Search in sources :

Example 1 with AuthorizationCodeAccessTokenProvider

use of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider in project spring-boot by spring-projects.

the class DefaultUserInfoRestTemplateFactory method getUserInfoRestTemplate.

@Override
public OAuth2RestTemplate getUserInfoRestTemplate() {
    if (this.oauth2RestTemplate == null) {
        this.oauth2RestTemplate = createOAuth2RestTemplate(this.details == null ? DEFAULT_RESOURCE_DETAILS : this.details);
        this.oauth2RestTemplate.getInterceptors().add(new AcceptJsonRequestInterceptor());
        AuthorizationCodeAccessTokenProvider accessTokenProvider = new AuthorizationCodeAccessTokenProvider();
        accessTokenProvider.setTokenRequestEnhancer(new AcceptJsonRequestEnhancer());
        this.oauth2RestTemplate.setAccessTokenProvider(accessTokenProvider);
        if (!CollectionUtils.isEmpty(this.customizers)) {
            AnnotationAwareOrderComparator.sort(this.customizers);
            for (UserInfoRestTemplateCustomizer customizer : this.customizers) {
                customizer.customize(this.oauth2RestTemplate);
            }
        }
    }
    return this.oauth2RestTemplate;
}
Also used : AcceptJsonRequestEnhancer(org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration.AcceptJsonRequestEnhancer) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) AcceptJsonRequestInterceptor(org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration.AcceptJsonRequestInterceptor)

Example 2 with AuthorizationCodeAccessTokenProvider

use of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method getTokenProvider.

private AccessTokenProviderChain getTokenProvider(DefaultOAuth2AccessToken accessToken, DefaultOAuth2AccessToken refreshedAccessToken) {
    AccessTokenProvider accessTokenProvider = new AuthorizationCodeAccessTokenProvider();
    accessTokenProvider = spy(accessTokenProvider);
    doReturn(accessToken).when(accessTokenProvider).obtainAccessToken(any(OAuth2ProtectedResourceDetails.class), any(AccessTokenRequest.class));
    doReturn(refreshedAccessToken).when(accessTokenProvider).refreshAccessToken(any(OAuth2ProtectedResourceDetails.class), any(OAuth2RefreshToken.class), any(AccessTokenRequest.class));
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(accessTokenProvider));
    return chain;
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) BaseOAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails) OAuth2ProtectedResourceDetails(org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider)

Example 3 with AuthorizationCodeAccessTokenProvider

use of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider in project spring-security-oauth by spring-projects.

the class AbstractAuthorizationCodeProviderTests method setupAccessTokenProvider.

@BeforeOAuth2Context
public void setupAccessTokenProvider() {
    accessTokenProvider = new AuthorizationCodeAccessTokenProvider() {

        private ResponseExtractor<OAuth2AccessToken> extractor = super.getResponseExtractor();

        private ResponseExtractor<ResponseEntity<Void>> authExtractor = super.getAuthorizationResponseExtractor();

        private ResponseErrorHandler errorHandler = super.getResponseErrorHandler();

        @Override
        protected ResponseErrorHandler getResponseErrorHandler() {
            return new DefaultResponseErrorHandler() {

                public void handleError(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    errorHandler.handleError(response);
                }
            };
        }

        @Override
        protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
            return new ResponseExtractor<OAuth2AccessToken>() {

                public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
                    try {
                        response.getHeaders();
                        response.getStatusCode();
                        tokenEndpointResponse = response;
                        return extractor.extractData(response);
                    } catch (ResourceAccessException e) {
                        return null;
                    }
                }
            };
        }

        @Override
        protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
            return new ResponseExtractor<ResponseEntity<Void>>() {

                public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    return authExtractor.extractData(response);
                }
            };
        }
    };
    context.setAccessTokenProvider(accessTokenProvider);
}
Also used : DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) ResponseErrorHandler(org.springframework.web.client.ResponseErrorHandler) ResponseExtractor(org.springframework.web.client.ResponseExtractor) IOException(java.io.IOException) ResourceAccessException(org.springframework.web.client.ResourceAccessException) ResponseEntity(org.springframework.http.ResponseEntity) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse) BeforeOAuth2Context(org.springframework.security.oauth2.client.test.BeforeOAuth2Context)

Example 4 with AuthorizationCodeAccessTokenProvider

use of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider in project spring-security-oauth by spring-projects.

the class AuthorizationCodeProviderTests method setupAccessTokenProvider.

