Example 46 with OAuth2AuthorizedClient
use of org.springframework.security.oauth2.client.OAuth2AuthorizedClient in project spring-security by spring-projects.
the class JwtBearerReactiveOAuth2AuthorizedClientProviderTests method authorizeWhenJwtBearerAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize.
@Test
public void authorizeWhenJwtBearerAndTokenNotExpiredButClockSkewForcesExpiryThenReauthorize() {
Instant now = Instant.now();
Instant issuedAt = now.minus(Duration.ofMinutes(60));
Instant expiresAt = now.plus(Duration.ofMinutes(1));
OAuth2AccessToken expiresInOneMinAccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", issuedAt, expiresAt);
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.clientRegistration, this.principal.getName(), expiresInOneMinAccessToken);
// Shorten the lifespan of the access token by 90 seconds, which will ultimately
// force it to expire on the client
this.authorizedClientProvider.setClockSkew(Duration.ofSeconds(90));
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
// @formatter:off
OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient).principal(this.principal).build();
// @formatter:on
OAuth2AuthorizedClient reauthorizedClient = this.authorizedClientProvider.authorize(authorizationContext).block();
assertThat(reauthorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
assertThat(reauthorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
assertThat(reauthorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used :
OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
Instant(java.time.Instant)
Test(org.junit.jupiter.api.Test)
Example 47 with OAuth2AuthorizedClient
use of org.springframework.security.oauth2.client.OAuth2AuthorizedClient in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizedClientRepository method getAuthorizedClients.
@SuppressWarnings("unchecked")
private Map<String, OAuth2AuthorizedClient> getAuthorizedClients(HttpServletRequest request) {
HttpSession session = request.getSession(false);
Map<String, OAuth2AuthorizedClient> authorizedClients = (session != null) ? (Map<String, OAuth2AuthorizedClient>) session.getAttribute(this.sessionAttributeName) : null;
if (authorizedClients == null) {
authorizedClients = new HashMap<>();
}
return authorizedClients;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)
Example 48 with OAuth2AuthorizedClient
use of org.springframework.security.oauth2.client.OAuth2AuthorizedClient in project spring-security by spring-projects.
the class ServletOAuth2AuthorizedClientExchangeFilterFunction method authorizeClient.
private Mono<OAuth2AuthorizedClient> authorizeClient(String clientRegistrationId, ClientRequest request) {
if (this.authorizedClientManager == null) {
return Mono.empty();
}
Map<String, Object> attrs = request.attributes();
Authentication authentication = getAuthentication(attrs);
if (authentication == null) {
authentication = ANONYMOUS_AUTHENTICATION;
}
HttpServletRequest servletRequest = getRequest(attrs);
HttpServletResponse servletResponse = getResponse(attrs);
OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withClientRegistrationId(clientRegistrationId).principal(authentication);
builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse));
OAuth2AuthorizeRequest authorizeRequest = builder.build();
// blocking I/O operation using RestTemplate internally
return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(authorizeRequest)).subscribeOn(Schedulers.boundedElastic());
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
OAuth2AuthorizeRequest(org.springframework.security.oauth2.client.OAuth2AuthorizeRequest)
Example 49 with OAuth2AuthorizedClient
use of org.springframework.security.oauth2.client.OAuth2AuthorizedClient in project spring-security by spring-projects.
the class ClientCredentialsOAuth2AuthorizedClientProviderTests method authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize.
@Test
public void authorizeWhenClientCredentialsAndNotAuthorizedThenAuthorize() {
OAuth2AccessTokenResponse accessTokenResponse = TestOAuth2AccessTokenResponses.accessTokenResponse().build();
given(this.accessTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
// @formatter:off
OAuth2AuthorizationContext authorizationContext = OAuth2AuthorizationContext.withClientRegistration(this.clientRegistration).principal(this.principal).build();
// @formatter:on
OAuth2AuthorizedClient authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
assertThat(authorizedClient.getClientRegistration()).isSameAs(this.clientRegistration);
assertThat(authorizedClient.getPrincipalName()).isEqualTo(this.principal.getName());
assertThat(authorizedClient.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken());
}
Also used :
OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)
Test(org.junit.jupiter.api.Test)
Example 50 with OAuth2AuthorizedClient
use of org.springframework.security.oauth2.client.OAuth2AuthorizedClient in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests method oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests.
@Test
public void oauth2ClientWhenUsedOnceThenDoesNotAffectRemainingTests() throws Exception {
this.mvc.perform(get("/client-id").with(oauth2Client("registration-id"))).andExpect(content().string("test-client"));
OAuth2AuthorizedClient client = new OAuth2AuthorizedClient(TestClientRegistrations.clientRegistration().build(), "sub", TestOAuth2AccessTokens.noScopes());
OAuth2AuthorizedClientRepository repository = this.context.getBean(OAuth2AuthorizedClientRepository.class);
given(repository.loadAuthorizedClient(eq("registration-id"), any(Authentication.class), any(HttpServletRequest.class))).willReturn(client);
this.mvc.perform(get("/client-id")).andExpect(content().string("client-id"));
verify(repository).loadAuthorizedClient(eq("registration-id"), any(Authentication.class), any(HttpServletRequest.class));
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
RegisteredOAuth2AuthorizedClient(org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)
OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)
OAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)140
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)123
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)66
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)51
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)45
Instant (java.time.Instant)43
Authentication (org.springframework.security.core.Authentication)41
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)36
ClientRequest (org.springframework.web.reactive.function.client.ClientRequest)34
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)32
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)31
OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)31
BeforeEach (org.junit.jupiter.api.BeforeEach)28
OAuth2AuthorizationContext (org.springframework.security.oauth2.client.OAuth2AuthorizationContext)23
Map (java.util.Map)21
HashMap (java.util.HashMap)20
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)19
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)17
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)17
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)17
