Examples with AuthorizationRequest org.maxkey.authz.oauth2.provider.AuthorizationRequest used on opensource projects

Search in sources :

Example 21 with AuthorizationRequest

use of org.maxkey.authz.oauth2.provider.AuthorizationRequest in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method test_missing_required_user_groups.

@Test
public void test_missing_required_user_groups() {
    tokenSupport.defaultClient.addAdditionalInformation(REQUIRED_USER_GROUPS, singletonList("uaa.admin"));
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_PASSWORD);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    expectedException.expect(InvalidTokenException.class);
    expectedException.expectMessage("User does not meet the client's required group criteria.");
    tokenServices.createAccessToken(authentication);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString)

Example 22 with AuthorizationRequest

use of org.maxkey.authz.oauth2.provider.AuthorizationRequest in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method performPasswordGrant.

private OAuth2AccessToken performPasswordGrant(String tokenFormat) {
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_PASSWORD);
    azParameters.put(REQUEST_TOKEN_FORMAT, tokenFormat);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    return tokenServices.createAccessToken(authentication);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString)

Example 23 with AuthorizationRequest

use of org.maxkey.authz.oauth2.provider.AuthorizationRequest in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testCreateAccessTokenAuthcodeGrantNarrowerScopes.

@Test
public void testCreateAccessTokenAuthcodeGrantNarrowerScopes() {
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, 3000);
    Calendar updatedAt = Calendar.getInstance();
    updatedAt.add(Calendar.MILLISECOND, -1000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    // First Request
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    assertThat(accessToken, scope(is(tokenSupport.requestedAuthScopes)));
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    assertThat(refreshToken, is(not(nullValue())));
    assertThat(refreshToken, OAuth2RefreshTokenMatchers.scope(is(tokenSupport.requestedAuthScopes)));
    assertThat(refreshToken, OAuth2RefreshTokenMatchers.audience(is(tokenSupport.resourceIds)));
    // Second request with reduced scopes
    AuthorizationRequest reducedScopeAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.readScope);
    reducedScopeAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> refreshAzParameters = new HashMap<>(reducedScopeAuthorizationRequest.getRequestParameters());
    refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN);
    reducedScopeAuthorizationRequest.setRequestParameters(refreshAzParameters);
    OAuth2Authentication reducedScopeAuthentication = new OAuth2Authentication(reducedScopeAuthorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken reducedScopeAccessToken = tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(reducedScopeAuthorizationRequest, "refresh_token"));
    // AT should have the new scopes, RT should be the same
    assertThat(reducedScopeAccessToken, scope(is(tokenSupport.readScope)));
    assertEquals(reducedScopeAccessToken.getRefreshToken(), accessToken.getRefreshToken());
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) CompositeExpiringOAuth2RefreshToken(org.cloudfoundry.identity.uaa.oauth.refresh.CompositeExpiringOAuth2RefreshToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Example 24 with AuthorizationRequest

use of org.maxkey.authz.oauth2.provider.AuthorizationRequest in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method testCreateAccessTokenForAnotherIssuer.

@Test
public void testCreateAccessTokenForAnotherIssuer() throws Exception {
    String subdomain = "test-zone-subdomain";
    IdentityZone identityZone = getIdentityZone(subdomain);
    identityZone.setConfig(JsonUtils.readValue("{\"issuer\": \"http://uaamaster:8080/uaa\"}", IdentityZoneConfiguration.class));
    identityZone.getConfig().getTokenPolicy().setAccessTokenValidity(tokenSupport.accessTokenValidity);
    tokenSupport.copyClients(IdentityZoneHolder.get().getId(), identityZone.getId());
    IdentityZoneHolder.set(identityZone);
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.clientScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS);
    authorizationRequest.setRequestParameters(azParameters);
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null);
    tokenServices.setTokenEndpointBuilder(new TokenEndpointBuilder("http://uaaslave:8080/uaa"));
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    assertCommonClientAccessTokenProperties(accessToken);
    assertThat(accessToken, validFor(is(tokenSupport.accessTokenValidity)));
    assertThat(accessToken, issuerUri(is("http://uaamaster:8080/uaa/oauth/token")));
    assertThat(accessToken, zoneId(is(IdentityZoneHolder.get().getId())));
    assertThat(accessToken.getRefreshToken(), is(nullValue()));
    validateExternalAttributes(accessToken);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString)

Example 25 with AuthorizationRequest

use of org.maxkey.authz.oauth2.provider.AuthorizationRequest in project uaa by cloudfoundry.

the class DeprecatedUaaTokenServicesTests method readAccessToken.

private void readAccessToken(Set<String> excludedClaims) {
    tokenServices.setExcludedClaims(excludedClaims);
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes);
    authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds));
    Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters());
    azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE);
    authorizationRequest.setRequestParameters(azParameters);
    Authentication userAuthentication = tokenSupport.defaultUserAuthentication;
    Calendar expiresAt = Calendar.getInstance();
    expiresAt.add(Calendar.MILLISECOND, 3000);
    Calendar updatedAt = Calendar.getInstance();
    updatedAt.add(Calendar.MILLISECOND, -1000);
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.readScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    tokenSupport.approvalStore.addApproval(new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(tokenSupport.writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime()), IdentityZoneHolder.get().getId());
    Approval approval = new Approval().setUserId(tokenSupport.userId).setClientId(CLIENT_ID).setScope(OPENID).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED).setLastUpdatedAt(updatedAt.getTime());
    tokenSupport.approvalStore.addApproval(approval, IdentityZoneHolder.get().getId());
    OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    assertEquals(accessToken, tokenServices.readAccessToken(accessToken.getValue()));
    tokenSupport.approvalStore.revokeApproval(approval, IdentityZoneHolder.get().getId());
    try {
        tokenServices.readAccessToken(accessToken.getValue());
        fail("Approval has been revoked");
    } catch (InvalidTokenException x) {
        assertThat("Exception should be about approvals", x.getMessage().contains("some requested scopes are not approved"));
    }
}
Also used : InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) IsEmptyString.isEmptyString(org.hamcrest.text.IsEmptyString.isEmptyString) Approval(org.cloudfoundry.identity.uaa.approval.Approval)

Aggregations

AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)215 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)107 Test (org.junit.Test)88 Authentication (org.springframework.security.core.Authentication)80 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)57 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)50 HashMap (java.util.HashMap)47 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)45 ModelAndView (org.springframework.web.servlet.ModelAndView)32 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)31 Approval (org.cloudfoundry.identity.uaa.approval.Approval)29 RedirectView (org.springframework.web.servlet.view.RedirectView)29 Test (org.junit.jupiter.api.Test)28 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)19 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)19 Map (java.util.Map)15 Date (java.util.Date)14 HashSet (java.util.HashSet)14 Matchers.containsString (org.hamcrest.Matchers.containsString)14 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial