add user-info endpoint live test

Author: Doha2012

spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java

@@ -30,7 +30,7 @@ public void configure(final ClientDetailsServiceConfigurer clients) throws Excep
  .authorizedGrantTypes("authorization_code")
  .scopes("user_info")
  .autoApprove(true)
- .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login")
+ .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login","http://www.example.com/")
  // .accessTokenValiditySeconds(3600)
  ; // 1 hour
  }

spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java

@@ -22,7 +22,8 @@ protected void configure(HttpSecurity http) throws Exception { // @formatter:off
  .authenticated()
  .and()
  .formLogin()
- .permitAll();
+ .permitAll()
+ .and().csrf().disable();
  } // @formatter:on
 
  @Override

spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java

@@ -0,0 +1,51 @@
+package org.baeldung;
+import static org.junit.Assert.assertEquals;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+
+import io.restassured.RestAssured;
+import io.restassured.response.Response;
+
+public class UserInfoEndpointLiveTest {
+ 
+ @Test
+ public void givenAccessToken_whenAccessUserInfoEndpoint_thenSuccess() {
+ String accessToken = obtainAccessTokenUsingAuthorizationCodeFlow("john","123");
+ Response response = RestAssured.given().header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken).get("http://localhost:8081/auth/user/me");
+ 
+ assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+ assertEquals("john", response.jsonPath().get("name"));
+ }
+ 
+ private String obtainAccessTokenUsingAuthorizationCodeFlow(String username, String password) {
+ final String authServerUri = "http://localhost:8081/auth";
+ final String redirectUrl = "http://www.example.com/";
+ final String authorizeUrl = authServerUri + "/oauth/authorize?response_type=code&client_id=SampleClientId&redirect_uri=" + redirectUrl;
+ final String tokenUrl = authServerUri + "/oauth/token";
+
+ // user login
+ Response response = RestAssured.given().formParams("username", username, "password", password).post(authServerUri + "/login");
+ final String cookieValue = response.getCookie("JSESSIONID");
+ 
+ // get authorization code
+ RestAssured.given().cookie("JSESSIONID", cookieValue).get(authorizeUrl); 
+ response = RestAssured.given().cookie("JSESSIONID", cookieValue).post(authorizeUrl);
+ assertEquals(HttpStatus.FOUND.value(), response.getStatusCode());
+ final String location = response.getHeader(HttpHeaders.LOCATION);
+ final String code = location.substring(location.indexOf("code=") + 5);
+
+ // get access token
+ Map<String, String> params = new HashMap<String, String>();
+ params.put("grant_type", "authorization_code");
+ params.put("code", code);
+ params.put("client_id", "SampleClientId");
+ params.put("redirect_uri", redirectUrl);
+ response = RestAssured.given().auth().basic("SampleClientId", "secret").formParams(params).post(tokenUrl);
+ return response.jsonPath().getString("access_token");
+ }
+}