Examples with RevocableTokenProvisioning org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning used on opensource projects

Search in sources :

Example 1 with RevocableTokenProvisioning

use of org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning in project uaa by cloudfoundry.

the class TokenValidationTest method nonRevocableToken.

@Test
public void nonRevocableToken() {
    revocableTokenProvisioning = mock(RevocableTokenProvisioning.class);
    when(revocableTokenProvisioning.retrieve("8b14f193-8212-4af2-9927-e3ae903f94a6", IdentityZoneHolder.get().getId())).thenThrow(// should not occur
    new EmptyResultDataAccessException(1));
    content.remove("revocable");
    buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")).checkRevocableTokenStore(revocableTokenProvisioning);
    verifyZeroInteractions(revocableTokenProvisioning);
}
Also used : RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) KeyInfoService(org.cloudfoundry.identity.uaa.oauth.KeyInfoService) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) Test(org.junit.Test)

Example 2 with RevocableTokenProvisioning

use of org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning in project uaa by cloudfoundry.

the class TokenValidationTest method tokenIsRevoked.

@Test
public void tokenIsRevoked() {
    RevocableTokenProvisioning revocableTokenProvisioning = mock(RevocableTokenProvisioning.class);
    when(revocableTokenProvisioning.retrieve("8b14f193-8212-4af2-9927-e3ae903f94a6", IdentityZoneHolder.get().getId())).thenThrow(new EmptyResultDataAccessException(1));
    expectedException.expect(InvalidTokenException.class);
    buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")).checkRevocableTokenStore(revocableTokenProvisioning);
}
Also used : RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) KeyInfoService(org.cloudfoundry.identity.uaa.oauth.KeyInfoService) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) Test(org.junit.Test)

Example 3 with RevocableTokenProvisioning

use of org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning in project uaa by cloudfoundry.

the class TokenValidationServiceTest method setup.

@Before
public void setup() {
    header = map(entry("alg", "RSA"), entry("kid", "key1"), entry("typ", "JWT"));
    content = map(entry(USER_ID, userId), entry(JTI, "abcdefg"), entry(CID, clientId), entry(SCOPE, Lists.newArrayList("foo.bar")));
    signer = new RsaSigner(PRIVATE_KEY);
    IdentityZoneHolder.get().getConfig().getTokenPolicy().setKeys(Collections.singletonMap("key1", PRIVATE_KEY));
    userDatabase = mock(UaaUserDatabase.class);
    tokenEndpointBuilder = mock(TokenEndpointBuilder.class);
    mockMultitenantClientServices = mock(MultitenantClientServices.class);
    revocableTokenProvisioning = mock(RevocableTokenProvisioning.class);
    when(mockMultitenantClientServices.loadClientByClientId(clientId, IdentityZoneHolder.get().getId())).thenReturn(new BaseClientDetails(clientId, null, "foo.bar", null, null));
    UaaUser user = new UaaUser(userId, "marrisa", "koala", "marissa@gmail.com", buildGrantedAuthorities("foo.bar"), "Marissa", "Bloggs", null, null, null, null, true, null, null, null);
    when(userDatabase.retrieveUserById(userId)).thenReturn(user);
    tokenValidationService = new TokenValidationService(revocableTokenProvisioning, tokenEndpointBuilder, userDatabase, mockMultitenantClientServices, new KeyInfoService("http://localhost:8080/uaa"));
}
Also used : RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) RsaSigner(org.springframework.security.jwt.crypto.sign.RsaSigner) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) Before(org.junit.Before)

Example 4 with RevocableTokenProvisioning

use of org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning in project uaa by cloudfoundry.

the class TokenValidationTest method setup.

