Examples with OAuth2AccessToken org.springframework.security.oauth2.common.OAuth2AccessToken used on opensource projects

Search in sources :

Example 46 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class ClientCredentialsGrantTests method testConnectDirectlyToResourceServer.

@Test
public void testConnectDirectlyToResourceServer() throws Exception {
    ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
    resource.setAccessTokenUri(serverRunning.getUrl("/sparklr2/oauth/token"));
    resource.setClientId("my-client-with-registered-redirect");
    resource.setId("sparklr");
    resource.setScope(Arrays.asList("trust"));
    ClientCredentialsAccessTokenProvider provider = new ClientCredentialsAccessTokenProvider();
    OAuth2AccessToken accessToken = provider.obtainAccessToken(resource, new DefaultAccessTokenRequest());
    OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessToken));
    String result = template.getForObject(serverRunning.getUrl("/sparklr2/photos/trusted/message"), String.class);
    assertEquals("Hello, Trusted Client", result);
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DefaultOAuth2ClientContext(org.springframework.security.oauth2.client.DefaultOAuth2ClientContext) ClientCredentialsResourceDetails(org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails) ClientCredentialsAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider) OAuth2RestTemplate(org.springframework.security.oauth2.client.OAuth2RestTemplate) DefaultAccessTokenRequest(org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest) Test(org.junit.Test)

Example 47 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class RefreshTokenSupportTests method testHappyDay.

/**
	 * tests a happy-day flow of the refresh token provider.
	 */
@Test
public void testHappyDay() throws Exception {
    OAuth2AccessToken accessToken = getAccessToken("read", "my-trusted-client");
    // now use the refresh token to get a new access token.
    assertNotNull(accessToken.getRefreshToken());
    OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue());
    assertFalse(newAccessToken.getValue().equals(accessToken.getValue()));
    // make sure the new access token can be used.
    verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK);
    // make sure the old access token isn't valid anymore.
    verifyTokenResponse(accessToken.getValue(), HttpStatus.UNAUTHORIZED);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Test(org.junit.Test)

Example 48 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class RefreshTokenSupportTests method getAccessToken.

private OAuth2AccessToken getAccessToken(String scope, String clientId) throws Exception {
    MultiValueMap<String, String> formData = getTokenFormData(scope, clientId);
    HttpHeaders headers = getTokenHeaders(clientId);
    @SuppressWarnings("rawtypes") ResponseEntity<Map> response = serverRunning.postForMap("/sparklr2/oauth/token", headers, formData);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertTrue("Wrong cache control: " + response.getHeaders().getFirst("Cache-Control"), response.getHeaders().getFirst("Cache-Control").contains("no-store"));
    @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
    return accessToken;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) MultiValueMap(org.springframework.util.MultiValueMap) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)

Example 49 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testDifferentRefreshTokenMaintainsState.

@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
    // create access token
    getTokenServices().setAccessTokenValiditySeconds(1);
    getTokenServices().setClientDetailsService(new ClientDetailsService() {

        public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
            BaseClientDetails client = new BaseClientDetails();
            client.setAccessTokenValiditySeconds(1);
            client.setAuthorizedGrantTypes(Arrays.asList("authorization_code", "refresh_token"));
            return client;
        }
    });
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
    // Make it expire (and rely on mutable state in volatile token store)
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    // create another access token
    OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication);
    assertFalse("The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue()));
    assertEquals("The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue());
    // refresh access token with refresh token
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals(1, getAccessTokenCount());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) OAuth2Exception(org.springframework.security.oauth2.common.exceptions.OAuth2Exception) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) Test(org.junit.Test)

Example 50 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithJwtTests method testRefreshedTokenHasIdThatMatchesAccessToken.

@Test
public void testRefreshedTokenHasIdThatMatchesAccessToken() throws Exception {
    JsonParser parser = JsonParserFactory.create();
    OAuth2Authentication authentication = createAuthentication();
    OAuth2AccessToken initialToken = getTokenServices().createAccessToken(authentication);
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) initialToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    Map<String, ?> accessTokenInfo = parser.parseMap(JwtHelper.decode(refreshedAccessToken.getValue()).getClaims());
    Map<String, ?> refreshTokenInfo = parser.parseMap(JwtHelper.decode(refreshedAccessToken.getRefreshToken().getValue()).getClaims());
    assertEquals("Access token ID does not match refresh token ATI", accessTokenInfo.get(AccessTokenConverter.JTI), refreshTokenInfo.get(AccessTokenConverter.ATI));
    assertNotSame("Refresh token re-used", expectedExpiringRefreshToken.getValue(), refreshedAccessToken.getRefreshToken().getValue());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) JsonParser(org.springframework.security.oauth2.common.util.JsonParser) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) Test(org.junit.Test)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)171 Test (org.junit.Test)126 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)111 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)65 Date (java.util.Date)36 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31 Authentication (org.springframework.security.core.Authentication)26 HashMap (java.util.HashMap)21 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18 DBUnitTest (org.orcid.test.DBUnitTest)17 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10 Transactional (org.springframework.transaction.annotation.Transactional)10 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9 ModelAndView (org.springframework.web.servlet.ModelAndView)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial