Example 1 with HttpSessionOAuth2AuthorizationRequestRepository
use of org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationFilterTests method setUp.
@BeforeEach
public void setUp() {
this.registration1 = TestClientRegistrations.clientRegistration().build();
this.registration2 = TestClientRegistrations.clientRegistration2().build();
this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1, this.registration2);
this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository);
this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService);
this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
this.failureHandler = mock(AuthenticationFailureHandler.class);
this.authenticationManager = mock(AuthenticationManager.class);
this.authenticationDetailsSource = mock(AuthenticationDetailsSource.class);
this.filter = spy(new OAuth2LoginAuthenticationFilter(this.clientRegistrationRepository, this.authorizedClientRepository, OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI));
this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
this.filter.setAuthenticationFailureHandler(this.failureHandler);
this.filter.setAuthenticationManager(this.authenticationManager);
this.filter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
AuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource)
InMemoryOAuth2AuthorizedClientService(org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService)
InMemoryClientRegistrationRepository(org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository)
AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 2 with HttpSessionOAuth2AuthorizationRequestRepository
use of org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests method loadAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequests.
@Test
public void loadAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequests() {
// save 2 requests with legacy (allowMultipleAuthorizationRequests=true) and load
// with new
HttpSessionOAuth2AuthorizationRequestRepository legacy = new HttpSessionOAuth2AuthorizationRequestRepository();
legacy.setAllowMultipleAuthorizationRequests(true);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().state(state1).build();
legacy.saveAuthorizationRequest(authorizationRequest1, request, response);
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().state(state2).build();
legacy.saveAuthorizationRequest(authorizationRequest2, request, response);
request.setParameter(OAuth2ParameterNames.STATE, state1);
OAuth2AuthorizationRequest loaded = this.authorizationRequestRepository.loadAuthorizationRequest(request);
assertThat(loaded).isEqualTo(authorizationRequest1);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 3 with HttpSessionOAuth2AuthorizationRequestRepository
use of org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizationRequestRepositoryAllowMultipleAuthorizationRequestsTests method saveAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequests.
@Test
public void saveAuthorizationRequestWhenSavedWithAllowMultipleAuthorizationRequests() {
// save 2 requests with legacy (allowMultipleAuthorizationRequests=true), save
// with new, and load with new
HttpSessionOAuth2AuthorizationRequestRepository legacy = new HttpSessionOAuth2AuthorizationRequestRepository();
legacy.setAllowMultipleAuthorizationRequests(true);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = createAuthorizationRequest().state(state1).build();
legacy.saveAuthorizationRequest(authorizationRequest1, request, response);
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = createAuthorizationRequest().state(state2).build();
legacy.saveAuthorizationRequest(authorizationRequest2, request, response);
String state3 = "state-5566";
OAuth2AuthorizationRequest authorizationRequest3 = createAuthorizationRequest().state(state3).build();
this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest3, request, response);
request.setParameter(OAuth2ParameterNames.STATE, state3);
OAuth2AuthorizationRequest loaded = this.authorizationRequestRepository.loadAuthorizationRequest(request);
assertThat(loaded).isEqualTo(authorizationRequest3);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 4 with HttpSessionOAuth2AuthorizationRequestRepository
use of org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository in project spring-security by spring-projects.
the class OAuth2ClientConfigurerTests method configureWhenRequestCacheProvidedAndClientAuthorizationSucceedsThenRequestCacheUsed.
@Test
public void configureWhenRequestCacheProvidedAndClientAuthorizationSucceedsThenRequestCacheUsed() throws Exception {
this.spring.register(OAuth2ClientConfig.class).autowire();
// Setup the Authorization Request in the session
Map<String, Object> attributes = new HashMap<>();
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
// @formatter:off
OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()).clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state").attributes(attributes).build();
// @formatter:on
AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
MockHttpServletResponse response = new MockHttpServletResponse();
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
MockHttpSession session = (MockHttpSession) request.getSession();
String principalName = "user1";
TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
// @formatter:off
MockHttpServletRequestBuilder clientRequest = get("/client-1").param(OAuth2ParameterNames.CODE, "code").param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session);
this.mockMvc.perform(clientRequest).andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
// @formatter:on
verify(requestCache).getRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
}
Also used :
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
HttpSessionOAuth2AuthorizationRequestRepository(org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 5 with HttpSessionOAuth2AuthorizationRequestRepository
use of org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository in project spring-security by spring-projects.
the class OAuth2ClientConfigurerTests method configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved.
@Test
public void configureWhenAuthorizationCodeResponseSuccessThenAuthorizedClientSaved() throws Exception {
this.spring.register(OAuth2ClientConfig.class).autowire();
// Setup the Authorization Request in the session
Map<String, Object> attributes = new HashMap<>();
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, this.registration1.getRegistrationId());
// @formatter:off
OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode().authorizationUri(this.registration1.getProviderDetails().getAuthorizationUri()).clientId(this.registration1.getClientId()).redirectUri("http://localhost/client-1").state("state").attributes(attributes).build();
// @formatter:on
AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
MockHttpServletResponse response = new MockHttpServletResponse();
authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
MockHttpSession session = (MockHttpSession) request.getSession();
String principalName = "user1";
TestingAuthenticationToken authentication = new TestingAuthenticationToken(principalName, "password");
// @formatter:off
MockHttpServletRequestBuilder clientRequest = get("/client-1").param(OAuth2ParameterNames.CODE, "code").param(OAuth2ParameterNames.STATE, "state").with(authentication(authentication)).session(session);
this.mockMvc.perform(clientRequest).andExpect(status().is3xxRedirection()).andExpect(redirectedUrl("http://localhost/client-1"));
// @formatter:on
OAuth2AuthorizedClient authorizedClient = authorizedClientRepository.loadAuthorizedClient(this.registration1.getRegistrationId(), authentication, request);
assertThat(authorizedClient).isNotNull();
}
Also used :
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
HttpSessionOAuth2AuthorizationRequestRepository(org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
RegisteredOAuth2AuthorizedClient(org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)
OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)4
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)4
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
HashMap (java.util.HashMap)2
BeforeEach (org.junit.jupiter.api.BeforeEach)2
MockHttpSession (org.springframework.mock.web.MockHttpSession)2
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)2
InMemoryOAuth2AuthorizedClientService (org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService)2
InMemoryClientRegistrationRepository (org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository)2
HttpSessionOAuth2AuthorizationRequestRepository (org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
AuthenticationDetailsSource (org.springframework.security.authentication.AuthenticationDetailsSource)1
SecurityContext (org.springframework.security.core.context.SecurityContext)1
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)1
RegisteredOAuth2AuthorizedClient (org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient)1
AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1
