUtils.AAD_MULTI_TENANT_CLIENT_ID; -import static com.azure.test.aad.AADTestUtils.AAD_MULTI_TENANT_CLIENT_SECRET; -import static com.azure.test.aad.AADTestUtils.AAD_TENANT_ID_1; -import static com.azure.test.aad.AADTestUtils.AAD_USER_NAME_1; -import static com.azure.test.aad.AADTestUtils.AAD_USER_PASSWORD_1; -import static org.openqa.selenium.support.ui.ExpectedConditions.presenceOfElementLocated; - -public class SeleniumTestUtils { - - static { - final String directory = "src/test/resources/driver/"; - final String chromedriverLinux = "chromedriver_linux64"; - final String chromedriverWin32 = "chromedriver_win32.exe"; - final String chromedriverMac = "chromedriver_mac64"; - String osName = System.getProperty("os.name").toLowerCase(); - Process process = null; - try { - File dir = new File(directory); - if (Pattern.matches("linux.*", osName)) { - process = Runtime.getRuntime().exec("chmod +x " + chromedriverLinux, null, dir); - process.waitFor(); - System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverLinux); - } else if (Pattern.matches("windows.*", osName)) { - System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverWin32); - } else if (Pattern.matches("mac.*", osName)) { - process = Runtime.getRuntime().exec("chmod +x " + chromedriverMac, null, dir); - process.waitFor(); - System.setProperty(ChromeDriverService.CHROME_DRIVER_EXE_PROPERTY, directory + chromedriverMac); - } else { - throw new IllegalStateException("Can not recognize osName. osName = " + System.getProperty("os.name")); - } - } catch (IllegalStateException e) { - throw e; - } catch (InterruptedException | IOException e) { - throw new RuntimeException(e); - } finally { - if (process != null) { - process.destroy(); - } - } - } - - public static Map get(AppRunner app, List endPoints) { - - Map result = new HashMap<>(); - ChromeOptions options = new ChromeOptions(); - options.addArguments("--incognito"); - options.addArguments("--headless"); - options.addArguments("--no-sandbox"); - options.addArguments("--disable-dev-shm-usage"); - WebDriver driver = new ChromeDriver(options); - WebDriverWait wait = new WebDriverWait(driver, 10); - app.start(); - try { - driver.get(app.root() + endPoints.get(0)); - wait.until(presenceOfElementLocated(By.name("loginfmt"))) - .sendKeys(System.getenv(AAD_USER_NAME_1) + Keys.ENTER); - Thread.sleep(10000); - driver.findElement(By.name("passwd")) - .sendKeys(System.getenv(AAD_USER_PASSWORD_1) + Keys.ENTER); - Thread.sleep(10000); - driver.findElement(By.cssSelector("input[type='submit']")).click(); - Thread.sleep(10000); - result.put(endPoints.get(0), driver.findElement(By.tagName("body")).getText()); - endPoints.remove(0); - for (String endPoint : endPoints) { - driver.get(app.root() + endPoint); - Thread.sleep(1000); - result.put(endPoint, driver.findElement(By.tagName("body")).getText()); - } - return result; - } catch (InterruptedException e) { - throw new RuntimeException(e); - } finally { - driver.quit(); - } - } - - public static void addProperty(AppRunner app) { - app.property("azure.activedirectory.tenant-id", System.getenv(AAD_TENANT_ID_1)); - app.property("azure.activedirectory.client-id", System.getenv(AAD_MULTI_TENANT_CLIENT_ID)); - app.property("azure.activedirectory.client-secret", System.getenv(AAD_MULTI_TENANT_CLIENT_SECRET)); - app.property("azure.activedirectory.user-group.allowed-groups", "group1"); - } - -} diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AADAccessTokenScopesIT.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AADAccessTokenScopesIT.java new file mode 100644 index 000000000000..c2afc98a9a01 --- /dev/null +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AADAccessTokenScopesIT.java @@ -0,0 +1,95 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.test.aad.selenium.access.token.scopes; + +import com.azure.test.aad.selenium.AADSeleniumITHelper; +import org.junit.Assert; +import org.junit.Test; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.util.HashMap; +import java.util.Map; +import java.util.Optional; +import java.util.Set; + +public class AADAccessTokenScopesIT { + + @Test + public void testAccessTokenScopes() throws InterruptedException { + Map arguments = new