Example 11 with AnnotationConfigServletWebServerApplicationContext
use of org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testClientIsNotResourceServer.
@Test
public void testClientIsNotResourceServer() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(ClientConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
assertThat(countBeans(RESOURCE_SERVER_CONFIG)).isEqualTo(0);
assertThat(countBeans(AUTHORIZATION_SERVER_CONFIG)).isEqualTo(0);
// Scoped target and proxy:
assertThat(countBeans(OAuth2ClientContext.class)).isEqualTo(2);
}
Also used :
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
Test(org.junit.Test)
Example 12 with AnnotationConfigServletWebServerApplicationContext
use of org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testCanUseClientCredentials.
@Test
public void testCanUseClientCredentials() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(TestSecurityConfiguration.class, MinimalSecureWebApplication.class);
EnvironmentTestUtils.addEnvironment(this.context, "security.oauth2.client.clientId=client", "security.oauth2.client.grantType=client_credentials");
this.context.refresh();
OAuth2ClientContext bean = this.context.getBean(OAuth2ClientContext.class);
assertThat(bean.getAccessTokenRequest()).isNotNull();
assertThat(countBeans(ClientCredentialsResourceDetails.class)).isEqualTo(1);
assertThat(countBeans(OAuth2ClientContext.class)).isEqualTo(1);
}
Also used :
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
OAuth2ClientContext(org.springframework.security.oauth2.client.OAuth2ClientContext)
Test(org.junit.Test)
Example 13 with AnnotationConfigServletWebServerApplicationContext
use of org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testMethodSecurityBackingOff.
@Test
public void testMethodSecurityBackingOff() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(CustomMethodSecurity.class, TestSecurityConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
}
Also used :
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Test(org.junit.Test)
Example 14 with AnnotationConfigServletWebServerApplicationContext
use of org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testJsr250SecurityAnnotationOverride.
@Test
public void testJsr250SecurityAnnotationOverride() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
this.context.getBean(OAuth2MethodSecurityConfiguration.class);
ClientDetails config = this.context.getBean(ClientDetails.class);
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName());
verifyAuthentication(config, HttpStatus.OK);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
Test(org.junit.Test)
Example 15 with AnnotationConfigServletWebServerApplicationContext
use of org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testEnvironmentalOverrides.
@Test
public void testEnvironmentalOverrides() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
EnvironmentTestUtils.addEnvironment(this.context, "security.oauth2.client.clientId:myclientid", "security.oauth2.client.clientSecret:mysecret", "security.oauth2.client.autoApproveScopes:read,write", "security.oauth2.client.accessTokenValiditySeconds:40", "security.oauth2.client.refreshTokenValiditySeconds:80");
this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
ClientDetails config = this.context.getBean(ClientDetails.class);
assertThat(config.getClientId()).isEqualTo("myclientid");
assertThat(config.getClientSecret()).isEqualTo("mysecret");
assertThat(config.isAutoApprove("read")).isTrue();
assertThat(config.isAutoApprove("write")).isTrue();
assertThat(config.isAutoApprove("foo")).isFalse();
assertThat(config.getAccessTokenValiditySeconds()).isEqualTo(40);
assertThat(config.getRefreshTokenValiditySeconds()).isEqualTo(80);
verifyAuthentication(config);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
Test(org.junit.Test)
Aggregations
AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)52
Test (org.junit.Test)41
DispatcherServlet (org.springframework.web.servlet.DispatcherServlet)8
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)7
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)6
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)4
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)4
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)4
ServerPortInfoApplicationContextInitializer (org.springframework.boot.web.context.ServerPortInfoApplicationContextInitializer)3
ServletContextEvent (javax.servlet.ServletContextEvent)2
ServletContextListener (javax.servlet.ServletContextListener)2
MethodSecurityExpressionHandler (org.springframework.security.access.expression.method.MethodSecurityExpressionHandler)2
PreInvocationAuthorizationAdvice (org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice)2
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)2
OAuth2ClientContext (org.springframework.security.oauth2.client.OAuth2ClientContext)2
OAuth2MethodSecurityExpressionHandler (org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler)2
RestTemplate (org.springframework.web.client.RestTemplate)2
StandardServletMultipartResolver (org.springframework.web.multipart.support.StandardServletMultipartResolver)2
URL (java.net.URL)1
ArrayList (java.util.ArrayList)1
