Example 51 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.
// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
InMemoryTokenStore tokenStore = new InMemoryTokenStore();
tokenServices.setSupportRefreshToken(true);
tokenServices.setReuseRefreshToken(false);
tokenServices.setTokenStore(tokenStore);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
Also used :
InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
Test(org.junit.Test)
Example 52 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method additionalInfoPreservedWhenTokenDecoded.
@Test
public void additionalInfoPreservedWhenTokenDecoded() {
TokenEnhancer info = new TokenEnhancer() {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
result.getAdditionalInformation().put("foo", "bar");
return result;
}
};
enhancer.setTokenEnhancers(Arrays.<TokenEnhancer>asList(info, jwtTokenEnhancer));
OAuth2AccessToken token = tokenServices.createAccessToken(authentication);
assertEquals("bar", token.getAdditionalInformation().get("foo"));
assertEquals("bar", tokenServices.readAccessToken(token.getValue()).getAdditionalInformation().get("foo"));
}
Also used :
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Test(org.junit.Test)
Example 53 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method scopePreservedWhenTokenDecoded.
@Test
public void scopePreservedWhenTokenDecoded() {
OAuth2AccessToken token = tokenServices.createAccessToken(authentication);
assertEquals("[read]", tokenServices.loadAuthentication(token.getValue()).getOAuth2Request().getScope().toString());
}
Also used :
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Test(org.junit.Test)
Example 54 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class RedisTokenStorePrefixTests method testExpiringAccessToken.
@Test
public void testExpiringAccessToken() throws InterruptedException {
String accessToken = UUID.randomUUID().toString();
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
DefaultOAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken(accessToken);
expectedOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + 1500));
getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
OAuth2AccessToken actualOAuth2AccessToken = getTokenStore().readAccessToken(accessToken);
assertEquals(expectedOAuth2AccessToken, actualOAuth2AccessToken);
assertEquals(expectedAuthentication, getTokenStore().readAuthentication(expectedOAuth2AccessToken));
// let the token expire
Thread.sleep(1500);
// now it should be gone
assertNull(getTokenStore().readAccessToken(accessToken));
assertNull(getTokenStore().readAuthentication(expectedOAuth2AccessToken));
}
Also used :
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Date(java.util.Date)
Test(org.junit.Test)
Example 55 with OAuth2AccessToken
use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class RedisTokenStoreTests method storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemoved.
// gh-572
@Test
public void storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemoved() {
OAuth2Request request = RequestTokenFactory.createOAuth2Request("clientId", false);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
OAuth2AccessToken oauth2AccessToken = new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID());
OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
tokenStore.removeAccessToken(oauth2AccessToken);
Collection<OAuth2AccessToken> oauth2AccessTokens = tokenStore.findTokensByClientId(request.getClientId());
assertTrue(oauth2AccessTokens.isEmpty());
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.Test)
Aggregations
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)173
Test (org.junit.Test)126
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)112
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)66
Date (java.util.Date)36
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31
Authentication (org.springframework.security.core.Authentication)27
HashMap (java.util.HashMap)22
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18
DBUnitTest (org.orcid.test.DBUnitTest)17
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16
OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10
Transactional (org.springframework.transaction.annotation.Transactional)10
TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9
ModelAndView (org.springframework.web.servlet.ModelAndView)9