HashMap<>(); + arguments.put( + "azure.activedirectory.authorization-clients.office.scopes", + "https://manage.office.com/ActivityFeed.Read, https://manage.office.com/ActivityFeed.ReadDlp, " + + "https://manage.office.com/ServiceHealth.Read"); + arguments.put( + "azure.activedirectory.authorization-clients.graph.scopes", + "https://graph.microsoft.com/User.Read, https://graph.microsoft.com/Directory.AccessAsUser.All"); + AADSeleniumITHelper aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, arguments); + + String httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/azure"); + Assert.assertTrue(httpResponse.contains("profile")); + Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/Directory.AccessAsUser.All")); + Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/User.Read")); + + httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/graph"); + Assert.assertTrue(httpResponse.contains("profile")); + Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/Directory.AccessAsUser.All")); + Assert.assertTrue(httpResponse.contains("https://graph.microsoft.com/User.Read")); + + httpResponse = aadSeleniumITHelper.httpGet("accessTokenScopes/office"); + Assert.assertFalse(httpResponse.contains("profile")); + Assert.assertTrue(httpResponse.contains("https://manage.office.com/ActivityFeed.Read")); + Assert.assertTrue(httpResponse.contains("https://manage.office.com/ActivityFeed.ReadDlp")); + Assert.assertTrue(httpResponse.contains("https://manage.office.com/ServiceHealth.Read")); + + httpResponse = aadSeleniumITHelper.httpGet("arm"); + Assert.assertNotEquals(httpResponse, "arm"); + } + + @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) + @SpringBootApplication + @RestController + public static class DumbApp { + + @GetMapping(value = "accessTokenScopes/azure") + public Set azure( + @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient) { + return Optional.of(authorizedClient) + .map(OAuth2AuthorizedClient::getAccessToken) + .map(OAuth2AccessToken::getScopes) + .orElse(null); + } + + @GetMapping(value = "accessTokenScopes/graph") + public Set graph( + @RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient authorizedClient) { + return Optional.of(authorizedClient) + .map(OAuth2AuthorizedClient::getAccessToken) + .map(OAuth2AccessToken::getScopes) + .orElse(null); + } + + @GetMapping(value = "accessTokenScopes/office") + public Set office( + @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient authorizedClient) { + return Optional.of(authorizedClient) + .map(OAuth2AuthorizedClient::getAccessToken) + .map(OAuth2AccessToken::getScopes) + .orElse(null); + } + + @GetMapping(value = "arm") + public String arm( + @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient authorizedClient) { + return "arm"; + } + } + +} diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AccessTokenScopesIT.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AccessTokenScopesIT.java deleted file mode 100644 index bfdc6244bc10..000000000000 --- a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/access/token/scopes/AccessTokenScopesIT.java +++ /dev/null @@ -1,92 +0,0 @@ - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.azure.test.aad.selenium.access.token.scopes; - -import com.azure.test.aad.selenium.SeleniumTestUtils; -import com.azure.test.utils.AppRunner; -import org.junit.Assert; -import org.junit.Test; -import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; -import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; -import org.springframework.security.oauth2.core.OAuth2AccessToken; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RestController; - -import java.util.