Search in sources :

Example 96 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenTest.

@Test
public void createRefreshTokenTest() {
    // Create token, create refresh, parent should be disabled, scopes
    // should be equal
    long time = System.currentTimeMillis();
    String scope = "/activities/update";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = null;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, scope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, scope);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertTrue(parentToken.getTokenDisabled());
    assertEquals(scope, parentToken.getScope());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertEquals(scope, refreshToken.getScope());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 97 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParent.

@Test
public void createRefreshTokenWithoutRevokeParent() {
    // Create token, create refresh without disabling parent token, parent
    // should be enabled, refresh should be enabled
    long time = System.currentTimeMillis();
    String parentScope = "/activities/update /read-limited";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = false;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertFalse(parentToken.getTokenDisabled());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
    assertEquals(parentToken.getScope(), refreshToken.getScope());
    Set<String> tokenScopes = OAuth2Utils.parseParameterList(parentToken.getScope());
    Set<String> originalScopes = OAuth2Utils.parseParameterList(parentScope);
    assertEquals(originalScopes, tokenScopes);
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 98 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes.

@Test
public void createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes() {
    // Create token, create refresh with narrower scopes and without
    // disabling parent token, parent should work, refresh should have
    // narrower scopes
    long time = System.currentTimeMillis();
    String parentScope = "/person/read-limited";
    String refreshScope = "/orcid-bio/read-limited";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = false;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, refreshScope);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertFalse(parentToken.getTokenDisabled());
    assertEquals(parentScope, parentToken.getScope());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertEquals(refreshScope, refreshToken.getScope());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 99 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractClientCredentialsProviderTests method testPostForTokenWithNoScopes.

/**
	 * tests that the registered scopes are used as defaults
	 */
@Test
@OAuth2ContextConfiguration(NoScopeClientCredentials.class)
public void testPostForTokenWithNoScopes() throws Exception {
    OAuth2AccessToken token = context.getAccessToken();
    assertFalse("Wrong scope: " + token.getScope(), token.getScope().isEmpty());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration) Test(org.junit.Test)

Example 100 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractRefreshTokenSupportTests method getAccessToken.

private OAuth2AccessToken getAccessToken(String scope, String clientId) throws Exception {
    MultiValueMap<String, String> formData = getTokenFormData(scope, clientId);
    HttpHeaders headers = getTokenHeaders(clientId);
    @SuppressWarnings("rawtypes") ResponseEntity<Map> response = http.postForMap(tokenPath(), headers, formData);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertTrue("Wrong cache control: " + response.getHeaders().getFirst("Cache-Control"), response.getHeaders().getFirst("Cache-Control").contains("no-store"));
    @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
    return accessToken;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) MultiValueMap(org.springframework.util.MultiValueMap) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)171 Test (org.junit.Test)126 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)111 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)65 Date (java.util.Date)36 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)31 Authentication (org.springframework.security.core.Authentication)26 HashMap (java.util.HashMap)21 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)18 DBUnitTest (org.orcid.test.DBUnitTest)17 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)17 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)16 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)11 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)10 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)10 Transactional (org.springframework.transaction.annotation.Transactional)10 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)9 ModelAndView (org.springframework.web.servlet.ModelAndView)9