Example 1 with OAuth2AuthorizationRequestResolver
use of org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver in project spring-security by spring-projects.
the class OAuth2LoginConfigurerTests method requestWhenOauth2LoginWithCustomAuthorizationRequestParametersThenParametersInRedirectedUrl.
@Test
public void requestWhenOauth2LoginWithCustomAuthorizationRequestParametersThenParametersInRedirectedUrl() throws Exception {
loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class);
OAuth2AuthorizationRequestResolver resolver = this.context.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolverInLambda.class).resolver;
// @formatter:off
OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa").authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1").build();
// @formatter:on
given(resolver.resolve(any())).willReturn(result);
String requestUri = "/oauth2/authorization/google";
this.request = new MockHttpServletRequest("GET", requestUri);
this.request.setServletPath(requestUri);
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
}
Also used :
OAuth2AuthorizationRequestResolver(org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Test(org.junit.jupiter.api.Test)
Example 2 with OAuth2AuthorizationRequestResolver
use of org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver in project spring-security by spring-projects.
the class OAuth2LoginConfigurerTests method oauth2LoginWithCustomAuthorizationRequestParameters.
// gh-5521
@Test
public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception {
loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class);
OAuth2AuthorizationRequestResolver resolver = this.context.getBean(OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver;
// @formatter:off
OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://accounts.google.com/authorize").clientId("client-id").state("adsfa").authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1").build();
// @formatter:on
given(resolver.resolve(any())).willReturn(result);
String requestUri = "/oauth2/authorization/google";
this.request = new MockHttpServletRequest("GET", requestUri);
this.request.setServletPath(requestUri);
this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1");
}
Also used :
OAuth2AuthorizationRequestResolver(org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Test(org.junit.jupiter.api.Test)
Example 3 with OAuth2AuthorizationRequestResolver
use of org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver in project spring-security by spring-projects.
the class OAuth2ClientConfigurerTests method configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters.
// gh-5521
@Test
public void configureWhenCustomAuthorizationRequestResolverSetThenAuthorizationRequestIncludesCustomParameters() throws Exception {
// Override default resolver
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = authorizationRequestResolver;
authorizationRequestResolver = mock(OAuth2AuthorizationRequestResolver.class);
given(authorizationRequestResolver.resolve(any())).willAnswer((invocation) -> defaultAuthorizationRequestResolver.resolve(invocation.getArgument(0)));
this.spring.register(OAuth2ClientConfig.class).autowire();
// @formatter:off
this.mockMvc.perform(get("/oauth2/authorization/registration-1")).andExpect(status().is3xxRedirection()).andReturn();
// @formatter:on
verify(authorizationRequestResolver).resolve(any());
}
Also used :
OAuth2AuthorizationRequestResolver(org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver)
DefaultOAuth2AuthorizationRequestResolver(org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver)
Test(org.junit.jupiter.api.Test)
Example 4 with OAuth2AuthorizationRequestResolver
use of org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver in project spring-security by spring-projects.
the class OAuth2AuthorizationRequestRedirectFilterTests method doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownButAuthorizationRequestNotResolvedThenStatusInternalServerError.
@Test
public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownButAuthorizationRequestNotResolvedThenStatusInternalServerError() throws Exception {
String requestUri = "/path";
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setServletPath(requestUri);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
filter.doFilter(request, response, filterChain);
verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
verifyZeroInteractions(filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.value());
assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ServletRequest(jakarta.servlet.ServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ServletResponse(jakarta.servlet.ServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(jakarta.servlet.FilterChain)
ClientAuthorizationRequiredException(org.springframework.security.oauth2.client.ClientAuthorizationRequiredException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 5 with OAuth2AuthorizationRequestResolver
use of org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver in project spring-security by spring-projects.
the class OAuth2AuthorizationRequestRedirectFilterTests method doFilterWhenAuthorizationRequestAndAdditionalParametersProvidedThenAuthorizationRequestIncludesAdditionalParameters.
// gh-4911
@Test
public void doFilterWhenAuthorizationRequestAndAdditionalParametersProvidedThenAuthorizationRequestIncludesAdditionalParameters() throws Exception {
String requestUri = OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + this.registration1.getRegistrationId();
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setServletPath(requestUri);
request.addParameter("idp", "https://other.provider.com");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
OAuth2AuthorizationRequestResolver resolver = mock(OAuth2AuthorizationRequestResolver.class);
OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.from(defaultAuthorizationRequestResolver.resolve(request)).additionalParameters(Collections.singletonMap("idp", request.getParameter("idp"))).build();
given(resolver.resolve(any())).willReturn(result);
OAuth2AuthorizationRequestRedirectFilter filter = new OAuth2AuthorizationRequestRedirectFilter(resolver);
filter.doFilter(request, response, filterChain);
verifyZeroInteractions(filterChain);
assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/login/oauth2/code/registration-id&" + "idp=https://other.provider.com");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(jakarta.servlet.FilterChain)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)4
FilterChain (jakarta.servlet.FilterChain)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
OAuth2AuthorizationRequestResolver (org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver)3
ServletRequest (jakarta.servlet.ServletRequest)1
ServletResponse (jakarta.servlet.ServletResponse)1
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
HashMap (java.util.HashMap)1
ClientAuthorizationRequiredException (org.springframework.security.oauth2.client.ClientAuthorizationRequiredException)1
DefaultOAuth2AuthorizationRequestResolver (org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver)1