*; - -public class AccessTokenScopesIT { - - @Test - public void testAccessTokenScopes() { - try (AppRunner app = new AppRunner(DumbApp.class)) { - SeleniumTestUtils.addProperty(app); - app.property("azure.activedirectory.authorization-clients.office.scopes", "https://manage.office.com/ActivityFeed.Read , https://manage.office.com/ActivityFeed.ReadDlp , https://manage.office.com/ServiceHealth.Read"); - app.property("azure.activedirectory.authorization-clients.graph.scopes", "https://graph.microsoft.com/User.Read , https://graph.microsoft.com/Directory.AccessAsUser.All"); - List endPoints = new ArrayList<>(); - endPoints.add("accessTokenScopes/azure"); - endPoints.add("accessTokenScopes/office"); - endPoints.add("accessTokenScopes/graph"); - endPoints.add("accessTokenScopes/arm"); - Map result = SeleniumTestUtils.get(app, endPoints); - - Assert.assertFalse(result.get("accessTokenScopes/office").contains("profile")); - Assert.assertTrue(result.get("accessTokenScopes/office").contains("https://manage.office.com/ActivityFeed.Read")); - Assert.assertTrue(result.get("accessTokenScopes/office").contains("https://manage.office.com/ActivityFeed.ReadDlp")); - Assert.assertTrue(result.get("accessTokenScopes/office").contains("https://manage.office.com/ServiceHealth.Read")); - - Assert.assertTrue(result.get("accessTokenScopes/azure").contains("profile")); - Assert.assertTrue(result.get("accessTokenScopes/azure").contains("https://graph.microsoft.com/Directory.AccessAsUser.All")); - Assert.assertTrue(result.get("accessTokenScopes/azure").contains("https://graph.microsoft.com/User.Read")); - - Assert.assertTrue(result.get("accessTokenScopes/graph").contains("profile")); - Assert.assertTrue(result.get("accessTokenScopes/graph").contains("https://graph.microsoft.com/Directory.AccessAsUser.All")); - Assert.assertTrue(result.get("accessTokenScopes/graph").contains("https://graph.microsoft.com/User.Read")); - - Assert.assertNotEquals("error", result.get("api/arm")); - } - } - - @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) - @SpringBootApplication - @RestController - public static class DumbApp { - - @GetMapping(value = "accessTokenScopes/office") - public Set office( - @RegisteredOAuth2AuthorizedClient("office") OAuth2AuthorizedClient authorizedClient) { - return Optional.of(authorizedClient) - .map(OAuth2AuthorizedClient::getAccessToken) - .map(OAuth2AccessToken::getScopes) - .orElse(null); - } - - @GetMapping(value = "accessTokenScopes/azure") - public Set azure( - @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient) { - return Optional.of(authorizedClient) - .map(OAuth2AuthorizedClient::getAccessToken) - .map(OAuth2AccessToken::getScopes) - .orElse(null); - } - - @GetMapping(value = "accessTokenScopes/graph") - public Set graph( - @RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient authorizedClient) { - return Optional.of(authorizedClient) - .map(OAuth2AuthorizedClient::getAccessToken) - .map(OAuth2AccessToken::getScopes) - .orElse(null); - } - - @GetMapping(value = "accessTokenScopes/arm") - public String arm( - @RegisteredOAuth2AuthorizedClient("arm") OAuth2AuthorizedClient authorizedClient) { - return "error"; - } - } - -} diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/logout/AADLogoutIT.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/logout/AADLogoutIT.java new file mode 100644 index 000000000000..10253ea48cfa --- /dev/null +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/logout/AADLogoutIT.java @@ -0,0 +1,41 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.test.aad.selenium.logout; + +import com.azure.test.aad.selenium.AADSeleniumITHelper; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.http.ResponseEntity; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.security.Principal; +import java.util.Collections; + +public class AADLogoutIT { + + private static final Logger LOGGER = LoggerFactory.getLogger(AADLogoutIT.class); + + @Test + public void logoutTest() throws InterruptedException { + AADSeleniumITHelper aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, Collections.emptyMap()); + aadSeleniumITHelper.logoutTest(); + } + + @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) + @SpringBootApplication + @RestController + public static class DumbApp { + + @GetMapping(value = "/api/home") + public ResponseEntity home(Principal principal) { + LOGGER.info(((OAuth2AuthenticationToken) principal).getAuthorities().toString()); + return ResponseEntity.ok("home"); + } + } +} diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/login/AADLoginIT.java b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/role/AADRoleIT.java similarity index 60% rename from sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/login/AADLoginIT.java