diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
index b430fb70..19384bc6 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
@@ -8,6 +8,7 @@
package ch.ethz.seb.sebserver.gbl.model.user;
+import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.Locale;
@@ -36,7 +37,9 @@ import ch.ethz.seb.sebserver.webservice.datalayer.batis.model.UserRecord;
* to and from JSON within the Jackson library.
*
* This domain model is immutable and thread-save */
-public final class UserInfo {
+public final class UserInfo implements Serializable {
+
+ private static final long serialVersionUID = 2526446136264377808L;
/** The user's UUID */
@JsonProperty(USER.ATTR_UUID)
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java
index 5d9cba43..e7b9facc 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebClientDetailsService.java
@@ -8,6 +8,8 @@
package ch.ethz.seb.sebserver.webservice.weblayer.oauth;
+import java.util.Collections;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -73,9 +75,10 @@ public class WebClientDetailsService implements ClientDetailsService {
final BaseClientDetails baseClientDetails = new BaseClientDetails(
clientId,
WebResourceServerConfiguration.EXAM_API_RESOURCE_ID,
- "exam-api-read,exam-api-write",
+ null,
"client_credentials,refresh_token",
"");
+ baseClientDetails.setScope(Collections.emptySet());
baseClientDetails.setClientSecret(this.clientPasswordEncoder.encode("test"));
return baseClientDetails;
}
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
index 4e1ce13c..ecdb6cd3 100644
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@@ -8,9 +8,8 @@
+
-
-
diff --git a/src/main/resources/config/schema.sql b/src/main/resources/schema-dev.sql
similarity index 100%
rename from src/main/resources/config/schema.sql
rename to src/main/resources/schema-dev.sql
diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java
index f46e998d..510be3df 100644
--- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java
+++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/AdministrationAPIIntegrationTest.java
@@ -95,7 +95,7 @@ public class AdministrationAPIIntegrationTest {
@Test
public void getHello_givenToken_thenOK() {
try {
- final String accessToken = obtainAccessToken("user", "test");
+ final String accessToken = obtainAccessToken("admin", "admin");
final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello")
.header("Authorization", "Bearer " + accessToken))
.andExpect(status().isOk())
diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java
index b34f9a2f..417331ab 100644
--- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java
+++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPIIntegrationTest.java
@@ -9,12 +9,15 @@
package ch.ethz.seb.sebserver.webservice.integration.api;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import java.io.UnsupportedEncodingException;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -62,10 +65,15 @@ public class ExamAPIIntegrationTest {
.addFilter(this.springSecurityFilterChain).build();
}
- protected String obtainAccessToken(final String clientId, final String clientSecret) throws Exception {
+ protected String obtainAccessToken(
+ final String clientId,
+ final String clientSecret,
+ final String scope) throws Exception {
+
final MultiValueMap params = new LinkedMultiValueMap<>();
params.add("grant_type", "client_credentials");
params.add("client_id", clientId);
+ params.add("scope", scope);
final ResultActions result = this.mockMvc.perform(post("/oauth/token")
.params(params)
@@ -87,18 +95,30 @@ public class ExamAPIIntegrationTest {
}
@Test
- public void getHello_givenToken_thenOK() {
- try {
- final String accessToken = obtainAccessToken("test", "test");
- final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello")
- .header("Authorization", "Bearer " + accessToken))
- .andExpect(status().isOk())
- .andReturn().getResponse().getContentAsString();
+ public void get_same_token_for_same_scope() throws Exception {
+ final String accessToken1 = obtainAccessToken("test", "test", "testScope");
+ final String accessToken2 = obtainAccessToken("test", "test", "testScope");
- assertEquals("Hello From Exam-Web-Service", contentAsString);
- } catch (final Exception e) {
- e.printStackTrace();
- }
+ assertEquals(accessToken1, accessToken2);
+ }
+
+ @Test
+ public void get_different_tokens_for_different_scopes() throws Exception {
+ final String accessToken1 = obtainAccessToken("test", "test", "testScope1");
+ final String accessToken2 = obtainAccessToken("test", "test", "testScope2");
+
+ assertNotEquals(accessToken1, accessToken2);
+ }
+
+ @Test
+ public void getHello_givenToken_thenOK() throws UnsupportedEncodingException, Exception {
+ final String accessToken = obtainAccessToken("test", "test", "testScope");
+ final String contentAsString = this.mockMvc.perform(get(this.endpoint + "/hello")
+ .header("Authorization", "Bearer " + accessToken))
+ .andExpect(status().isOk())
+ .andReturn().getResponse().getContentAsString();
+
+ assertEquals("Hello From Exam-Web-Service", contentAsString);
}
}
diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java
index b0b60735..8d0c58eb 100644
--- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java
+++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/ExamAPITestController.java
@@ -8,8 +8,9 @@
package ch.ethz.seb.sebserver.webservice.integration.api;
-import java.security.Principal;
+import java.util.Set;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@@ -22,7 +23,9 @@ import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
public class ExamAPITestController {
@RequestMapping(value = "/hello", method = RequestMethod.GET)
- public String helloFromWebService(final Principal principal) {
+ public String helloFromWebService(final OAuth2Authentication principal) {
+ final Set scope = principal.getOAuth2Request().getScope();
+ System.out.println("OAuth 2 exam client scope is: " + scope);
return "Hello From Exam-Web-Service";
}
diff --git a/src/test/resources/application-test.properties b/src/test/resources/application-test.properties
index 5d200506..51b2c64e 100644
--- a/src/test/resources/application-test.properties
+++ b/src/test/resources/application-test.properties
@@ -6,6 +6,7 @@ spring.h2.console.enabled=true
spring.datasource.platform=h2
spring.datasource.url=jdbc:h2:mem:test;MODE=MySQL;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.platform=test
sebserver.webservice.api.admin.clientId=testClient
sebserver.webservice.api.admin.clientSecret=testClient
diff --git a/src/test/resources/data-test.sql b/src/test/resources/data-test.sql
new file mode 100644
index 00000000..ce268a85
--- /dev/null
+++ b/src/test/resources/data-test.sql
@@ -0,0 +1,13 @@
+INSERT INTO institution VALUES
+ (1, 'ETH Zürich', 'INTERNAL')
+ ;
+
+INSERT INTO user VALUES
+ (1, 1, 'internalDemoAdmin', 'Admin1', 'admin', '$2a$08$c2GKYEYoUVXH1Yb8GXVXVu66ltPvbZgLMcVSXRH.LgZNF/YeaYB8m', 'admin@nomail.nomail', '2018-01-01 00:00:00', 1, 1, 'en', 'UTC')
+ ;
+
+INSERT INTO user_role VALUES
+ (1, 1, 'SEB_SERVER_ADMIN')
+ ;
+
+
diff --git a/src/test/resources/schema-h2.sql b/src/test/resources/schema-test.sql
similarity index 100%
rename from src/test/resources/schema-h2.sql
rename to src/test/resources/schema-test.sql