Log in
Log in
Log in
Book a Demo
Get Started
630.1K 456.7K 7.8K
Back to Repositories

Testing OAuth2 Resource Server Authentication in spring-boot-demo

This test suite validates OAuth2 authentication functionality in a Spring Boot resource server implementation. It focuses on testing access token generation and validation using password grant type authentication.

Test Coverage Overview

The test suite provides coverage for OAuth2 authentication flow verification.

Key areas tested include:
  • Access token generation with valid credentials
  • Resource owner password credentials grant type
  • OAuth2 client configuration validation

Implementation Analysis

The testing approach utilizes JUnit 5 with Spring Security OAuth2 client libraries. The implementation follows a modular pattern with a helper method for OAuth2RestTemplate configuration, enabling clean and reusable test setup.

Technical implementation includes:
  • ResourceOwnerPasswordResourceDetails configuration
  • OAuth2RestTemplate setup and initialization
  • Token endpoint interaction verification

Technical Details

Testing tools and configuration:
  • JUnit Jupiter test framework
  • Spring Security OAuth2 client
  • OAuth2RestTemplate for token requests
  • Local authorization server (http://127.0.0.1:8080)
  • Predefined client credentials (oauth2/oauth2)

Best Practices Demonstrated

The test implementation showcases several testing best practices for OAuth2 authentication.

Notable practices include:
  • Separation of concerns with helper methods
  • Clear test method naming conventions
  • Explicit assertion statements
  • Modular credential management
  • Scope-based access control testing

xkcoding/spring-boot-demo

demo-oauth/oauth-resource-server/src/test/java/com/xkcoding/oauth/AuthorizationTest.java

            
package com.xkcoding.oauth;

import org.junit.jupiter.api.Test;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;

import java.util.Collections;
import java.util.List;

import static org.junit.jupiter.api.Assertions.assertNotNull;

/**
 * .
 *
 * @author <a href="https://echocow.cn">EchoCow</a>
 * @date 2020-01-09  15:44
 */
public class AuthorizationTest {
    public static final String AUTHORIZATION_SERVER = "http://127.0.0.1:8080";

    protected OAuth2RestTemplate oauth2RestTemplate(String username, String password, List<String> scope) {
        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
        resource.setAccessTokenUri(AUTHORIZATION_SERVER + "/oauth/token");
        resource.setClientId("oauth2");
        resource.setClientSecret("oauth2");
        resource.setId("oauth2");
        resource.setScope(scope);
        resource.setUsername(username);
        resource.setPassword(password);
        return new OAuth2RestTemplate(resource);
    }

    @Test
    void testAccessTokenWhenPassed() {
        assertNotNull(oauth2RestTemplate("admin", "123456", Collections.singletonList("READ")).getAccessToken());
    }
}