✅ add api tests

aibama · Oct 23, 2020 · c880e6e · c880e6e
1 parent 28e199f
commit c880e6e
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 7 deletions.
diff --git a/...ization Server/src/test/java/iot/technology/oauth2/authorization/OAuth2Authorization.http b/...ization Server/src/test/java/iot/technology/oauth2/authorization/OAuth2Authorization.http
@@ -0,0 +1,13 @@
+### 使用密码模式进行授权
+POST http://localhost:8080/oauth/token
+Authorization: Basic clientapp 123456
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=password&username=iot&password=1024
+
+### 校验访问令牌的有效性
+POST http://localhost:8080/oauth/check_token
+Authorization: Basic clientapp 123456
+Content-Type: application/x-www-form-urlencoded
+
+token=67480870-0ddc-43a8-9a4e-2cbc657bf6f5
diff --git a/...ource/src/main/java/iot/technology/oauth2/resource/config/OAuth2ResourceServerConfig.java b/...ource/src/main/java/iot/technology/oauth2/resource/config/OAuth2ResourceServerConfig.java
@@ -18,12 +18,6 @@ public void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
                 // 设置 /login 无需权限访问
                 .antMatchers("/login").permitAll()
-                // 设置 /client-login 无需权限访问
-                .antMatchers("/client-login").permitAll()
-                /// 设置 /callback 无需权限访问
-                .antMatchers("/callback").permitAll()
-                // 设置 /callback02 无需权限访问
-                .antMatchers("/callback02").permitAll()
                 // 设置其它请求，需要认证后访问
                 .anyRequest().authenticated()
         ;

diff --git a/...2.0-Resource/src/main/java/iot/technology/oauth2/resource/controller/LoginController.java b/...2.0-Resource/src/main/java/iot/technology/oauth2/resource/controller/LoginController.java
@@ -1,5 +1,6 @@
 package iot.technology.oauth2.resource.controller;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
@@ -19,6 +20,7 @@
 @RequestMapping("/")
 public class LoginController {
 
+    @Autowired
     private OAuth2ClientProperties oAuth2ClientProperties;
 
     @Value("${security.oauth2.access-token-uri}")

diff --git a/IOT-Guide-OAuth2.0-Resource/src/main/resources/application.yml b/IOT-Guide-OAuth2.0-Resource/src/main/resources/application.yml
@@ -6,7 +6,7 @@ security:
     # OAuth2 Client 配置，对应 OAuth2ClientProperties 类
     client:
       client-id: clientapp
-      client-secret: 112233
+      client-secret: 123456
     # OAuth2 Resource 配置，对应 ResourceServerProperties 类
     resource:
       token-info-uri: http://127.0.0.1:8080/oauth/check_token # 获得 Token 信息的 URL

diff --git a/IOT-Guide-OAuth2.0-Resource/src/test/java/iot/technology/oauth2/resource/OAuth2Resource.http b/IOT-Guide-OAuth2.0-Resource/src/test/java/iot/technology/oauth2/resource/OAuth2Resource.http
@@ -0,0 +1,9 @@
+### 使用用户的用户名和密码进行登录
+POST localhost:9090/login
+Content-Type: application/x-www-form-urlencoded
+
+password=1024&username=iot
+
+### 带访问令牌，则请求会被通过
+GET localhost:9090/api/example/hello
+Authorization: Bearer 6411631e-ed0d-46ab-a37c-d63b676f9169