@BeforeOAuth2Context
public void setupAccessTokenProvider() {
    accessTokenProvider = new AuthorizationCodeAccessTokenProvider() {

        private ResponseExtractor<OAuth2AccessToken> extractor = super.getResponseExtractor();

        private ResponseExtractor<ResponseEntity<Void>> authExtractor = super.getAuthorizationResponseExtractor();

        private ResponseErrorHandler errorHandler = super.getResponseErrorHandler();

        @Override
        protected ResponseErrorHandler getResponseErrorHandler() {
            return new DefaultResponseErrorHandler() {

                public void handleError(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    errorHandler.handleError(response);
                }
            };
        }

        @Override
        protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
            return new ResponseExtractor<OAuth2AccessToken>() {

                public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    return extractor.extractData(response);
                }
            };
        }

        @Override
        protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
            return new ResponseExtractor<ResponseEntity<Void>>() {

                public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
                    response.getHeaders();
                    response.getStatusCode();
                    tokenEndpointResponse = response;
                    return authExtractor.extractData(response);
                }
            };
        }
    };
    context.setAccessTokenProvider(accessTokenProvider);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) ResponseErrorHandler(org.springframework.web.client.ResponseErrorHandler) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) ResponseExtractor(org.springframework.web.client.ResponseExtractor) IOException(java.io.IOException) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse) BeforeOAuth2Context(org.springframework.security.oauth2.client.test.BeforeOAuth2Context)

Example 5 with AuthorizationCodeAccessTokenProvider

use of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider in project spring-security-oauth by spring-projects.

the class AuthorizationCodeGrantTests method testAttemptedTokenAcquisitionWithNoRedirect.

@Test
public void testAttemptedTokenAcquisitionWithNoRedirect() throws Exception {
    AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
    try {
        OAuth2AccessToken token = provider.obtainAccessToken(resource, new DefaultAccessTokenRequest());
        fail("Expected UserRedirectRequiredException");
        assertNotNull(token);
    } catch (UserRedirectRequiredException e) {
        String message = e.getMessage();
        assertTrue("Wrong message: " + message, message.contains("A redirect is required"));
    }
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException) DefaultAccessTokenRequest(org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest) Test(org.junit.Test)

Aggregations

AuthorizationCodeAccessTokenProvider (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider)9 ResponseEntity (org.springframework.http.ResponseEntity)5 ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)5 ResponseExtractor (org.springframework.web.client.ResponseExtractor)5 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)4 IOException (java.io.IOException)3 BeforeOAuth2Context (org.springframework.security.oauth2.client.test.BeforeOAuth2Context)3 DefaultResponseErrorHandler (org.springframework.web.client.DefaultResponseErrorHandler)3 ResponseErrorHandler (org.springframework.web.client.ResponseErrorHandler)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 UserApprovalRequiredException (org.springframework.security.oauth2.client.resource.UserApprovalRequiredException)2 ResourceAccessException (org.springframework.web.client.ResourceAccessException)2 Test (org.junit.Test)1 AcceptJsonRequestEnhancer (org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration.AcceptJsonRequestEnhancer)1 AcceptJsonRequestInterceptor (org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration.AcceptJsonRequestInterceptor)1 Bean (org.springframework.context.annotation.Bean)1 Scope (org.springframework.context.annotation.Scope)1 DefaultOAuth2ClientContext (org.springframework.security.oauth2.client.DefaultOAuth2ClientContext)1 OAuth2RestTemplate (org.springframework.security.oauth2.client.OAuth2RestTemplate)1 BaseOAuth2ProtectedResourceDetails (org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails)1