Improve brittle tests using opaque token introspection

The tests that went through opaque token introspection rely on mocking
a specific method in the RestOperations interface which is very brittle
and hampers the ability to refactor internals.

They are changed to instead make actual HTTP requests to a MockWebServer
instead allowing refactoring changes. This is necessary to allow the
implementation to be swapped from NimbusOpaqueTokenIntrospector to
SpringOpaqueTokenIntrospector because the latter uses
RestOperations#exchange(String, ParameterizedType) instead of
RestOperations#exchange(String, String) of the former.

Signed-off-by: Andreas Svanberg <[email protected]>

Author: asvanberg

config/src/test/java/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests.java

@@ -99,6 +99,7 @@
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestOperations;
+import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -659,8 +660,8 @@ public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToke
 
 	@Test
 	public void getWhenIntrospectingThenOk() throws Exception {
-		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
-		mockRestOperations(json("Active"));
+		this.spring.configLocations(xml("OpaqueTokenWebServer"), xml("OpaqueToken")).autowire();
+		mockWebServer(json("Active"));
 		// @formatter:off
 		this.mvc.perform(get("/authenticated").header("Authorization", "Bearer token"))
 				.andExpect(status().isNotFound());
@@ -669,9 +670,9 @@ public void getWhenIntrospectingThenOk() throws Exception {
 
 	@Test
 	public void configureWhenIntrospectingWithAuthenticationConverterThenUses() throws Exception {
-		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueTokenAndAuthenticationConverter"))
+		this.spring.configLocations(xml("OpaqueTokenWebServer"), xml("OpaqueTokenAndAuthenticationConverter"))
 			.autowire();
-		mockRestOperations(json("Active"));
+		mockWebServer(json("Active"));
 		OpaqueTokenAuthenticationConverter converter = bean(OpaqueTokenAuthenticationConverter.class);
 		given(converter.convert(any(), any())).willReturn(new TestingAuthenticationToken("user", "pass", "app"));
 		// @formatter:off
@@ -683,8 +684,8 @@ public void configureWhenIntrospectingWithAuthenticationConverterThenUses() thro
 
 	@Test
 	public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
-		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
-		mockRestOperations(json("Inactive"));
+		this.spring.configLocations(xml("OpaqueTokenWebServer"), xml("OpaqueToken")).autowire();
+		mockWebServer(json("Inactive"));
 		// @formatter:off
 		MockHttpServletRequestBuilder request = get("/")
 				.header("Authorization", "Bearer token");
@@ -696,8 +697,8 @@ public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 
 	@Test
 	public void getWhenIntrospectionLacksScopeThenForbidden() throws Exception {
-		this.spring.configLocations(xml("OpaqueTokenRestOperations"), xml("OpaqueToken")).autowire();
-		mockRestOperations(json("ActiveNoScopes"));
+		this.spring.configLocations(xml("OpaqueTokenWebServer"), xml("OpaqueToken")).autowire();
+		mockWebServer(json("ActiveNoScopes"));
 		// @formatter:off
 		this.mvc.perform(get("/requires-read-scope").header("Authorization", "Bearer token"))
 				.andExpect(status().isForbidden())
@@ -1028,20 +1029,20 @@ public void setRest(RestOperations rest) {
 
 	static class OpaqueTokenIntrospectorFactoryBean implements FactoryBean<OpaqueTokenIntrospector> {
 
-		private RestOperations rest;
+		private String introspectionUri;
 
 		@Override
 		public OpaqueTokenIntrospector getObject() throws Exception {
-			return new NimbusOpaqueTokenIntrospector("https://idp.example.org", this.rest);
+			return new NimbusOpaqueTokenIntrospector(this.introspectionUri, new RestTemplate());
 		}
 
 		@Override
 		public Class<?> getObjectType() {
 			return OpaqueTokenIntrospector.class;
 		}
 
-		public void setRest(RestOperations rest) {
-			this.rest = rest;
+		public void setIntrospectionUri(String introspectionUri) {
+			this.introspectionUri = introspectionUri;
 		}
 
 	}

config/src/test/resources/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenRestOperations.xml renamed to config/src/test/resources/org/springframework/security/config/http/OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenWebServer.xml

@@ -21,12 +21,10 @@
 		 xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd
 		http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<b:bean name="rest" class="org.mockito.Mockito" factory-method="mock">
-		<b:constructor-arg value="org.springframework.web.client.RestOperations" type="java.lang.Class"/>
-	</b:bean>
-
 	<b:bean name="introspector"
 			class="org.springframework.security.config.http.OAuth2ResourceServerBeanDefinitionParserTests$OpaqueTokenIntrospectorFactoryBean">
-		<b:property name="rest" ref="rest"/>
+		<b:property name="introspectionUri" value="${introspection-uri}"/>
 	</b:bean>
+
+	<b:import resource="OAuth2ResourceServerBeanDefinitionParserTests-WebServer.xml"/>
 </b:beans>