rename to sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/role/AADRoleIT.java index e31f95f6a53e..d21e99758cb9 100644 --- a/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/login/AADLoginIT.java +++ b/sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/role/AADRoleIT.java @@ -1,10 +1,9 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. -package com.azure.test.aad.selenium.login; +package com.azure.test.aad.selenium.role; -import com.azure.test.aad.selenium.SeleniumTestUtils; -import com.azure.test.utils.AppRunner; +import com.azure.test.aad.selenium.AADSeleniumITHelper; import org.junit.Assert; import org.junit.Test; import org.slf4j.Logger; @@ -18,30 +17,21 @@ import org.springframework.web.bind.annotation.RestController; import java.security.Principal; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; +import java.util.Collections; -public class AADLoginIT { +public class AADRoleIT { - private static final Logger LOGGER = LoggerFactory.getLogger(AADLoginIT.class); + private static final Logger LOGGER = LoggerFactory.getLogger(AADRoleIT.class); @Test - public void loginTest() { - - try (AppRunner app = new AppRunner(DumbApp.class)) { - SeleniumTestUtils.addProperty(app); - List endPoints = new ArrayList<>(); - endPoints.add("api/home"); - endPoints.add("api/group1"); - endPoints.add("api/status403"); - Map result = SeleniumTestUtils.get(app, endPoints); - Assert.assertEquals("home", result.get("api/home")); - Assert.assertEquals("group1", result.get("api/group1")); - Assert.assertNotEquals("error", result.get("api/status403")); - } - - + public void roleTest() throws InterruptedException { + AADSeleniumITHelper aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, Collections.emptyMap()); + String httpResponse = aadSeleniumITHelper.httpGet("api/home"); + Assert.assertTrue(httpResponse.contains("home")); + httpResponse = aadSeleniumITHelper.httpGet("api/group1"); + Assert.assertTrue(httpResponse.contains("group1")); + httpResponse = aadSeleniumITHelper.httpGet("api/group_fdsaliieammQiovlikIOWssIEURsafjFelasdfe"); + Assert.assertNotEquals(httpResponse, "group_fdsaliieammQiovlikIOWssIEURsafjFelasdfe"); } @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) @@ -49,22 +39,22 @@ public void loginTest() { @RestController public static class DumbApp { - @PreAuthorize("hasRole('ROLE_group1')") - @GetMapping(value = "/api/group1") - public ResponseEntity group1() { - return ResponseEntity.ok("group1"); - } - @GetMapping(value = "/api/home") public ResponseEntity home(Principal principal) { LOGGER.info(((OAuth2AuthenticationToken) principal).getAuthorities().toString()); return ResponseEntity.ok("home"); } + @PreAuthorize("hasRole('ROLE_group1')") + @GetMapping(value = "/api/group1") + public ResponseEntity group1() { + return ResponseEntity.ok("group1"); + } + @PreAuthorize("hasRole('ROLE_fdsaliieammQiovlikIOWssIEURsafjFelasdfe')") - @GetMapping(value = "/api/status403") - public ResponseEntity status403() { - return ResponseEntity.ok("error"); + @GetMapping(value = "/api/group_fdsaliieammQiovlikIOWssIEURsafjFelasdfe") + public ResponseEntity nonExistGroup() { + return ResponseEntity.ok("group_fdsaliieammQiovlikIOWssIEURsafjFelasdfe"); } } } diff --git a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapi/AADResourceServerOboConfiguration.java b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapi/AADResourceServerOboConfiguration.java index 7ee2b5e8606f..b252f971ee16 100644 --- a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapi/AADResourceServerOboConfiguration.java +++ b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapi/AADResourceServerOboConfiguration.java @@ -4,7 +4,7 @@ package com.azure.spring.aad.webapi; import com.azure.spring.aad.AADAuthorizationServerEndpoints; -import com.azure.spring.aad.webapp.AuthorizationProperties; +import com.azure.spring.aad.webapp.AuthorizationClientProperties; import com.azure.spring.autoconfigure.aad.AADAuthenticationProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; @@ -59,7 +59,7 @@ public OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository(ClientR public List createOboClients() { List result = new ArrayList<>(); for (String name : properties.getAuthorizationClients().keySet()) { - AuthorizationProperties authorizationProperties = properties.getAuthorizationClients().get(name); + AuthorizationClientProperties authorizationProperties = properties.getAuthorizationClients().get(name); ClientRegistration.Builder builder = createClientBuilder(name); builder.scope(authorizationProperties.getScopes()); result.add(builder.build()); diff --git a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java index b5b43888a8df..d0c0ef5d873b 100644 --- a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java +++ b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java @@ -92,7 +92,7 @@ private int resourceServerCount(Set scopes) { private Set authorizationCodeScopes() { Set result = accessTokenScopes(); - for (AuthorizationProperties authProperties : properties.getAuthorizationClients().values()) { + for (AuthorizationClientProperties authProperties : properties.getAuthorizationClients().values()) { if (!authProperties.isOnDemand()) { result.addAll(authProperties.getScopes()); } @@ -104,7 +104,7 @@ private Set accessTokenScopes() { Set result = Optional.of(properties) .map(AADAuthenticationProperties::getAuthorizationClients) .map(clients -> clients.get(AZURE_CLIENT_REGISTRATION_ID)) - .map(AuthorizationProperties::getScopes) + .map(AuthorizationClientProperties::getScopes) .map(Collection::stream) .orElseGet(Stream::empty) .collect(Collectors.toSet()); @@ -135,13 +135,13 @@ private List createAuthzClients() { continue; } - AuthorizationProperties authz = properties.getAuthorizationClients().get(name); + AuthorizationClientProperties authz = properties.getAuthorizationClients().get(name); result.add(createClientBuilder(name, authz)); } return result; } - private ClientRegistration createClientBuilder(String id, AuthorizationProperties authz) { + private ClientRegistration createClientBuilder(String id, AuthorizationClientProperties authz) { ClientRegistration.Builder result = createClientBuilder(id); List scopes = authz.getScopes(); if (authz.isOnDemand()) { diff --git a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationProperties.java b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationClientProperties.java similarity index 92% rename from sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationProperties.java rename to sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationClientProperties.java index 0119d47e1e42..501d1d8f5037 100644 --- a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationProperties.java +++ b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AuthorizationClientProperties.java @@ -8,7 +8,7 @@ /** * Properties for an oauth2 client. */ -public class AuthorizationProperties { +public class AuthorizationClientProperties { private List scopes; diff --git a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.java b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.java index ece94aeb6061..449a4a1b4807 100644 --- a/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.java +++ b/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.java @@ -3,7 +3,7 @@ package com.azure.spring.autoconfigure.aad; -import com.azure.spring.aad.webapp.AuthorizationProperties; +import com.azure.spring.aad.webapp.AuthorizationClientProperties; import com.nimbusds.jose.jwk.source.RemoteJWKSet; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -104,7 +104,7 @@ public class AADAuthenticationProperties { private String graphMembershipUri = "https://graph.microsoft.com/v1.0/me/memberOf"; - private Map authorizationClients = new HashMap<>(); + private Map authorizationClients = new HashMap<>(); @DeprecatedConfigurationProperty( reason = "Configuration moved to UserGroup class to keep UserGroup properties together", @@ -288,11 +288,11 @@ public void setGraphMembershipUri(String graphMembershipUri) { this.graphMembershipUri = graphMembershipUri; } - public Map getAuthorizationClients() { + public Map getAuthorizationClients() { return authorizationClients; } - public void setAuthorizationClients(Map authorizationClients) { + public void setAuthorizationClients(Map authorizationClients) { this.authorizationClients = authorizationClients; }