Examples with WhitelistedSerializationStrategy org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy used on opensource projects

Search in sources :

Example 6 with WhitelistedSerializationStrategy

use of org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy in project spring-security-oauth by spring-projects.

the class JdbcTokenStoreTests method testNotAllowedCustomTokenWithCustomStrategy.

@Test
public void testNotAllowedCustomTokenWithCustomStrategy() {
    OAuth2Authentication authentication = new CustomOAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new CustomAuthentication("test4", false));
    OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("customToken");
    JdbcTokenStore tokenStore = getTokenStore();
    WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy();
    SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
    try {
        SerializationUtils.setSerializationStrategy(newStrategy);
        tokenStore.storeAccessToken(accessToken, authentication);
        Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByUserName("test4");
        assertTrue(tokens.isEmpty());
    } finally {
        SerializationUtils.setSerializationStrategy(oldStrategy);
    }
}
Also used : CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) CustomOAuth2AccessToken(org.company.oauth2.CustomOAuth2AccessToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) CustomOAuth2AccessToken(org.company.oauth2.CustomOAuth2AccessToken) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) DefaultSerializationStrategy(org.springframework.security.oauth2.common.util.DefaultSerializationStrategy) SerializationStrategy(org.springframework.security.oauth2.common.util.SerializationStrategy) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) CustomAuthentication(org.company.oauth2.CustomAuthentication) Test(org.junit.Test)

Example 7 with WhitelistedSerializationStrategy

use of org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy in project spring-security-oauth by spring-projects.

the class JdbcAuthorizationCodeServicesTests method testCustomImplementationWithCustomStrategy.

@Test
public void testCustomImplementationWithCustomStrategy() {
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false);
    OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(storedOAuth2Request, new CustomAuthentication("test3", false));
    AuthorizationCodeServices jdbcAuthorizationCodeServices = getAuthorizationCodeServices();
    List<String> allowedClasses = new ArrayList<String>();
    allowedClasses.add("java.util.");
    allowedClasses.add("org.springframework.security.");
    allowedClasses.add("org.company.oauth2.CustomOAuth2AccessToken");
    allowedClasses.add("org.company.oauth2.CustomOAuth2Authentication");
    allowedClasses.add("org.company.oauth2.CustomAuthentication");
    WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy(allowedClasses);
    SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
    try {
        SerializationUtils.setSerializationStrategy(newStrategy);
        String code = jdbcAuthorizationCodeServices.createAuthorizationCode(expectedAuthentication);
        assertNotNull(code);
        OAuth2Authentication actualAuthentication = getAuthorizationCodeServices().consumeAuthorizationCode(code);
        assertEquals(expectedAuthentication, actualAuthentication);
    } finally {
        SerializationUtils.setSerializationStrategy(oldStrategy);
    }
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) ArrayList(java.util.ArrayList) SerializationStrategy(org.springframework.security.oauth2.common.util.SerializationStrategy) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) CustomAuthentication(org.company.oauth2.CustomAuthentication) Test(org.junit.Test)

Example 8 with WhitelistedSerializationStrategy

use of org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy in project spring-security-oauth by spring-projects.

the class JdbcAuthorizationCodeServicesTests method testNotAllowedCustomImplementation.

@Test(expected = IllegalArgumentException.class)
public void testNotAllowedCustomImplementation() {
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false);
    OAuth2Authentication expectedAuthentication = new CustomOAuth2Authentication(storedOAuth2Request, new CustomAuthentication("test2", false));
    WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy();
    SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
    try {
        SerializationUtils.setSerializationStrategy(newStrategy);
        String code = getAuthorizationCodeServices().createAuthorizationCode(expectedAuthentication);
        assertNotNull(code);
        getAuthorizationCodeServices().consumeAuthorizationCode(code);
    } finally {
        SerializationUtils.setSerializationStrategy(oldStrategy);
    }
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) CustomOAuth2Authentication(org.company.oauth2.CustomOAuth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) SerializationStrategy(org.springframework.security.oauth2.common.util.SerializationStrategy) WhitelistedSerializationStrategy(org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy) CustomAuthentication(org.company.oauth2.CustomAuthentication) Test(org.junit.Test)

Example 9 with WhitelistedSerializationStrategy

use of org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy in project spring-security-oauth by spring-projects.

the class SerializationUtilsTests method deserializeNotAllowedCustomClasses.

@Test(expected = IllegalArgumentException.class)
public void deserializeNotAllowedCustomClasses() {
    OAuth2AccessToken accessToken = new CustomOAuth2AccessToken("FOO");
    WhitelistedSerializationStrategy newStrategy = new WhitelistedSerializationStrategy();
    SerializationStrategy oldStrategy = SerializationUtils.getSerializationStrategy();
    try {
        SerializationUtils.setSerializationStrategy(newStrategy);
        byte[] bytes = SerializationUtils.serialize(accessToken);
        OAuth2AccessToken clone = SerializationUtils.deserialize(bytes);
        assertNotNull(clone);
        assertEquals(accessToken, clone);
    } finally {
        SerializationUtils.setSerializationStrategy(oldStrategy);
    }
}
Also used : CustomOAuth2AccessToken(org.company.oauth2.CustomOAuth2AccessToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) CustomOAuth2AccessToken(org.company.oauth2.CustomOAuth2AccessToken) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)9 SerializationStrategy (org.springframework.security.oauth2.common.util.SerializationStrategy)8 WhitelistedSerializationStrategy (org.springframework.security.oauth2.common.util.WhitelistedSerializationStrategy)8 CustomOAuth2AccessToken (org.company.oauth2.CustomOAuth2AccessToken)7 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)7 CustomOAuth2Authentication (org.company.oauth2.CustomOAuth2Authentication)6 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)5 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4 ArrayList (java.util.ArrayList)3 CustomAuthentication (org.company.oauth2.CustomAuthentication)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 Authentication (org.springframework.security.core.Authentication)2 AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)2 DefaultSerializationStrategy (org.springframework.security.oauth2.common.util.DefaultSerializationStrategy)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial