Examples with OAuth2AuthenticationToken org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken used on opensource projects

Search in sources :

Example 11 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class SecurityMockServerConfigurersOAuth2LoginTests method oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence.

@Test
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
    OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("sub", "subject"), "sub");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus().isOk();
    OAuth2AuthenticationToken token = this.controller.token;
    assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
    this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User).attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
    token = this.controller.token;
    assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) Mock(org.mockito.Mock) RegisteredOAuth2AuthorizedClient(org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) GetMapping(org.springframework.web.bind.annotation.GetMapping) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) HttpHeaders(org.springframework.http.HttpHeaders) Collection(java.util.Collection) MediaType(org.springframework.http.MediaType) OAuth2AuthorizedClientArgumentResolver(org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver) OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) RestController(org.springframework.web.bind.annotation.RestController) OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) ServerOAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User) OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) Test(org.junit.jupiter.api.Test)

Example 12 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method serializeWhenMixinRegisteredThenSerializes.

@Test
public void serializeWhenMixinRegisteredThenSerializes() throws Exception {
    // OidcUser
    OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
    String expectedJson = asJson(authentication);
    String json = this.mapper.writeValueAsString(authentication);
    JSONAssert.assertEquals(expectedJson, json, true);
    // OAuth2User
    authentication = TestOAuth2AuthenticationTokens.authenticated();
    expectedJson = asJson(authentication);
    json = this.mapper.writeValueAsString(authentication);
    JSONAssert.assertEquals(expectedJson, json, true);
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 13 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthenticationTokenMixinTests method deserializeWhenRequiredAttributesOnlyThenDeserializes.

@Test
public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Exception {
    DefaultOidcUser expectedPrincipal = TestOidcUsers.create();
    expectedPrincipal = new DefaultOidcUser(expectedPrincipal.getAuthorities(), expectedPrincipal.getIdToken());
    OAuth2AuthenticationToken expectedAuthentication = new OAuth2AuthenticationToken(expectedPrincipal, Collections.emptyList(), "registration-id");
    String json = asJson(expectedAuthentication);
    OAuth2AuthenticationToken authentication = this.mapper.readValue(json, OAuth2AuthenticationToken.class);
    assertThat(authentication.getAuthorities()).isEmpty();
    assertThat(authentication.getDetails()).isEqualTo(expectedAuthentication.getDetails());
    assertThat(authentication.isAuthenticated()).isEqualTo(expectedAuthentication.isAuthenticated());
    assertThat(authentication.getAuthorizedClientRegistrationId()).isEqualTo(expectedAuthentication.getAuthorizedClientRegistrationId());
    DefaultOidcUser principal = (DefaultOidcUser) authentication.getPrincipal();
    assertThat(principal.getAuthorities().containsAll(expectedPrincipal.getAuthorities())).isTrue();
    assertThat(principal.getAttributes()).containsExactlyEntriesOf(expectedPrincipal.getAttributes());
    assertThat(principal.getName()).isEqualTo(expectedPrincipal.getName());
    OidcIdToken expectedIdToken = expectedPrincipal.getIdToken();
    OidcIdToken idToken = principal.getIdToken();
    assertThat(idToken.getTokenValue()).isEqualTo(expectedIdToken.getTokenValue());
    assertThat(idToken.getIssuedAt()).isEqualTo(expectedIdToken.getIssuedAt());
    assertThat(idToken.getExpiresAt()).isEqualTo(expectedIdToken.getExpiresAt());
    assertThat(idToken.getClaims()).containsExactlyEntriesOf(expectedIdToken.getClaims());
    assertThat(principal.getUserInfo()).isNull();
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) OidcIdToken(org.springframework.security.oauth2.core.oidc.OidcIdToken) DefaultOidcUser(org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser) Test(org.junit.jupiter.api.Test)

Example 14 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OidcClientInitiatedLogoutSuccessHandlerTests method logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect.

@Test
public void logoutWhenUsingPostLogoutRedirectUriThenIncludesItInRedirect() throws IOException, ServletException {
    OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
    this.handler.setPostLogoutRedirectUri(URI.create("https://postlogout?encodedparam=value"));
    this.request.setUserPrincipal(token);
    this.handler.onLogoutSuccess(this.request, this.response, token);
    assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://postlogout?encodedparam%3Dvalue");
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 15 with OAuth2AuthenticationToken

use of org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken in project spring-security by spring-projects.

the class OidcClientInitiatedLogoutSuccessHandlerTests method logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect.

@Test
public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirect() throws IOException, ServletException {
    OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
    this.handler.setPostLogoutRedirectUri("{baseUrl}");
    this.request.setScheme("https");
    this.request.setServerPort(443);
    this.request.setServerName("rp.example.org");
    this.request.setUserPrincipal(token);
    this.handler.onLogoutSuccess(this.request, this.response, token);
    assertThat(this.response.getRedirectedUrl()).isEqualTo("https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org");
}
Also used : OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

OAuth2AuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken)41 Test (org.junit.jupiter.api.Test)34 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)11 Collection (java.util.Collection)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6 DefaultOidcUser (org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser)6 DefaultOAuth2User (org.springframework.security.oauth2.core.user.DefaultOAuth2User)6 RegisteredOAuth2AuthorizedClient (org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)5 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)5 OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)5 WebFilterExchange (org.springframework.security.web.server.WebFilterExchange)5 HttpHeaders (org.springframework.http.HttpHeaders)4 URI (java.net.URI)3 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3 BeforeEach (org.junit.jupiter.api.BeforeEach)3 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)3 Mock (org.mockito.Mock)3 MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 AuthorityUtils (org.springframework.security.core.authority.AuthorityUtils)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial