Example 26 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithScope.
@Test
public void testGetAccessTokenWithScope() throws HttpRequestMethodNotSupportedException {
when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(clientDetails);
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put("client_id", clientId);
parameters.put("scope", "read");
parameters.put("grant_type", "authorization_code");
parameters.put("code", "kJAHDFG");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
ArgumentCaptor<TokenRequest> captor = ArgumentCaptor.forClass(TokenRequest.class);
when(tokenGranter.grant(Mockito.eq("authorization_code"), captor.capture())).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.eq(clientDetails))).thenReturn(createFromParameters(parameters));
ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
assertTrue("Scope of token request not cleared", captor.getValue().getScope().isEmpty());
}
Also used :
HashMap(java.util.HashMap)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Test(org.junit.Test)
Example 27 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithSupportedRequestParametersNotPost.
@Test
public void testGetAccessTokenWithSupportedRequestParametersNotPost() throws HttpRequestMethodNotSupportedException {
endpoint.setAllowedRequestMethods(new HashSet<HttpMethod>(Arrays.asList(HttpMethod.GET)));
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put("client_id", clientId);
parameters.put("scope", "read");
parameters.put("grant_type", "authorization_code");
parameters.put("code", "kJAHDFG");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
ResponseEntity<OAuth2AccessToken> response = endpoint.getAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
HashMap(java.util.HashMap)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
HttpMethod(org.springframework.http.HttpMethod)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Test(org.junit.Test)
Example 28 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitError.
@Test
public void testImplicitError() throws Exception {
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
});
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
return null;
}
});
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
assertTrue("No error: " + result, url.contains("#error="));
assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
TokenGranter(org.springframework.security.oauth2.provider.TokenGranter)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
Test(org.junit.Test)
Example 29 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.
@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
return token;
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
});
client.setScope(Collections.singleton("read"));
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
TokenGranter(org.springframework.security.oauth2.provider.TokenGranter)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Test(org.junit.Test)
Example 30 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AuthorizationCodeTokenGranterTests method testAuthorizationCodeGrant.
@Test
public void testAuthorizationCodeGrant() {
Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
parameters.clear();
parameters.put(OAuth2Utils.CLIENT_ID, "foo");
parameters.put(OAuth2Utils.SCOPE, "scope");
OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", true, Collections.singleton("scope"));
String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
parameters.putAll(storedOAuth2Request.getRequestParameters());
parameters.put("code", code);
TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
assertTrue(providerTokenServices.loadAuthentication(token.getValue()).isAuthenticated());
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Aggregations
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)171
Test (org.junit.Test)126
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)111
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)65
Date (java.util.Date)36
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31
Authentication (org.springframework.security.core.Authentication)26
HashMap (java.util.HashMap)21
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18
DBUnitTest (org.orcid.test.DBUnitTest)17
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16
OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10
Transactional (org.springframework.transaction.annotation.Transactional)10
TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9
ModelAndView (org.springframework.web.servlet.ModelAndView)9
