use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testRefreshAccessTokenReplacingNullValue.
@Test
public void testRefreshAccessTokenReplacingNullValue() throws Exception {
DefaultOAuth2AccessToken accessToken = getExpiredToken();
DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
AccessTokenProviderChain chain = getTokenProvider(accessToken, refreshedAccessToken);
SecurityContextHolder.getContext().setAuthentication(user);
// Obtain a new Access Token
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
AccessTokenRequest request = new DefaultAccessTokenRequest();
OAuth2AccessToken newAccessToken = chain.refreshAccessToken(resource, accessToken.getRefreshToken(), request);
// gh-712
assertEquals(newAccessToken.getRefreshToken(), accessToken.getRefreshToken());
}
use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithNoClientId.
@Test
public void testGetAccessTokenWithNoClientId() throws HttpRequestMethodNotSupportedException {
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put(OAuth2Utils.GRANT_TYPE, "authorization_code");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
clientAuthentication = new UsernamePasswordAuthenticationToken(null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT")));
ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithScope.
@Test
public void testGetAccessTokenWithScope() throws HttpRequestMethodNotSupportedException {
when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(clientDetails);
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put("client_id", clientId);
parameters.put("scope", "read");
parameters.put("grant_type", "authorization_code");
parameters.put("code", "kJAHDFG");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
ArgumentCaptor<TokenRequest> captor = ArgumentCaptor.forClass(TokenRequest.class);
when(tokenGranter.grant(Mockito.eq("authorization_code"), captor.capture())).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.eq(clientDetails))).thenReturn(createFromParameters(parameters));
ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
assertTrue("Scope of token request not cleared", captor.getValue().getScope().isEmpty());
}
use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithSupportedRequestParametersNotPost.
@Test
public void testGetAccessTokenWithSupportedRequestParametersNotPost() throws HttpRequestMethodNotSupportedException {
endpoint.setAllowedRequestMethods(new HashSet<HttpMethod>(Arrays.asList(HttpMethod.GET)));
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put("client_id", clientId);
parameters.put("scope", "read");
parameters.put("grant_type", "authorization_code");
parameters.put("code", "kJAHDFG");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
ResponseEntity<OAuth2AccessToken> response = endpoint.getAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
use of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.
@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
return token;
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
});
client.setScope(Collections.singleton("read"));
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Aggregations