Examples with UsernamePasswordAuthenticationToken org.springframework.security.authentication.UsernamePasswordAuthenticationToken used on opensource projects

Example 36 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesWithOr.

@Test
public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_CLIENT"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass", AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('write') or #oauth2.isUser()");
    assertTrue((Boolean) expression.getValue(context));
}

Example 37 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationCodeGrant.

@Test
public void testAuthorizationCodeGrant() {
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    parameters.clear();
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    parameters.put(OAuth2Utils.SCOPE, "scope");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", true, Collections.singleton("scope"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    parameters.putAll(storedOAuth2Request.getRequestParameters());
    parameters.put("code", code);
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
    assertTrue(providerTokenServices.loadAuthentication(token.getValue()).isAuthenticated());
}

Example 38 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationRequestPreserved.

@Test
public void testAuthorizationRequestPreserved() {
    parameters.clear();
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    parameters.put(OAuth2Utils.SCOPE, "read");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("read"), Collections.singleton("resource"), null, null, null);
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    parameters.put("code", code);
    // Ensure even if token request asks for more scope they are not granted
    parameters.put(OAuth2Utils.SCOPE, "read write");
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
    OAuth2Request finalRequest = providerTokenServices.loadAuthentication(token.getValue()).getOAuth2Request();
    assertEquals("[read]", finalRequest.getScope().toString());
    assertEquals("[resource]", finalRequest.getResourceIds().toString());
    assertTrue(finalRequest.isApproved());
}

Example 39 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testUnauthenticated.

@Test(expected = InvalidGrantException.class)
public void testUnauthenticated() {
    validUser = new UsernamePasswordAuthenticationToken("foo", "bar");
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(authenticationManager, providerTokenServices, clientDetailsService, requestFactory);
    granter.grant("password", tokenRequest);
}

Example 40 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class DefaultAuthorizationRequestFactoryTests method testCreateAuthorizationRequestWhenUserNotPermitted.

@Test
public void testCreateAuthorizationRequestWhenUserNotPermitted() {
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "N/A", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_BAR")));
    factory.setCheckUserScopes(true);
    client.setScope(Collections.singleton("foo"));
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[]", request.getScope().toString());
}