Example 61 with Authentication
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class OAuth2WebSecurityExpressionHandlerTests method testOauthClient.
@Test
public void testOauthClient() throws Exception {
AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
Authentication userAuthentication = null;
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
FilterInvocation invocation = new FilterInvocation("/foo", "GET");
Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole('ROLE_CLIENT')");
assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
Expression(org.springframework.expression.Expression)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 62 with Authentication
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class OAuth2WebSecurityExpressionHandlerTests method testInsufficientScope.
@Test(expected = AccessDeniedException.class)
public void testInsufficientScope() throws Exception {
AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_USER"));
OAuth2Request clientAuthentication = request.createOAuth2Request();
Authentication userAuthentication = null;
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
OAuth2SecurityExpressionMethods root = new OAuth2SecurityExpressionMethods(oAuth2Authentication);
boolean hasAnyScope = root.hasAnyScope("foo");
root.throwOnError(hasAnyScope);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Test(org.junit.Test)
Example 63 with Authentication
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordTokenGranterTests method testBadCredentials.
@Test(expected = InvalidGrantException.class)
public void testBadCredentials() {
ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
throw new BadCredentialsException("test");
}
}, providerTokenServices, clientDetailsService, requestFactory);
granter.grant("password", tokenRequest);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
AuthenticationException(org.springframework.security.core.AuthenticationException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Test(org.junit.Test)
Example 64 with Authentication
use of org.springframework.security.core.Authentication in project camel by apache.
the class SpringSecurityAuthorizationPolicyTest method createAuthenticationToken.
private Authentication createAuthenticationToken(String username, String password, String... roles) {
Authentication authToken;
if (roles != null && roles.length > 0) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roles.length);
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
authToken = new UsernamePasswordAuthenticationToken(username, password, authorities);
} else {
authToken = new UsernamePasswordAuthenticationToken(username, password);
}
return authToken;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Authentication(org.springframework.security.core.Authentication)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 65 with Authentication
use of org.springframework.security.core.Authentication in project camel by apache.
the class SpringSecurityAuthorizationPolicyTest method sendMessageWithAuthentication.
private void sendMessageWithAuthentication(String username, String password, String... roles) {
Authentication authToken = createAuthenticationToken(username, password, roles);
Subject subject = new Subject();
subject.getPrincipals().add(authToken);
template.sendBodyAndHeader("direct:start", "hello world", Exchange.AUTHENTICATION, subject);
}
Also used :
Authentication(org.springframework.security.core.Authentication)
Subject(javax.security.auth.Subject)
Aggregations
Authentication (org.springframework.security.core.Authentication)498
Test (org.junit.Test)192
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)114
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)98
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)75
SecurityContext (org.springframework.security.core.context.SecurityContext)63
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)57
GrantedAuthority (org.springframework.security.core.GrantedAuthority)50
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)47
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)42
MifosUser (org.mifos.security.MifosUser)38
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34
HttpServletRequest (javax.servlet.http.HttpServletRequest)32
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)32
AuthenticationException (org.springframework.security.core.AuthenticationException)31
UserDetails (org.springframework.security.core.userdetails.UserDetails)31
MifosUserBuilder (org.mifos.builders.MifosUserBuilder)29
HashMap (java.util.HashMap)27
HttpServletResponse (javax.servlet.http.HttpServletResponse)27
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25
