首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Reliable Error State Tests

Some of Resource Server Configurer's tests were relying on specific
error messaging from Nimbus and from the JDK, which makes them
brittle.

These tests now simply confirm that resource server responses
contain the correct error state without relying on specific wording
outside of our control.
Josh Cummings 7 年之前
父节点
d595098823
当前提交
a9bc384b48
共有 1 个文件被更改,包括 30 次插入18 次删除
分列视图 显示文件统计
  1. 30 18
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

+ 30 - 18
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
查看文件 

@@ -25,6 +25,10 @@ import javax.annotation.PreDestroy;
 
 
 import okhttp3.mockwebserver.MockResponse;
 
 import okhttp3.mockwebserver.MockWebServer;
 
+import org.hamcrest.core.AllOf;
 
+import org.hamcrest.core.StringContains;
 
+import org.hamcrest.core.StringEndsWith;
 
+import org.hamcrest.core.StringStartsWith;
 
 import org.junit.Rule;
 
 import org.junit.Test;
 
 
@@ -115,7 +119,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 
 		this.mvc.perform(get("/").with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Expired JWT"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 
 	}
 
 
 	@Test
 
@@ -141,8 +145,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 
 		this.mvc.perform(get("/").with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
 
-						"Couldn't retrieve remote JWK set: Connection refused (Connection refused)"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 
 	}
 
 
 	@Test
 
@@ -166,8 +169,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 
 		this.mvc.perform(get("/").with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
 
-						"Malformed payload"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload"));
 
 	}
 
 
 	@Test
 
@@ -192,8 +194,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 
 		this.mvc.perform(get("/").with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
 
-						"JWT before use time"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 
 	}
 
 
 	@Test
 
@@ -313,8 +314,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		this.mvc.perform(get("/")
 
 				.with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: " +
 
-						"Signed JWT rejected: Another algorithm expected, or no matching key(s) found"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 
 	}
 
 
 	@Test
 
@@ -456,7 +456,7 @@ public class OAuth2ResourceServerConfigurerTests {
 
 		this.mvc.perform(post("/authenticated")
 
 				.with(bearerToken(token)))
 
 				.andExpect(status().isUnauthorized())
 
-				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Expired JWT"));
 
+				.andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt"));
 
 	}
 
 
 	// -- Resource Server should not create sessions
 
@@ -785,17 +785,29 @@ public class OAuth2ResourceServerConfigurerTests {
 
 	}
 
 
 	private static ResultMatcher invalidRequestHeader(String message) {
 
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
 
-				"error=\"invalid_request\", " +
 
-				"error_description=\"" + message + "\", " +
 
-				"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
 
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
 
+				AllOf.allOf(
 
+						new StringStartsWith("Bearer " +
 
+								"error=\"invalid_request\", " +
 
+								"error_description=\""),
 
+						new StringContains(message),
 
+						new StringEndsWith(", " +
 
+								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
 
+						)
 
+				);
 
 	}
 
 
 	private static ResultMatcher invalidTokenHeader(String message) {
 
-		return header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer " +
 
-					"error=\"invalid_token\", " +
 
-					"error_description=\"" + message + "\", " +
 
-					"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"");
 
+		return header().string(HttpHeaders.WWW_AUTHENTICATE,
 
+				AllOf.allOf(
 
+						new StringStartsWith("Bearer " +
 
+								"error=\"invalid_token\", " +
 
+								"error_description=\""),
 
+						new StringContains(message),
 
+						new StringEndsWith(", " +
 
+								"error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\"")
 
+				)
 
+		);
 
 	}
 
 
 	private static ResultMatcher insufficientScopeHeader(String scope) {