Example 96 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.
the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenTest.
@Test
public void createRefreshTokenTest() {
// Create token, create refresh, parent should be disabled, scopes
// should be equal
long time = System.currentTimeMillis();
String scope = "/activities/update";
String tokenValue = "parent-token-" + time;
String refreshTokenValue = "refresh-token-" + time;
Boolean revokeOld = null;
Date parentTokenExpiration = new Date(time + 10000);
Long expireIn = null;
OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, scope);
OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, scope);
assertNotNull(refresh);
OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
assertNotNull(parentToken);
assertEquals(tokenValue, parentToken.getTokenValue());
assertTrue(parentToken.getTokenDisabled());
assertEquals(scope, parentToken.getScope());
assertNotNull(parentToken.getTokenExpiration());
OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
assertNotNull(refreshToken);
assertNotNull(refreshToken.getTokenValue());
assertNotNull(refreshToken.getRefreshTokenValue());
assertFalse(refreshToken.getTokenDisabled());
assertEquals(scope, refreshToken.getScope());
assertNotNull(refreshToken.getTokenExpiration());
assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Date(java.util.Date)
OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 97 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.
the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParent.
@Test
public void createRefreshTokenWithoutRevokeParent() {
// Create token, create refresh without disabling parent token, parent
// should be enabled, refresh should be enabled
long time = System.currentTimeMillis();
String parentScope = "/activities/update /read-limited";
String tokenValue = "parent-token-" + time;
String refreshTokenValue = "refresh-token-" + time;
Boolean revokeOld = false;
Date parentTokenExpiration = new Date(time + 10000);
Long expireIn = null;
OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn);
assertNotNull(refresh);
OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
assertNotNull(parentToken);
assertEquals(tokenValue, parentToken.getTokenValue());
assertFalse(parentToken.getTokenDisabled());
assertNotNull(parentToken.getTokenExpiration());
OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
assertNotNull(refreshToken);
assertNotNull(refreshToken.getTokenValue());
assertNotNull(refreshToken.getRefreshTokenValue());
assertFalse(refreshToken.getTokenDisabled());
assertNotNull(refreshToken.getTokenExpiration());
assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
assertEquals(parentToken.getScope(), refreshToken.getScope());
Set<String> tokenScopes = OAuth2Utils.parseParameterList(parentToken.getScope());
Set<String> originalScopes = OAuth2Utils.parseParameterList(parentScope);
assertEquals(originalScopes, tokenScopes);
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Date(java.util.Date)
OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 98 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.
the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes.
@Test
public void createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes() {
// Create token, create refresh with narrower scopes and without
// disabling parent token, parent should work, refresh should have
// narrower scopes
long time = System.currentTimeMillis();
String parentScope = "/person/read-limited";
String refreshScope = "/orcid-bio/read-limited";
String tokenValue = "parent-token-" + time;
String refreshTokenValue = "refresh-token-" + time;
Boolean revokeOld = false;
Date parentTokenExpiration = new Date(time + 10000);
Long expireIn = null;
OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, refreshScope);
assertNotNull(refresh);
OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
assertNotNull(parentToken);
assertEquals(tokenValue, parentToken.getTokenValue());
assertFalse(parentToken.getTokenDisabled());
assertEquals(parentScope, parentToken.getScope());
assertNotNull(parentToken.getTokenExpiration());
OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
assertNotNull(refreshToken);
assertNotNull(refreshToken.getTokenValue());
assertNotNull(refreshToken.getRefreshTokenValue());
assertFalse(refreshToken.getTokenDisabled());
assertEquals(refreshScope, refreshToken.getScope());
assertNotNull(refreshToken.getTokenExpiration());
assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Date(java.util.Date)
OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)
DBUnitTest(org.orcid.test.DBUnitTest)
Test(org.junit.Test)
Example 99 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AbstractClientCredentialsProviderTests method testPostForTokenWithNoScopes.
/**
* tests that the registered scopes are used as defaults
*/
@Test
@OAuth2ContextConfiguration(NoScopeClientCredentials.class)
public void testPostForTokenWithNoScopes() throws Exception {
OAuth2AccessToken token = context.getAccessToken();
assertFalse("Wrong scope: " + token.getScope(), token.getScope().isEmpty());
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 100 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AbstractRefreshTokenSupportTests method getAccessToken.
private OAuth2AccessToken getAccessToken(String scope, String clientId) throws Exception {
MultiValueMap<String, String> formData = getTokenFormData(scope, clientId);
HttpHeaders headers = getTokenHeaders(clientId);
@SuppressWarnings("rawtypes") ResponseEntity<Map> response = http.postForMap(tokenPath(), headers, formData);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertTrue("Wrong cache control: " + response.getHeaders().getFirst("Cache-Control"), response.getHeaders().getFirst("Cache-Control").contains("no-store"));
@SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
return accessToken;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
MultiValueMap(org.springframework.util.MultiValueMap)
Map(java.util.Map)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
Aggregations
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)171
Test (org.junit.Test)126
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)111
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)65
Date (java.util.Date)36
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31
Authentication (org.springframework.security.core.Authentication)26
HashMap (java.util.HashMap)21
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18
DBUnitTest (org.orcid.test.DBUnitTest)17
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16
OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10
Transactional (org.springframework.transaction.annotation.Transactional)10
TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9
ModelAndView (org.springframework.web.servlet.ModelAndView)9
