use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class JaxbOAuth2AccessTokenMessageConverterTests method assertTokenEquals.
private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) {
assertEquals(expected.getTokenType(), actual.getTokenType());
assertEquals(expected.getValue(), actual.getValue());
OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken();
if (expectedRefreshToken == null) {
assertNull(actual.getRefreshToken());
} else {
assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue());
}
assertEquals(expected.getScope(), actual.getScope());
Date expectedExpiration = expected.getExpiration();
if (expectedExpiration == null) {
assertNull(actual.getExpiration());
} else {
assertEquals(expectedExpiration.getTime(), actual.getExpiration().getTime());
}
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class AbstractDefaultTokenServicesTests method testRefreshedTokenNotExpiring.
@Test
public void testRefreshedTokenNotExpiring() throws Exception {
getTokenServices().setRefreshTokenValiditySeconds(0);
OAuth2RefreshToken expectedExpiringRefreshToken = getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
assertFalse(expectedExpiringRefreshToken instanceof DefaultExpiringOAuth2RefreshToken);
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChain method obtainAccessToken.
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
OAuth2AccessToken accessToken = null;
OAuth2AccessToken existingToken = null;
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof AnonymousAuthenticationToken) {
if (!resource.isClientOnly()) {
throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
}
}
if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {
existingToken = request.getExistingToken();
if (existingToken == null && clientTokenServices != null) {
existingToken = clientTokenServices.getAccessToken(resource, auth);
}
if (existingToken != null) {
if (existingToken.isExpired()) {
if (clientTokenServices != null) {
clientTokenServices.removeAccessToken(resource, auth);
}
OAuth2RefreshToken refreshToken = existingToken.getRefreshToken();
if (refreshToken != null) {
accessToken = refreshAccessToken(resource, refreshToken, request);
}
} else {
accessToken = existingToken;
}
}
}
if (accessToken == null) {
// looks like we need to try to obtain a new token.
accessToken = obtainNewAccessTokenInternal(resource, request);
if (accessToken == null) {
throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
}
}
if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
clientTokenServices.saveAccessToken(resource, auth, accessToken);
}
return accessToken;
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class RedisTokenStoreMockTests method storeRefreshTokenRemoveRefreshTokenVerifyKeysRemoved.
// gh-572
@Test
public void storeRefreshTokenRemoveRefreshTokenVerifyKeysRemoved() {
OAuth2RefreshToken oauth2RefreshToken = new DefaultOAuth2RefreshToken("refresh-token-" + UUID.randomUUID());
OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
tokenStore.storeRefreshToken(oauth2RefreshToken, oauth2Authentication);
ArgumentCaptor<byte[]> keyArgs = ArgumentCaptor.forClass(byte[].class);
verify(connection, times(2)).set(keyArgs.capture(), any(byte[].class));
tokenStore.removeRefreshToken(oauth2RefreshToken);
for (byte[] key : keyArgs.getAllValues()) {
verify(connection).del(key);
}
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class RedisTokenStorePrefixTests method testExpiringRefreshToken.
@Test
public void testExpiringRefreshToken() throws InterruptedException {
String refreshToken = UUID.randomUUID().toString();
DefaultOAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken(refreshToken, new Date(System.currentTimeMillis() + 1500));
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken(refreshToken);
assertEquals(expectedExpiringRefreshToken, actualExpiringRefreshToken);
assertEquals(expectedAuthentication, getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
// let the token expire
Thread.sleep(1500);
// now it should be gone
assertNull(getTokenStore().readRefreshToken(refreshToken));
assertNull(getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
}
Aggregations