Examples with Approval org.cloudfoundry.identity.uaa.approval.Approval used on opensource projects

Search in sources :

Example 41 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testCreateAccessTokenAuthcodeGrantExpandedScopes.

@Test(expected = InvalidScopeException.class)
public void testCreateAccessTokenAuthcodeGrantExpandedScopes() {
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, 3000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    // First Request
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    assertThat(accessToken, scope(is(tokenSupport.requestedAuthScopes)));
    assertThat(accessToken.getRefreshToken(), is(not(nullValue())));
    assertThat(accessToken.getRefreshToken(), OAuth2RefreshTokenMatchers.scope(is(tokenSupport.requestedAuthScopes)));
    assertThat(accessToken.getRefreshToken(), OAuth2RefreshTokenMatchers.audience(is(tokenSupport.resourceIds)));
    // Second request with expanded scopes
    AuthorizationRequest expandedScopeAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.expandedScopes);
    expandedScopeAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> refreshAzParameters = new HashMap<>(expandedScopeAuthorizationRequest.getRequestParameters());
    refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
    expandedScopeAuthorizationRequest.setRequestParameters(refreshAzParameters);
    OAuth2Authentication expandedScopeAuthentication = new OAuth2Authentication(expandedScopeAuthorizationRequest.createOAuth2Request(), userAuthentication);
    tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(expandedScopeAuthorizationRequest, "refresh_token"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 42 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testReadAccessTokenForDeletedUserId.

@Test(expected = InvalidTokenException.class)
public void testReadAccessTokenForDeletedUserId() {
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, 3000);
    Calendar updatedAt = Calendar.getInstance();
    updatedAt.add(Calendar.MILLISECOND, -1000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    this.tokenSupport.userDatabase.clear();
    assertEquals(accessToken, tokenServices.readAccessToken(accessToken.getValue()));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 43 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testRefreshTokenAfterApprovalsExpired.

@Test(expected = InvalidTokenException.class)
public void testRefreshTokenAfterApprovalsExpired() {
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, -3000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId());
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters());
    refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
    refreshAuthorizationRequest.setRequestParameters(refreshAzParameters);
    tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 44 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testCreateAccessTokenRefreshGrantAllScopesAutoApprovedButApprovalDenied.

@Test
public void testCreateAccessTokenRefreshGrantAllScopesAutoApprovedButApprovalDenied() {
    BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient);
    clientDetails.setAutoApproveScopes(tokenSupport.requestedAuthScopes);
    tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails));
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, 3000);
    Calendar updatedAt = Calendar.getInstance();
    updatedAt.add(Calendar.MILLISECOND, -1000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.DENIED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    this.assertCommonUserAccessTokenProperties(accessToken, CLIENT_ID);
    assertThat(accessToken, issuerUri(is(ISSUER_URI)));
    assertThat(accessToken, scope(is(tokenSupport.requestedAuthScopes)));
    assertThat(accessToken, validFor(is(60 * 60 * 12)));
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    this.assertCommonUserRefreshTokenProperties(refreshToken);
    assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI)));
    assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30)));
    this.assertCommonEventProperties(accessToken, tokenSupport.userId, buildJsonString(tokenSupport.requestedAuthScopes));
    AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters());
    refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
    refreshAuthorizationRequest.setRequestParameters(refreshAzParameters);
    OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"));
    assertNotNull(refreshedAccessToken);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) CompositeExpiringOAuth2RefreshToken(org.cloudfoundry.identity.uaa.oauth.refresh.CompositeExpiringOAuth2RefreshToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 45 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testRefreshTokenAfterApprovalsMissing.

@Test(expected = InvalidTokenException.class)
public void testRefreshTokenAfterApprovalsMissing() {
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, -3000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.DENIED), IdentityZoneHolder.get().getId());
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters());
    refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
    refreshAuthorizationRequest.setRequestParameters(refreshAzParameters);
    tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial