SECOAUTH-400: add integration test for scope in implicit grant

samples/oauth2/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -154,7 +154,7 @@
 		<oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
 			authorities="ROLE_CLIENT" />
 		<oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
-			authorities="ROLE_CLIENT" />
+			authorities="ROLE_CLIENT" scope="read,write,trust" />
 		<oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
 			authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
 		<oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"

samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/ServerRunning.java

@@ -80,7 +80,7 @@ public class ServerRunning implements MethodRule, RestTemplateHolder {
 	private String hostName = DEFAULT_HOST;
 
 	private RestOperations client;
-
+	
 	/**
 	 * @return a new rule that assumes an existing running broker
 	 */
@@ -182,7 +182,7 @@ public void evaluate() throws Throwable {
 		};
 
 	}
-
+	
 	public String getBaseUrl() {
 		return "http://" + hostName + ":" + port;
 	}

samples/oauth2/sparklr/src/test/java/org/springframework/security/oauth2/provider/TestImplicitProvider.java

@@ -2,18 +2,26 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.io.IOException;
 import java.util.Arrays;
 
 import org.junit.Rule;
 import org.junit.Test;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
 import org.springframework.security.oauth2.client.test.BeforeOAuth2Context;
 import org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration;
 import org.springframework.security.oauth2.client.test.OAuth2ContextSetup;
+import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
 import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitResourceDetails;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
@@ -32,6 +40,8 @@ public class TestImplicitProvider {
 
 	private String cookie;
 
+	private HttpHeaders latestHeaders = null;
+
 	@BeforeOAuth2Context
 	public void loginAndExtractCookie() {
 
@@ -59,8 +69,21 @@ public void testRedirectRequiredForAuthentication() throws Exception {
 	@Test
 	@OAuth2ContextConfiguration(resource = AutoApproveImplicit.class, initialize = false)
 	public void testPostForAutomaticApprovalToken() throws Exception {
+		final ImplicitAccessTokenProvider implicitProvider = new ImplicitAccessTokenProvider();
+		implicitProvider.setInterceptors(Arrays
+				.<ClientHttpRequestInterceptor> asList(new ClientHttpRequestInterceptor() {
+					public ClientHttpResponse intercept(HttpRequest request, byte[] body,
+							ClientHttpRequestExecution execution) throws IOException {
+						ClientHttpResponse result = execution.execute(request, body);
+						latestHeaders = result.getHeaders();
+						return result;
+					}
+				}));
+		context.setAccessTokenProvider(implicitProvider);
 		context.getAccessTokenRequest().setCookie(cookie);
 		assertNotNull(context.getAccessToken());
+		assertTrue("Wrong location header: " + latestHeaders.getLocation().getFragment(), latestHeaders.getLocation().getFragment()
+				.contains("scope=read trust write"));
 	}
 
 	@Test
@@ -83,7 +106,6 @@ static class AutoApproveImplicit extends ImplicitResourceDetails {
 		public AutoApproveImplicit(Object target) {
 			super();
 			setClientId("my-less-trusted-autoapprove-client");
-			setScope(Arrays.asList("read"));
 			setId(getClientId());
 			setPreEstablishedRedirectUri("http://anywhere");
 			TestImplicitProvider test = (TestImplicitProvider) target;

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/token/OAuth2AccessTokenSupport.java

@@ -13,6 +13,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.client.ClientHttpRequest;
 import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.http.converter.FormHttpMessageConverter;
@@ -56,6 +57,15 @@ public abstract class OAuth2AccessTokenSupport {
 
 	private ResponseErrorHandler responseErrorHandler = new AccessTokenErrorHandler();
 
+	private List<ClientHttpRequestInterceptor> interceptors = new ArrayList<ClientHttpRequestInterceptor>();
+
+	/**
+	 * Sets the request interceptors that this accessor should use.
+	 */
+	public void setInterceptors(List<ClientHttpRequestInterceptor> interceptors) {
+		this.interceptors = interceptors;
+	}
+
 	private ClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory() {
 		@Override
 		protected void prepareConnection(HttpURLConnection connection, String httpMethod)
@@ -72,6 +82,7 @@ protected RestOperations getRestTemplate() {
 					RestTemplate restTemplate = new RestTemplate();
 					restTemplate.setErrorHandler(getResponseErrorHandler());
 					restTemplate.setRequestFactory(requestFactory);
+					restTemplate.setInterceptors(interceptors);
 					this.restTemplate = restTemplate;
 				}
 			}