Search in sources :

Example 61 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JwtAccessTokenConverterTests method testEnhanceAccessToken.

@Test
public void testEnhanceAccessToken() {
    OAuth2Authentication authentication = new OAuth2Authentication(createOAuth2Request("foo", null), userAuthentication);
    OAuth2AccessToken token = tokenEnhancer.enhance(new DefaultOAuth2AccessToken("FOO"), authentication);
    assertNotNull(token.getValue());
    assertEquals("FOO", token.getAdditionalInformation().get(AccessTokenConverter.JTI));
    String claims = JwtHelper.decode(token.getValue()).getClaims();
    assertTrue("Wrong claims: " + claims, claims.contains("\"" + AccessTokenConverter.JTI + "\":\"FOO\""));
    assertTrue("Wrong claims: " + claims, claims.contains("\"" + UserAuthenticationConverter.USERNAME + "\""));
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 62 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JwtAccessTokenConverterTests method testScopePreserved.

@Test
public void testScopePreserved() {
    OAuth2Authentication authentication = new OAuth2Authentication(createOAuth2Request("foo", Collections.singleton("read")), userAuthentication);
    DefaultOAuth2AccessToken original = new DefaultOAuth2AccessToken("FOO");
    original.setScope(authentication.getOAuth2Request().getScope());
    OAuth2AccessToken token = tokenEnhancer.enhance(original, authentication);
    assertNotNull(token.getValue());
    assertEquals(Collections.singleton("read"), token.getScope());
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 63 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JwtAccessTokenConverterTests method testExpiringRefreshTokenAdded.

@Test
public void testExpiringRefreshTokenAdded() throws Exception {
    OAuth2Authentication authentication = new OAuth2Authentication(createOAuth2Request("foo", Collections.singleton("read")), userAuthentication);
    DefaultOAuth2AccessToken original = new DefaultOAuth2AccessToken("FOO");
    original.setScope(authentication.getOAuth2Request().getScope());
    original.setRefreshToken(new DefaultExpiringOAuth2RefreshToken("BAR", new Date(0)));
    original.setExpiration(new Date());
    OAuth2AccessToken token = tokenEnhancer.enhance(original, authentication);
    assertNotNull(token.getValue());
    assertNotNull(token.getRefreshToken());
    JsonParser parser = JsonParserFactory.create();
    Map<String, Object> claims = parser.parseMap(JwtHelper.decode(token.getRefreshToken().getValue()).getClaims());
    assertEquals(Arrays.asList("read"), claims.get(AccessTokenConverter.SCOPE));
    assertEquals("FOO", claims.get(AccessTokenConverter.ATI));
    assertEquals("BAR", claims.get(AccessTokenConverter.JTI));
    assertEquals(0, claims.get(AccessTokenConverter.EXP));
    tokenEnhancer.afterPropertiesSet();
    assertTrue(tokenEnhancer.isRefreshToken(tokenEnhancer.extractAccessToken(token.getRefreshToken().getValue(), tokenEnhancer.decode(token.getRefreshToken().getValue()))));
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) JsonParser(org.springframework.security.oauth2.common.util.JsonParser) Test(org.junit.Test)

Example 64 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JwtTokenStoreTests method testAccessTokenCannotBeExtractedFromAuthentication.

@Test
public void testAccessTokenCannotBeExtractedFromAuthentication() throws Exception {
    OAuth2AccessToken accessToken = tokenStore.getAccessToken(expectedAuthentication);
    assertEquals(null, accessToken);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Test(org.junit.Test)

Example 65 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class TokenStoreBaseTests method testFindAccessTokensByClientId.

@Test
public void testFindAccessTokensByClientId() {
    String clientId = "id" + UUID.randomUUID();
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(clientId, false), new TestAuthentication("test2", false));
    OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
    getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
    Collection<OAuth2AccessToken> actualOAuth2AccessTokens = getTokenStore().findTokensByClientId(clientId);
    assertEquals(1, actualOAuth2AccessTokens.size());
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)173 Test (org.junit.Test)126 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)112 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)66 Date (java.util.Date)36 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31 Authentication (org.springframework.security.core.Authentication)27 HashMap (java.util.HashMap)22 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18 DBUnitTest (org.orcid.test.DBUnitTest)17 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10 Transactional (org.springframework.transaction.annotation.Transactional)10 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9 ModelAndView (org.springframework.web.servlet.ModelAndView)9