Example 16 with AuthorizationGrantType
use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.
the class JwtBearerGrantRequestEntityConverterTests method convertWhenParametersConverterSetThenCalled.
@Test
public void convertWhenParametersConverterSetThenCalled() {
Converter<JwtBearerGrantRequest, MultiValueMap<String, String>> parametersConverter1 = mock(Converter.class);
this.converter.setParametersConverter(parametersConverter1);
Converter<JwtBearerGrantRequest, MultiValueMap<String, String>> parametersConverter2 = mock(Converter.class);
this.converter.addParametersConverter(parametersConverter2);
// @formatter:off
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").build();
// @formatter:on
Jwt jwtAssertion = TestJwts.jwt().build();
JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, jwtAssertion);
this.converter.convert(jwtBearerGrantRequest);
InOrder inOrder = inOrder(parametersConverter1, parametersConverter2);
inOrder.verify(parametersConverter1).convert(any(JwtBearerGrantRequest.class));
inOrder.verify(parametersConverter2).convert(any(JwtBearerGrantRequest.class));
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
InOrder(org.mockito.InOrder)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
MultiValueMap(org.springframework.util.MultiValueMap)
Test(org.junit.jupiter.api.Test)
Example 17 with AuthorizationGrantType
use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.
the class JwtBearerGrantRequestEntityConverterTests method convertWhenHeadersConverterSetThenCalled.
@Test
public void convertWhenHeadersConverterSetThenCalled() {
Converter<JwtBearerGrantRequest, HttpHeaders> headersConverter1 = mock(Converter.class);
this.converter.setHeadersConverter(headersConverter1);
Converter<JwtBearerGrantRequest, HttpHeaders> headersConverter2 = mock(Converter.class);
this.converter.addHeadersConverter(headersConverter2);
// @formatter:off
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").build();
// @formatter:on
Jwt jwtAssertion = TestJwts.jwt().build();
JwtBearerGrantRequest jwtBearerGrantRequest = new JwtBearerGrantRequest(clientRegistration, jwtAssertion);
this.converter.convert(jwtBearerGrantRequest);
InOrder inOrder = inOrder(headersConverter1, headersConverter2);
inOrder.verify(headersConverter1).convert(any(JwtBearerGrantRequest.class));
inOrder.verify(headersConverter2).convert(any(JwtBearerGrantRequest.class));
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
InOrder(org.mockito.InOrder)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
Test(org.junit.jupiter.api.Test)
Example 18 with AuthorizationGrantType
use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.
the class JwtBearerOAuth2AuthorizedClientProviderTests method setup.
@BeforeEach
public void setup() {
this.authorizedClientProvider = new JwtBearerOAuth2AuthorizedClientProvider();
this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
this.authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
// @formatter:off
this.clientRegistration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth2/token").build();
// @formatter:on
this.jwtAssertion = TestJwts.jwt().build();
this.principal = new TestingAuthenticationToken(this.jwtAssertion, this.jwtAssertion);
}
Also used :
OAuth2AccessTokenResponseClient(org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 19 with AuthorizationGrantType
use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.
the class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests method filterWhenJwtBearerClientNotAuthorizedThenExchangeToken.
@Test
public void filterWhenJwtBearerClientNotAuthorizedThenExchangeToken() {
setupMocks();
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("exchanged-token").tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
given(this.jwtBearerTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
// @formatter:off
ClientRegistration registration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth/token").build();
// @formatter:on
given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).willReturn(Mono.just(registration));
Jwt jwtAssertion = TestJwts.jwt().build();
Authentication jwtAuthentication = new TestingAuthenticationToken(jwtAssertion, jwtAssertion);
given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), eq(jwtAuthentication), any())).willReturn(Mono.empty());
// @formatter:off
ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(registration.getRegistrationId())).build();
// @formatter:on
this.function.filter(request, this.exchange).subscriberContext(ReactiveSecurityContextHolder.withAuthentication(jwtAuthentication)).subscriberContext(serverWebExchange()).block();
verify(this.jwtBearerTokenResponseClient).getTokenResponse(any());
verify(this.authorizedClientRepository).loadAuthorizedClient(eq(registration.getRegistrationId()), eq(jwtAuthentication), any());
verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(jwtAuthentication), any());
List<ClientRequest> requests = this.exchange.getRequests();
assertThat(requests).hasSize(1);
ClientRequest request1 = requests.get(0);
assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer exchanged-token");
assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com");
assertThat(request1.method()).isEqualTo(HttpMethod.GET);
assertThat(getBody(request1)).isEmpty();
}
Also used :
OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
Authentication(org.springframework.security.core.Authentication)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
ClientRequest(org.springframework.web.reactive.function.client.ClientRequest)
Test(org.junit.jupiter.api.Test)
Example 20 with AuthorizationGrantType
use of org.springframework.security.oauth2.core.AuthorizationGrantType in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError.
// gh-5251
@Test
public void doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError() throws Exception {
String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
String state = "state";
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
request.setServletPath(requestUri);
request.addParameter(OAuth2ParameterNames.CODE, "code");
request.addParameter(OAuth2ParameterNames.STATE, "state");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain filterChain = mock(FilterChain.class);
// @formatter:off
ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found").clientId("client-1").clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user").authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token").userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1").build();
// @formatter:on
this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
this.filter.doFilter(request, response, filterChain);
ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
AuthenticationException(org.springframework.security.core.AuthenticationException)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(jakarta.servlet.FilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)15
Test (org.junit.jupiter.api.Test)10
BeforeEach (org.junit.jupiter.api.BeforeEach)7
Jwt (org.springframework.security.oauth2.jwt.Jwt)7
AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)6
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)6
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5
ReactiveOAuth2AccessTokenResponseClient (org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient)4
Clock (java.time.Clock)3
Duration (java.time.Duration)3
Instant (java.time.Instant)3
LinkedHashMap (java.util.LinkedHashMap)3
Nullable (org.springframework.lang.Nullable)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
Authentication (org.springframework.security.core.Authentication)3
InMemoryClientRegistrationRepository (org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository)3
OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)3
OAuth2Token (org.springframework.security.oauth2.core.OAuth2Token)3
Assert (org.springframework.util.Assert)3
