Search in sources :

Example 6 with AccessTokenProviderChain

use of org.springframework.security.oauth2.client.token.AccessTokenProviderChain in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testSunnyDayWIthExpiredTokenAndExpiredRefreshToken.

@Test(expected = InvalidTokenException.class)
public void testSunnyDayWIthExpiredTokenAndExpiredRefreshToken() throws Exception {
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
    accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    DefaultOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("EXP", new Date(System.currentTimeMillis() - 1000));
    accessToken.setRefreshToken(refreshToken);
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setExistingToken(accessToken);
    SecurityContextHolder.getContext().setAuthentication(user);
    OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
    assertNotNull(token);
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Date(java.util.Date) Test(org.junit.Test)

Example 7 with AccessTokenProviderChain

use of org.springframework.security.oauth2.client.token.AccessTokenProviderChain in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testSunnyDayWithTokenServicesGet.

@Test
public void testSunnyDayWithTokenServicesGet() throws Exception {
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Collections.<AccessTokenProvider>emptyList());
    when(clientTokenServices.getAccessToken(resource, user)).thenReturn(accessToken);
    chain.setClientTokenServices(clientTokenServices);
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    SecurityContextHolder.getContext().setAuthentication(user);
    OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
    assertEquals(accessToken, token);
    Mockito.verify(clientTokenServices).saveAccessToken(resource, user, token);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Test(org.junit.Test)

Example 8 with AccessTokenProviderChain

use of org.springframework.security.oauth2.client.token.AccessTokenProviderChain in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testSunnyDayWithExpiredToken.

@Test
public void testSunnyDayWithExpiredToken() throws Exception {
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
    accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setExistingToken(accessToken);
    SecurityContextHolder.getContext().setAuthentication(user);
    OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
    assertNotNull(token);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) Test(org.junit.Test)

Example 9 with AccessTokenProviderChain

use of org.springframework.security.oauth2.client.token.AccessTokenProviderChain in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testRefreshAccessTokenTwicePreserveRefreshToken.

// gh-712
@Test
public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
    DefaultOAuth2AccessToken accessToken = getExpiredToken();
    DefaultOAuth2AccessToken expectedRefreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
    expectedRefreshedAccessToken.setExpiration(accessToken.getExpiration());
    AccessTokenProviderChain chain = getTokenProvider(accessToken, expectedRefreshedAccessToken);
    SecurityContextHolder.getContext().setAuthentication(user);
    // Obtain a new Access Token
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    OAuth2AccessToken tokenResult = chain.obtainAccessToken(resource, request);
    assertEquals(accessToken, tokenResult);
    // Obtain the 1st Refreshed Access Token
    Calendar tokenExpiry = Calendar.getInstance();
    tokenExpiry.setTime(tokenResult.getExpiration());
    tokenExpiry.add(Calendar.MINUTE, -1);
    // Expire
    DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());
    request = new DefaultAccessTokenRequest();
    request.setExistingToken(tokenResult);
    tokenResult = chain.obtainAccessToken(resource, request);
    assertEquals(expectedRefreshedAccessToken, tokenResult);
    // Obtain the 2nd Refreshed Access Token
    tokenExpiry.setTime(tokenResult.getExpiration());
    tokenExpiry.add(Calendar.MINUTE, -1);
    // Expire
    DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());
    request = new DefaultAccessTokenRequest();
    request.setExistingToken(tokenResult);
    tokenResult = chain.obtainAccessToken(resource, request);
    assertEquals(expectedRefreshedAccessToken, tokenResult);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Calendar(java.util.Calendar) AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 10 with AccessTokenProviderChain

use of org.springframework.security.oauth2.client.token.AccessTokenProviderChain in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testRequiresAuthenticationButRedirected.

@Test(expected = UserRedirectRequiredException.class)
public void testRequiresAuthenticationButRedirected() throws Exception {
    final AccessTokenRequest request = new DefaultAccessTokenRequest();
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider() {

        @Override
        public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
            throw new UserRedirectRequiredException("redirect test", request.toSingleValueMap());
        }
    }));
    OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
    assertNotNull(token);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) BaseOAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails) OAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)14 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)14 Date (java.util.Date)4 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)4 AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)3 BaseOAuth2ProtectedResourceDetails (org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails)2 OAuth2ProtectedResourceDetails (org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails)2 AuthorizationCodeAccessTokenProvider (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider)2 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)2 Calendar (java.util.Calendar)1 Bean (org.springframework.context.annotation.Bean)1 Scope (org.springframework.context.annotation.Scope)1 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1 DefaultOAuth2ClientContext (org.springframework.security.oauth2.client.DefaultOAuth2ClientContext)1 OAuth2RestTemplate (org.springframework.security.oauth2.client.OAuth2RestTemplate)1 UserRedirectRequiredException (org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)1 AccessTokenProviderChain (org.springframework.security.oauth2.client.token.AccessTokenProviderChain)1 ClientCredentialsResourceDetails (org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails)1 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)1