use of org.springframework.security.oauth2.common.util.SerializationStrategy in project spring-security-oauth by spring-projects.
the class RedisTokenStoreCustomTokenTests method testNotAllowedCustomToken.
@Test(expected = SerializationFailedException.class)
public void testNotAllowedCustomToken() {
OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
String token = "access-token-" + UUID.randomUUID();
OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken(token);
OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy();
SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
try {
SerializationUtils.setSerializationStrategy(newStrategy);
tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
tokenStore.findTokensByClientId(request.getClientId());
} finally {
SerializationUtils.setSerializationStrategy(oldStrategy);
}
}
use of org.springframework.security.oauth2.common.util.SerializationStrategy in project spring-security-oauth by spring-projects.
the class RedisTokenStoreCustomTokenTests method testCustomTokenWithCustomSerializationStrategy.
@Test
public void testCustomTokenWithCustomSerializationStrategy() {
OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken("access-token-" + UUID.randomUUID());
OAuth2Authentication oauth2Authentication = new CustomOAuth2Authentication(request, authentication);
WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(ALLOWED_CLASSES);
SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
try {
SerializationUtils.setSerializationStrategy(newStrategy);
tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
OAuth2AccessToken token = tokenStore.getAccessToken(oauth2Authentication);
assertNotNull(token);
assertEquals(oauth2AccessToken, token);
} finally {
SerializationUtils.setSerializationStrategy(oldStrategy);
}
}
use of org.springframework.security.oauth2.common.util.SerializationStrategy in project spring-security-oauth by spring-projects.
the class JdbcTokenStoreTests method testAllowedCustomTokenWithCustomStrategy.
@Test
public void testAllowedCustomTokenWithCustomStrategy() {
OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test3", false));
OAuth2AccessToken expectedOAuth2AccessToken = new CustomOAuth2AccessToken("customToken");
JdbcTokenStore tokenStore = getTokenStore();
List<String> allowedClasses = new ArrayList<String>();
allowedClasses.add("java.util.");
allowedClasses.add("org.springframework.security.");
allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken");
allowedClasses.add("org.company.oauth2.CustomOAuth2Authentication");
WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses);
SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
try {
SerializationUtils.setSerializationStrategy(newStrategy);
tokenStore.storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
Collection<OAuth2AccessToken> actualOAuth2AccessTokens = getTokenStore().findTokensByUserName("test3");
assertEquals(1, actualOAuth2AccessTokens.size());
OAuth2AccessToken actualToken = actualOAuth2AccessTokens.iterator().next();
assertEquals(expectedOAuth2AccessToken, actualToken);
} finally {
SerializationUtils.setSerializationStrategy(oldStrategy);
}
}
use of org.springframework.security.oauth2.common.util.SerializationStrategy in project spring-security-oauth by spring-projects.
the class JdbcClientTokenServicesTests method testSaveAndRetrieveNotAllowedCustomToken.
@Test(expected = IllegalArgumentException.class)
public void testSaveAndRetrieveNotAllowedCustomToken() {
OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO");
Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala");
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setClientId("client");
resource.setScope(Arrays.asList("foo", "bar"));
WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy();
SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
try {
SerializationUtils.setSerializationStrategy(newStrategy);
tokenStore.saveAccessToken(resource, authentication, accessToken);
tokenStore.getAccessToken(resource, authentication);
} finally {
SerializationUtils.setSerializationStrategy(oldStrategy);
}
}
use of org.springframework.security.oauth2.common.util.SerializationStrategy in project spring-security-oauth by spring-projects.
the class JdbcClientTokenServicesTests method testSaveAndRetrieveCustomTokenWithCustomSerializationStrategy.
@Test
public void testSaveAndRetrieveCustomTokenWithCustomSerializationStrategy() {
List<String> allowedClasses = new ArrayList<String>();
allowedClasses.add("java.util.");
allowedClasses.add("org.springframework.security.");
allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken");
WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses);
SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
try {
SerializationUtils.setSerializationStrategy(newStrategy);
OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO");
Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala");
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setClientId("client");
resource.setScope(Arrays.asList("foo", "bar"));
tokenStore.saveAccessToken(resource, authentication, accessToken);
OAuth2AccessToken result = tokenStore.getAccessToken(resource, authentication);
assertNotNull(result);
assertEquals(accessToken, result);
} finally {
SerializationUtils.setSerializationStrategy(oldStrategy);
}
}
Aggregations