Examples with OAuth2Authentication org.springframework.security.oauth2.provider.OAuth2Authentication used on opensource projects

Example 6 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class OAuth2ClientAuthenticationProcessingFilterTests method testAuthenticationWithTokenType.

@Test
public void testAuthenticationWithTokenType() throws Exception {
    filter.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);
    DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
    token.setTokenType("foo");
    Mockito.when(restTemplate.getAccessToken()).thenReturn(token);
    Set<String> scopes = new HashSet<String>();
    scopes.addAll(Arrays.asList("read", "write"));
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("client", false, scopes);
    this.authentication = new OAuth2Authentication(storedOAuth2Request, null);
    Mockito.when(tokenServices.loadAuthentication("FOO")).thenReturn(authentication);
    Authentication authentication = filter.attemptAuthentication(new MockHttpServletRequest(), null);
    assertEquals("foo", ((OAuth2AuthenticationDetails) authentication.getDetails()).getTokenType());
}

Example 7 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class TokenApprovalStoreTests method addApprovals.

@Override
protected boolean addApprovals(Collection<Approval> approvals) {
    Map<String, Map<String, Set<String>>> clientIds = new HashMap<String, Map<String, Set<String>>>();
    for (Approval approval : approvals) {
        String clientId = approval.getClientId();
        if (!clientIds.containsKey(clientId)) {
            clientIds.put(clientId, new HashMap<String, Set<String>>());
        }
        String userId = approval.getUserId();
        Map<String, Set<String>> users = clientIds.get(clientId);
        if (!users.containsKey(userId)) {
            users.put(userId, new HashSet<String>());
        }
        Set<String> scopes = users.get(userId);
        scopes.add(approval.getScope());
    }
    for (String clientId : clientIds.keySet()) {
        Map<String, Set<String>> users = clientIds.get(clientId);
        for (String userId : users.keySet()) {
            Authentication user = new UsernamePasswordAuthenticationToken(userId, "N/A", AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
            AuthorizationRequest authorizationRequest = new AuthorizationRequest();
            authorizationRequest.setClientId(clientId);
            Set<String> scopes = users.get(userId);
            authorizationRequest.setScope(scopes);
            OAuth2Request request = authorizationRequest.createOAuth2Request();
            OAuth2Authentication authentication = new OAuth2Authentication(request, user);
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
            token.setScope(scopes);
            tokenStore.storeAccessToken(token, authentication);
        }
    }
    return super.addApprovals(approvals);
}

Example 8 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class TokenStoreUserApprovalHandlerTests method testMemorizedApproval.

@Test
public void testMemorizedApproval() {
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
    parameters.put("client_id", "foo");
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(parameters, null, "foo", null, null, null, false, null, null, null);
    authorizationRequest.setApproved(false);
    TestAuthentication userAuthentication = new TestAuthentication("marissa", true);
    OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
    tokenServices.createAccessToken(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    authorizationRequest = handler.checkForPreApproval(authorizationRequest, userAuthentication);
    assertTrue(handler.isApproved(authorizationRequest, userAuthentication));
}

Example 9 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.

@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
    request.setParameter("grant_type", "password");
    Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
    TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
    filter.doFilter(request, response, chain);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    assertTrue(authentication instanceof OAuth2Authentication);
    assertFalse(authentication.isAuthenticated());
}

Example 10 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testAuthorizationCodeError.

@Test
public void testAuthorizationCodeError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices() {

        @Override
        public String createAuthorizationCode(OAuth2Authentication authentication) {
            throw new InvalidScopeException("FOO");
        }
    });
    ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("?error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}