Search in sources :

Example 26 with ClientRegistration

use of org.springframework.security.oauth2.client.registration.ClientRegistration in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationWebFilterTests method loginToken.

private OAuth2LoginAuthenticationToken loginToken() {
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofDays(1)), Collections.singleton("user"));
    DefaultOAuth2User user = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"), Collections.singletonMap("user", "rob"), "user");
    ClientRegistration clientRegistration = this.registration.build();
    // @formatter:off
    OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().state("state").clientId(clientRegistration.getClientId()).authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()).redirectUri(clientRegistration.getRedirectUri()).scopes(clientRegistration.getScopes()).build();
    OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr.redirectUri(clientRegistration.getRedirectUri()).build();
    // @formatter:on
    OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
    return new OAuth2LoginAuthenticationToken(clientRegistration, authorizationExchange, user, user.getAuthorities(), accessToken);
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) DefaultOAuth2User(org.springframework.security.oauth2.core.user.DefaultOAuth2User) OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)

Example 27 with ClientRegistration

use of org.springframework.security.oauth2.client.registration.ClientRegistration in project spring-security by spring-projects.

the class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests method filterWhenJwtBearerClientNotAuthorizedThenExchangeToken.

@Test
public void filterWhenJwtBearerClientNotAuthorizedThenExchangeToken() {
    OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("exchanged-token").tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
    given(this.jwtBearerTokenResponseClient.getTokenResponse(any())).willReturn(accessTokenResponse);
    // @formatter:off
    ClientRegistration registration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth/token").build();
    // @formatter:on
    given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).willReturn(registration);
    Jwt jwtAssertion = TestJwts.jwt().build();
    Authentication jwtAuthentication = new TestingAuthenticationToken(jwtAssertion, jwtAssertion);
    MockHttpServletRequest servletRequest = new MockHttpServletRequest();
    MockHttpServletResponse servletResponse = new MockHttpServletResponse();
    ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(registration.getRegistrationId())).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.authentication(jwtAuthentication)).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletRequest(servletRequest)).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.httpServletResponse(servletResponse)).build();
    this.function.filter(request, this.exchange).block();
    verify(this.jwtBearerTokenResponseClient).getTokenResponse(any());
    verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(jwtAuthentication), any(), any());
    List<ClientRequest> requests = this.exchange.getRequests();
    assertThat(requests).hasSize(1);
    ClientRequest request1 = requests.get(0);
    assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer exchanged-token");
    assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com");
    assertThat(request1.method()).isEqualTo(HttpMethod.GET);
    assertThat(getBody(request1)).isEmpty();
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Jwt(org.springframework.security.oauth2.jwt.Jwt) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ClientRequest(org.springframework.web.reactive.function.client.ClientRequest) Test(org.junit.jupiter.api.Test)

Example 28 with ClientRegistration

use of org.springframework.security.oauth2.client.registration.ClientRegistration in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthorizationRequestRedirectUriParametersMatchThenProcessed.

// gh-7966
@Test
public void filterWhenAuthorizationRequestRedirectUriParametersMatchThenProcessed() {
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
    given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
    // 1) redirect_uri with query parameters
    Map<String, String> parameters = new LinkedHashMap<>();
    parameters.put("param1", "value1");
    parameters.put("param2", "value2");
    MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback", parameters);
    OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
    given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
    MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
    DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
    this.filter.filter(exchange, chain).block();
    verify(this.authenticationManager, times(1)).authenticate(any());
    // 2) redirect_uri with query parameters AND authorization response additional
    // parameters
    Map<String, String> additionalParameters = new LinkedHashMap<>();
    additionalParameters.put("auth-param1", "value1");
    additionalParameters.put("auth-param2", "value2");
    authorizationResponse = createAuthorizationResponse(authorizationRequest, additionalParameters);
    exchange = MockServerWebExchange.from(authorizationResponse);
    this.filter.filter(exchange, chain).block();
    verify(this.authenticationManager, times(2)).authenticate(any());
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Example 29 with ClientRegistration

use of org.springframework.security.oauth2.client.registration.ClientRegistration in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException.

// gh-8609
@Test
public void filterWhenAuthenticationConverterThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.empty());
    MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
    OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
    given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
    MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
    DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.filter.filter(exchange, chain).block()).satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode").isEqualTo("client_registration_not_found"));
    verifyNoInteractions(this.authenticationManager);
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 30 with ClientRegistration

use of org.springframework.security.oauth2.client.registration.ClientRegistration in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException.

// gh-8609
@Test
public void filterWhenAuthenticationManagerThrowsOAuth2AuthorizationExceptionThenMappedToOAuth2AuthenticationException() {
    ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
    given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
    MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
    OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
    given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.error(new OAuth2AuthorizationException(new OAuth2Error("authorization_error"))));
    MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
    MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
    DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
    assertThatExceptionOfType(OAuth2AuthenticationException.class).isThrownBy(() -> this.filter.filter(exchange, chain).block()).satisfies((ex) -> assertThat(ex.getError()).extracting("errorCode").isEqualTo("authorization_error"));
}
Also used : OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Aggregations

ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)258 Test (org.junit.jupiter.api.Test)214 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)55 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)52 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)44 HttpHeaders (org.springframework.http.HttpHeaders)42 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)36 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)32 Instant (java.time.Instant)28 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27 BeforeEach (org.junit.jupiter.api.BeforeEach)27 TestClientRegistrations (org.springframework.security.oauth2.client.registration.TestClientRegistrations)27 MockResponse (okhttp3.mockwebserver.MockResponse)26 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)26 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)26 MultiValueMap (org.springframework.util.MultiValueMap)26 HashMap (java.util.HashMap)25 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)25 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)25 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)24