Example 1 with OAuthProviderTokenImpl
use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.
the class OAuthUserAuthorizationProcessingFilterTests method testAttemptAuthentication.
/**
* tests the attempt to authenticate.
*/
@Test
public void testAttemptAuthentication() throws Exception {
UserAuthorizationProcessingFilter filter = new UserAuthorizationProcessingFilter("/");
OAuthVerifierServices vs = mock(OAuthVerifierServices.class);
filter.setVerifierServices(vs);
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
Authentication authentication = mock(Authentication.class);
OAuthProviderTokenServices tokenServices = mock(OAuthProviderTokenServices.class);
filter.setTokenServices(tokenServices);
SecurityContextHolder.getContext().setAuthentication(authentication);
when(request.getParameter("requestToken")).thenReturn("tok");
OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
token.setCallbackUrl("callback");
when(tokenServices.getToken("tok")).thenReturn(token);
when(authentication.isAuthenticated()).thenReturn(false);
try {
filter.attemptAuthentication(request, response);
fail();
} catch (InsufficientAuthenticationException e) {
}
verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
reset(request);
when(authentication.isAuthenticated()).thenReturn(true);
when(request.getParameter("requestToken")).thenReturn("tok");
when(tokenServices.getToken("tok")).thenReturn(token);
when(vs.createVerifier()).thenReturn("verifier");
tokenServices.authorizeRequestToken("tok", "verifier", authentication);
filter.setTokenServices(tokenServices);
filter.attemptAuthentication(request, response);
verify(request).setAttribute(UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE, "callback");
verify(request).setAttribute(UserAuthorizationProcessingFilter.VERIFIER_ATTRIBUTE, "verifier");
SecurityContextHolder.getContext().setAuthentication(null);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuthProviderTokenServices(org.springframework.security.oauth.provider.token.OAuthProviderTokenServices)
Authentication(org.springframework.security.core.Authentication)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuthVerifierServices(org.springframework.security.oauth.provider.verifier.OAuthVerifierServices)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
OAuthProviderTokenImpl(org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl)
Test(org.junit.Test)
Example 2 with OAuthProviderTokenImpl
use of org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl in project spring-security-oauth by spring-projects.
the class CoreOAuthSignatureMethodFactoryTests method testGetSignatureMethod.
/**
* tests getting the signature method.
*/
@Test
public void testGetSignatureMethod() throws Exception {
CoreOAuthSignatureMethodFactory factory = new CoreOAuthSignatureMethodFactory();
OAuthProviderTokenImpl token = new OAuthProviderTokenImpl();
token.setSecret("token_SHHHHHHHHHHHHHH");
SharedConsumerSecret sharedSecret = new SharedConsumerSecretImpl("consumer_shhhhhhhhhh");
try {
factory.getSignatureMethod("unknown", sharedSecret, token.getSecret());
fail("should fail with unknown signature method.");
} catch (UnsupportedSignatureMethodException e) {
// fall thru...
}
try {
factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
fail("plain text shouldn't be supported by default.");
} catch (UnsupportedSignatureMethodException e) {
// fall thru...
}
factory.setSupportPlainText(true);
OAuthSignatureMethod signatureMethod = factory.getSignatureMethod(PlainTextSignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
assertTrue(signatureMethod instanceof PlainTextSignatureMethod);
assertEquals("consumer_shhhhhhhhhh%26token_SHHHHHHHHHHHHHH", ((PlainTextSignatureMethod) signatureMethod).getSecret());
signatureMethod = factory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, sharedSecret, token.getSecret());
assertTrue(signatureMethod instanceof HMAC_SHA1SignatureMethod);
SecretKeySpec spec = new SecretKeySpec("consumer_shhhhhhhhhh&token_SHHHHHHHHHHHHHH".getBytes("UTF-8"), HMAC_SHA1SignatureMethod.MAC_NAME);
assertTrue(Arrays.equals(spec.getEncoded(), ((HMAC_SHA1SignatureMethod) signatureMethod).getSecretKey().getEncoded()));
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
KeyPair keyPair = generator.generateKeyPair();
signatureMethod = factory.getSignatureMethod(RSA_SHA1SignatureMethod.SIGNATURE_NAME, new RSAKeySecret(keyPair.getPrivate(), keyPair.getPublic()), token.getSecret());
assertTrue(signatureMethod instanceof RSA_SHA1SignatureMethod);
assertEquals(keyPair.getPrivate(), ((RSA_SHA1SignatureMethod) signatureMethod).getPrivateKey());
assertEquals(keyPair.getPublic(), ((RSA_SHA1SignatureMethod) signatureMethod).getPublicKey());
}
Also used :
KeyPair(java.security.KeyPair)
KeyPairGenerator(java.security.KeyPairGenerator)
OAuthProviderTokenImpl(org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)2
OAuthProviderTokenImpl (org.springframework.security.oauth.provider.token.OAuthProviderTokenImpl)2
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
Authentication (org.springframework.security.core.Authentication)1
OAuthProviderTokenServices (org.springframework.security.oauth.provider.token.OAuthProviderTokenServices)1
OAuthVerifierServices (org.springframework.security.oauth.provider.verifier.OAuthVerifierServices)1