@Before
public void setup() {
    String defaultKeyId = "some-key-id";
    IdentityZone uaaZone = IdentityZone.getUaa();
    uaaZone.getConfig().getTokenPolicy().setKeys(map(entry(defaultKeyId, macSigningKeySecret)));
    IdentityZoneProvisioning identityZoneProvisioning = mock(IdentityZoneProvisioning.class);
    when(identityZoneProvisioning.retrieve(anyString())).thenReturn(uaaZone);
    IdentityZoneHolder.setProvisioning(identityZoneProvisioning);
    header = map(entry("alg", "HS256"), entry("kid", defaultKeyId));
    content = map(entry("jti", "8b14f193-8212-4af2-9927-e3ae903f94a6"), entry("nonce", "04e2e934200b4b9fbe5d4e70ae18ba8e"), entry("sub", "a7f07bf6-e720-4652-8999-e980189cef54"), entry("scope", Collections.singletonList("acme.dev")), entry("client_id", "app"), entry("cid", "app"), entry("azp", "app"), entry("grant_type", GRANT_TYPE_AUTHORIZATION_CODE), entry("user_id", "a7f07bf6-e720-4652-8999-e980189cef54"), entry("origin", "uaa"), entry("user_name", "marissa"), entry("email", "marissa@test.org"), entry("auth_time", 1458953554), entry("rev_sig", "fa1c787d"), entry("iat", 1458953932), entry("exp", 1458997132), entry("iss", "http://localhost:8080/uaa/oauth/token"), entry("zid", "uaa"), entry("aud", Arrays.asList("app", "acme")), entry("revocable", true));
    signer = new MacSigner(macSigningKeySecret);
    IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class);
    when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId());
    inMemoryMultitenantClientServices = new InMemoryMultitenantClientServices(mockIdentityZoneManager);
    uaaClient = new BaseClientDetails("app", "acme", "acme.dev", GRANT_TYPE_AUTHORIZATION_CODE, "");
    uaaClient.addAdditionalInformation(REQUIRED_USER_GROUPS, Collections.emptyList());
    inMemoryMultitenantClientServices.setClientDetailsStore(IdentityZone.getUaaZoneId(), Collections.singletonMap(CLIENT_ID, uaaClient));
    revocableTokenProvisioning = mock(RevocableTokenProvisioning.class);
    when(revocableTokenProvisioning.retrieve("8b14f193-8212-4af2-9927-e3ae903f94a6", IdentityZoneHolder.get().getId())).thenReturn(new RevocableToken().setValue(UaaTokenUtils.constructToken(header, content, signer)));
    userDb = new MockUaaUserDatabase(u -> u.withUsername("marissa").withId(USER_ID).withEmail("marissa@test.org").withAuthorities(Collections.singletonList(new SimpleGrantedAuthority("acme.dev"))));
    uaaUser = userDb.retrieveUserById(USER_ID);
    uaaUserGroups = uaaUser.getAuthorities().stream().map(a -> a.getAuthority()).collect(Collectors.toList());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) LoggerContext(org.apache.logging.log4j.core.LoggerContext) MockUaaUserDatabase(org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase) UaaMapUtils.map(org.cloudfoundry.identity.uaa.util.UaaMapUtils.map) LogEvent(org.apache.logging.log4j.core.LogEvent) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) Assert.assertThat(org.junit.Assert.assertThat) MockitoHamcrest.argThat(org.mockito.hamcrest.MockitoHamcrest.argThat) After(org.junit.After) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) REQUIRED_USER_GROUPS(org.cloudfoundry.identity.uaa.oauth.client.ClientConstants.REQUIRED_USER_GROUPS) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) EMPTY_LIST(java.util.Collections.EMPTY_LIST) AfterClass(org.junit.AfterClass) ClaimConstants(org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) org.cloudfoundry.identity.uaa.zone(org.cloudfoundry.identity.uaa.zone) GRANT_TYPE_AUTHORIZATION_CODE(org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) SignatureVerifier(org.springframework.security.jwt.crypto.sign.SignatureVerifier) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) java.util(java.util) KeyInfoService(org.cloudfoundry.identity.uaa.oauth.KeyInfoService) BeforeClass(org.junit.BeforeClass) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) MacSigner(org.springframework.security.jwt.crypto.sign.MacSigner) TestUtils(org.cloudfoundry.identity.uaa.test.TestUtils) Lists(com.google.common.collect.Lists) InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) TokenValidation(org.cloudfoundry.identity.uaa.util.TokenValidation) ExpectedException(org.junit.rules.ExpectedException) Signer(org.springframework.security.jwt.crypto.sign.Signer) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Before(org.junit.Before) RevocableTokenProvisioning(org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning) InMemoryUaaUserDatabase(org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase) AbstractAppender(org.apache.logging.log4j.core.appender.AbstractAppender) ChainedSignatureVerifier(org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) Mockito(org.mockito.Mockito) UaaMapUtils.entry(org.cloudfoundry.identity.uaa.util.UaaMapUtils.entry) Rule(org.junit.Rule) LogManager(org.apache.logging.log4j.LogManager) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) MockUaaUserDatabase(org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) MacSigner(org.springframework.security.jwt.crypto.sign.MacSigner) RevocableToken(org.cloudfoundry.identity.uaa.oauth.token.RevocableToken) IdentityZoneManager(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager) Before(org.junit.Before)

Aggregations

RevocableTokenProvisioning (org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning)4 KeyInfoService (org.cloudfoundry.identity.uaa.oauth.KeyInfoService)3 Test (org.junit.Test)3 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)2 UaaUserDatabase (org.cloudfoundry.identity.uaa.user.UaaUserDatabase)2 Before (org.junit.Before)2 EmptyResultDataAccessException (org.springframework.dao.EmptyResultDataAccessException)2 Lists (com.google.common.collect.Lists)1 Instant (java.time.Instant)1 java.util (java.util)1 EMPTY_LIST (java.util.Collections.EMPTY_LIST)1 Collectors (java.util.stream.Collectors)1 LogManager (org.apache.logging.log4j.LogManager)1 LogEvent (org.apache.logging.log4j.core.LogEvent)1 LoggerContext (org.apache.logging.log4j.core.LoggerContext)1 AbstractAppender (org.apache.logging.log4j.core.appender.AbstractAppender)1 REQUIRED_USER_GROUPS (org.cloudfoundry.identity.uaa.oauth.client.ClientConstants.REQUIRED_USER_GROUPS)1 ChainedSignatureVerifier (org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier)1 ClaimConstants (org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants)1 RevocableToken (org.cloudfoundry.identity.uaa.oauth.token.RevocableToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial