Examples with GrantTypeEnum com.hw.helper.GrantTypeEnum used on opensource projects

Search in sources :

Example 1 with GrantTypeEnum

use of com.hw.helper.GrantTypeEnum in project mt-auth by publicdevop2019.

the class RefreshTokenTest method refresh_token_should_have_exp.

@Test
public void refresh_token_should_have_exp() {
    // create client supports refresh token
    Client clientRaw = ClientUtility.getClientRaw();
    String clientSecret = clientRaw.getClientSecret();
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientRaw.setResourceIds(Collections.singleton(AppConstant.CLIENT_ID_OAUTH2_ID));
    clientRaw.setGrantTypeEnums(enums);
    clientRaw.setTypes(new HashSet<>(List.of(ClientType.FIRST_PARTY)));
    clientRaw.setAccessTokenValiditySeconds(60);
    clientRaw.setRefreshTokenValiditySeconds(1000);
    ResponseEntity<String> client = ClientUtility.createClient(clientRaw);
    String clientId = client.getHeaders().getLocation().toString();
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    OAuth2RefreshToken refreshToken = jwtPasswordWithClient.getBody().getRefreshToken();
    String jwt = refreshToken.getValue();
    String jwtBody;
    try {
        jwtBody = jwt.split("\\.")[1];
    } catch (ArrayIndexOutOfBoundsException ex) {
        throw new IllegalArgumentException("malformed jwt token");
    }
    Base64.Decoder decoder = Base64.getDecoder();
    byte[] decode = decoder.decode(jwtBody);
    String s = new String(decode);
    Integer exp;
    try {
        Map<String, Object> var0 = TestContext.mapper.readValue(s, new TypeReference<Map<String, Object>>() {
        });
        exp = (Integer) var0.get("exp");
    } catch (IOException e) {
        throw new IllegalArgumentException("unable to find authorities in authorization header");
    }
    Assert.assertNotNull(exp);
}
Also used : OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) Base64(java.util.Base64) IOException(java.io.IOException) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) Map(java.util.Map) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with GrantTypeEnum

use of com.hw.helper.GrantTypeEnum in project mt-auth by publicdevop2019.

the class RefreshTokenTest method refresh_token_should_work.

@Test
public void refresh_token_should_work() throws InterruptedException {
    // create client supports refresh token
    Client clientRaw = ClientUtility.getClientRaw();
    String clientSecret = clientRaw.getClientSecret();
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientRaw.setResourceIds(Collections.singleton(AppConstant.CLIENT_ID_OAUTH2_ID));
    clientRaw.setGrantTypeEnums(enums);
    clientRaw.setTypes(new HashSet<>(List.of(ClientType.BACKEND_APP)));
    clientRaw.setAccessTokenValiditySeconds(60);
    clientRaw.setRefreshTokenValiditySeconds(1000);
    ResponseEntity<String> client = ClientUtility.createClient(clientRaw);
    String clientId = client.getHeaders().getLocation().toString();
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, AppConstant.ACCOUNT_USERNAME_ADMIN, AppConstant.ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // spring cloud gateway add 60S leeway
    Thread.sleep(60000 + 60000 + 2000);
    // access access token should expire
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // get access token with refresh token
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("scope", "not_used");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    headers2.setContentType(MediaType.MULTIPART_FORM_DATA);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange1 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    // use new access token for api call
    HttpHeaders headers3 = new HttpHeaders();
    headers3.setBearerAuth(exchange1.getBody().getValue());
    HttpEntity<String> request3 = new HttpEntity<>(null, headers3);
    ResponseEntity<SumTotal<User>> exchange3 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request3, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with GrantTypeEnum

use of com.hw.helper.GrantTypeEnum in project mt-auth by publicdevop2019.

the class ClientTest method create_resource_client_and_client_which_access_it_then_resource_client_is_not_accessible.

@Test
public void create_resource_client_and_client_which_access_it_then_resource_client_is_not_accessible() throws InterruptedException {
    Client clientAsResource = ClientUtility.getClientAsResource();
    ResponseEntity<String> client = ClientUtility.createClient(clientAsResource);
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    String resourceClientId = client.getHeaders().getLocation().toString();
    Client clientAsNonResource = ClientUtility.getClientAsNonResource(resourceClientId, CLIENT_ID_OAUTH2_ID);
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientAsNonResource.setGrantTypeEnums(enums);
    clientAsNonResource.setRefreshTokenValiditySeconds(120);
    ResponseEntity<String> client1 = ClientUtility.createClient(clientAsNonResource);
    Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
    String clientId = client1.getHeaders().getLocation().toString();
    String clientSecret = clientAsNonResource.getClientSecret();
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // clientAsNonResource can access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // update resource client to remove access
    clientAsResource.setResourceIndicator(false);
    ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    String bearer = tokenResponse.getBody().getValue();
    String url4 = UrlUtility.getAccessUrl(CLIENTS + "/" + resourceClientId);
    HttpHeaders headers4 = new HttpHeaders();
    headers4.setBearerAuth(bearer);
    HttpEntity<Client> request4 = new HttpEntity<>(clientAsResource, headers4);
    ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url4, HttpMethod.PUT, request4, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    Thread.sleep(10000);
    // clientAsNonResource can not access endpoint both access token
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // even refresh token will not work
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange4 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange4.getStatusCode());
    // get new jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient3 = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient3.getStatusCode());
    // clientAsNonResource can access endpoint again
    HttpHeaders headers5 = new HttpHeaders();
    headers5.setBearerAuth(jwtPasswordWithClient3.getBody().getValue());
    HttpEntity<String> request5 = new HttpEntity<>(null, headers5);
    ResponseEntity<SumTotal<User>> exchange5 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request5, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange5.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with GrantTypeEnum

use of com.hw.helper.GrantTypeEnum in project mt-auth by publicdevop2019.

the class ClientTest method create_resource_client_and_client_which_access_it_then_delete_resource_client.

