use of org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails in project spring-boot by spring-projects.
the class UserInfoTokenServicesRefreshTokenTests method withRestTemplateChangesState.
@Test
public void withRestTemplateChangesState() {
OAuth2ProtectedResourceDetails resource = new AuthorizationCodeResourceDetails();
OAuth2ClientContext context = new DefaultOAuth2ClientContext();
context.setAccessToken(new DefaultOAuth2AccessToken("FOO"));
this.services.setRestTemplate(new OAuth2RestTemplate(resource, context));
assertThat(this.services.loadAuthentication("BAR").getName()).isEqualTo("me");
assertThat(context.getAccessToken().getValue()).isEqualTo("BAR");
}
use of org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplateTests method testTokenIsResetIfInvalid.
@Test
public void testTokenIsResetIfInvalid() throws Exception {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("TEST");
token.setExpiration(new Date(System.currentTimeMillis() - 1000));
restTemplate.getOAuth2ClientContext().setAccessToken(token);
restTemplate.setAccessTokenProvider(new StubAccessTokenProvider() {
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
throw new UserRedirectRequiredException("http://foo.com", Collections.<String, String>emptyMap());
}
});
try {
OAuth2AccessToken newToken = restTemplate.getAccessToken();
assertNotNull(newToken);
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// planned
}
// context token should be reset as it clearly is invalid at this point
assertNull(restTemplate.getOAuth2ClientContext().getAccessToken());
}
use of org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testRequiresAuthenticationButRedirected.
@Test(expected = UserRedirectRequiredException.class)
public void testRequiresAuthenticationButRedirected() throws Exception {
final AccessTokenRequest request = new DefaultAccessTokenRequest();
AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider() {
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
throw new UserRedirectRequiredException("redirect test", request.toSingleValueMap());
}
}));
OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
assertNotNull(token);
}
use of org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class OAuth2ContextSetup method initializeIfNecessary.
private void initializeIfNecessary(FrameworkMethod method, final Object target) {
final TestClass testClass = new TestClass(target.getClass());
OAuth2ContextConfiguration contextConfiguration = findOAuthContextConfiguration(method, testClass);
if (contextConfiguration == null) {
// Nothing to do
return;
}
this.initializeAccessToken = contextConfiguration.initialize();
this.resource = creatResource(target, contextConfiguration);
final List<FrameworkMethod> befores = testClass.getAnnotatedMethods(BeforeOAuth2Context.class);
if (!befores.isEmpty()) {
logger.debug("Running @BeforeOAuth2Context methods");
for (FrameworkMethod before : befores) {
RestOperations savedServerClient = clientHolder.getRestTemplate();
OAuth2ContextConfiguration beforeConfiguration = findOAuthContextConfiguration(before, testClass);
if (beforeConfiguration != null) {
OAuth2ProtectedResourceDetails resource = creatResource(target, beforeConfiguration);
AccessTokenRequest beforeRequest = new DefaultAccessTokenRequest();
beforeRequest.setAll(parameters);
OAuth2RestTemplate client = createRestTemplate(resource, beforeRequest);
clientHolder.setRestTemplate(client);
}
AccessTokenRequest request = new DefaultAccessTokenRequest();
request.setAll(parameters);
this.client = createRestTemplate(this.resource, request);
List<FrameworkMethod> list = Arrays.asList(before);
try {
new RunBefores(new Statement() {
public void evaluate() {
}
}, list, target).evaluate();
} catch (AssumptionViolatedException e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (AssertionError e) {
throw e;
} catch (Throwable e) {
logger.debug("Exception in befores", e);
Assert.assertThat(e, CoreMatchers.not(CoreMatchers.anything()));
} finally {
clientHolder.setRestTemplate(savedServerClient);
}
}
}
}
use of org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails in project spring-security-oauth by spring-projects.
the class DefaultOAuth2RequestAuthenticator method authenticate.
@Override
public void authenticate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext clientContext, ClientHttpRequest request) {
OAuth2AccessToken accessToken = clientContext.getAccessToken();
if (accessToken == null) {
throw new AccessTokenRequiredException(resource);
}
String tokenType = accessToken.getTokenType();
if (!StringUtils.hasText(tokenType)) {
// we'll assume basic bearer token type if none is specified.
tokenType = OAuth2AccessToken.BEARER_TYPE;
}
request.getHeaders().set("Authorization", String.format("%s %s", tokenType, accessToken.getValue()));
}
Aggregations