Search in sources :

Example 16 with DefaultOAuth2AccessToken

use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testRefreshAccessTokenReplacingNullValue.

@Test
public void testRefreshAccessTokenReplacingNullValue() throws Exception {
    DefaultOAuth2AccessToken accessToken = getExpiredToken();
    DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
    AccessTokenProviderChain chain = getTokenProvider(accessToken, refreshedAccessToken);
    SecurityContextHolder.getContext().setAuthentication(user);
    // Obtain a new Access Token
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    OAuth2AccessToken newAccessToken = chain.refreshAccessToken(resource, accessToken.getRefreshToken(), request);
    // gh-712
    assertEquals(newAccessToken.getRefreshToken(), accessToken.getRefreshToken());
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 17 with DefaultOAuth2AccessToken

use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.

the class TokenEndpointTests method testGetAccessTokenWithNoClientId.

@Test
public void testGetAccessTokenWithNoClientId() throws HttpRequestMethodNotSupportedException {
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put(OAuth2Utils.GRANT_TYPE, "authorization_code");
    OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
    when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
    @SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
    when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
    clientAuthentication = new UsernamePasswordAuthenticationToken(null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT")));
    ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
    assertNotNull(response);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    OAuth2AccessToken body = response.getBody();
    assertEquals(body, expectedToken);
    assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 18 with DefaultOAuth2AccessToken

use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.

the class TokenEndpointTests method testGetAccessTokenWithScope.

@Test
public void testGetAccessTokenWithScope() throws HttpRequestMethodNotSupportedException {
    when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(clientDetails);
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("scope", "read");
    parameters.put("grant_type", "authorization_code");
    parameters.put("code", "kJAHDFG");
    OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
    ArgumentCaptor<TokenRequest> captor = ArgumentCaptor.forClass(TokenRequest.class);
    when(tokenGranter.grant(Mockito.eq("authorization_code"), captor.capture())).thenReturn(expectedToken);
    @SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
    when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.eq(clientDetails))).thenReturn(createFromParameters(parameters));
    ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
    assertNotNull(response);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    OAuth2AccessToken body = response.getBody();
    assertEquals(body, expectedToken);
    assertTrue("Wrong body: " + body, body.getTokenType() != null);
    assertTrue("Scope of token request not cleared", captor.getValue().getScope().isEmpty());
}
Also used : HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 19 with DefaultOAuth2AccessToken

use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.

the class TokenEndpointTests method testGetAccessTokenWithSupportedRequestParametersNotPost.

@Test
public void testGetAccessTokenWithSupportedRequestParametersNotPost() throws HttpRequestMethodNotSupportedException {
    endpoint.setAllowedRequestMethods(new HashSet<HttpMethod>(Arrays.asList(HttpMethod.GET)));
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("scope", "read");
    parameters.put("grant_type", "authorization_code");
    parameters.put("code", "kJAHDFG");
    OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
    when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
    @SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
    when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
    ResponseEntity<OAuth2AccessToken> response = endpoint.getAccessToken(clientAuthentication, parameters);
    assertNotNull(response);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    OAuth2AccessToken body = response.getBody();
    assertEquals(body, expectedToken);
    assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) HttpMethod(org.springframework.http.HttpMethod) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 20 with DefaultOAuth2AccessToken

use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.

@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }
    });
    client.setScope(Collections.singleton("read"));
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Also used : LinkedHashSet(java.util.LinkedHashSet) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)94 Test (org.junit.Test)78 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)52 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)47 Date (java.util.Date)27 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)13 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)12 HashMap (java.util.HashMap)11 Authentication (org.springframework.security.core.Authentication)11 URI (java.net.URI)9 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)9 AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)8 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)8 DBUnitTest (org.orcid.test.DBUnitTest)7 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)6 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6 Before (org.junit.Before)5 BaseOAuth2ProtectedResourceDetails (org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails)5 OAuth2ProtectedResourceDetails (org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5