@Test
public void create_resource_client_and_client_which_access_it_then_delete_resource_client() throws InterruptedException {
    Client clientAsResource = ClientUtility.getClientAsResource();
    clientAsResource.setName("resource client");
    ResponseEntity<String> client = ClientUtility.createClient(clientAsResource);
    Assert.assertEquals(HttpStatus.OK, client.getStatusCode());
    String resourceClientId = client.getHeaders().getLocation().toString();
    Client clientAsNonResource = ClientUtility.getClientAsNonResource(resourceClientId, CLIENT_ID_OAUTH2_ID);
    HashSet<GrantTypeEnum> enums = new HashSet<>();
    enums.add(GrantTypeEnum.PASSWORD);
    enums.add(GrantTypeEnum.REFRESH_TOKEN);
    clientAsNonResource.setGrantTypeEnums(enums);
    clientAsNonResource.setRefreshTokenValiditySeconds(120);
    clientAsNonResource.setName("non resource client");
    ResponseEntity<String> client1 = ClientUtility.createClient(clientAsNonResource);
    Assert.assertEquals(HttpStatus.OK, client1.getStatusCode());
    String clientId = client1.getHeaders().getLocation().toString();
    String clientSecret = clientAsNonResource.getClientSecret();
    // get jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient.getStatusCode());
    // clientAsNonResource can access endpoint
    String url = UrlUtility.getAccessUrl(USER_MNGMT);
    HttpHeaders headers = new HttpHeaders();
    headers.setBearerAuth(jwtPasswordWithClient.getBody().getValue());
    HttpEntity<String> request = new HttpEntity<>(null, headers);
    ResponseEntity<SumTotal<User>> exchange = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange.getStatusCode());
    // delete resource client
    ResponseEntity<DefaultOAuth2AccessToken> tokenResponse = UserUtility.login(ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    String bearer = tokenResponse.getBody().getValue();
    String url4 = UrlUtility.getAccessUrl(CLIENTS + "/" + resourceClientId);
    HttpHeaders headers4 = new HttpHeaders();
    headers4.setBearerAuth(bearer);
    HttpEntity<String> request4 = new HttpEntity<>(null, headers4);
    ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url4, HttpMethod.DELETE, request4, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    Thread.sleep(10000);
    // clientAsNonResource should not have removed client
    String url5 = UrlUtility.getAccessUrl(CLIENTS + "/" + clientId);
    ResponseEntity<Client> exchange3 = TestContext.getRestTemplate().exchange(url5, HttpMethod.GET, request4, Client.class);
    Assert.assertEquals(HttpStatus.OK, exchange3.getStatusCode());
    Set<String> resourceIds = exchange3.getBody().getResourceIds();
    Assert.assertEquals(1, resourceIds.size());
    // clientAsNonResource can not access endpoint both access token
    ResponseEntity<SumTotal<User>> exchange2 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange2.getStatusCode());
    // even refresh token will not work
    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
    params.add("grant_type", "refresh_token");
    params.add("refresh_token", jwtPasswordWithClient.getBody().getRefreshToken().getValue());
    HttpHeaders headers2 = new HttpHeaders();
    headers2.setBasicAuth(clientId, clientSecret);
    HttpEntity<MultiValueMap<String, String>> request2 = new HttpEntity<>(params, headers2);
    ResponseEntity<DefaultOAuth2AccessToken> exchange4 = TestContext.getRestTemplate().exchange(PROXY_URL_TOKEN, HttpMethod.POST, request2, DefaultOAuth2AccessToken.class);
    Assert.assertEquals(HttpStatus.UNAUTHORIZED, exchange4.getStatusCode());
    // get new jwt
    ResponseEntity<DefaultOAuth2AccessToken> jwtPasswordWithClient3 = OAuth2Utility.getOAuth2PasswordToken(clientId, clientSecret, ACCOUNT_USERNAME_ADMIN, ACCOUNT_PASSWORD_ADMIN);
    Assert.assertEquals(HttpStatus.OK, jwtPasswordWithClient3.getStatusCode());
    // clientAsNonResource can access endpoint again
    HttpHeaders headers5 = new HttpHeaders();
    headers5.setBearerAuth(jwtPasswordWithClient3.getBody().getValue());
    HttpEntity<String> request5 = new HttpEntity<>(null, headers5);
    ResponseEntity<SumTotal<User>> exchange5 = TestContext.getRestTemplate().exchange(url, HttpMethod.GET, request5, new ParameterizedTypeReference<>() {
    });
    Assert.assertEquals(HttpStatus.OK, exchange5.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) SumTotal(com.hw.helper.SumTotal) GrantTypeEnum(com.hw.helper.GrantTypeEnum) Client(com.hw.helper.Client) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

Client (com.hw.helper.Client)4 GrantTypeEnum (com.hw.helper.GrantTypeEnum)4 HashSet (java.util.HashSet)4 Test (org.junit.Test)4 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)4 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)4 MultiValueMap (org.springframework.util.MultiValueMap)4 SumTotal (com.hw.helper.SumTotal)3 HttpEntity (org.springframework.http.HttpEntity)3 HttpHeaders (org.springframework.http.HttpHeaders)3 IOException (java.io.IOException)1 Base64 (java.util.Base64)1 Map (java.util.Map)1 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial