use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class RefreshTokenSupportTests method testHappyDay.
/**
* tests a happy-day flow of the refresh token provider.
*/
@Test
public void testHappyDay() throws Exception {
OAuth2AccessToken accessToken = getAccessToken("read", "my-trusted-client");
// now use the refresh token to get a new access token.
assertNotNull(accessToken.getRefreshToken());
OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue());
assertFalse(newAccessToken.getValue().equals(accessToken.getValue()));
// make sure the new access token can be used.
verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK);
// make sure the old access token isn't valid anymore.
verifyTokenResponse(accessToken.getValue(), HttpStatus.UNAUTHORIZED);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class ClientCredentialsGrantTests method testConnectDirectlyToResourceServer.
@Test
public void testConnectDirectlyToResourceServer() throws Exception {
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri(serverRunning.getUrl("/sparklr2/oauth/token"));
resource.setClientId("my-client-with-registered-redirect");
resource.setId("sparklr");
resource.setScope(Arrays.asList("trust"));
ClientCredentialsAccessTokenProvider provider = new ClientCredentialsAccessTokenProvider();
OAuth2AccessToken accessToken = provider.obtainAccessToken(resource, new DefaultAccessTokenRequest());
OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessToken));
String result = template.getForObject(serverRunning.getUrl("/sparklr2/photos/trusted/message"), String.class);
assertEquals("Hello, Trusted Client", result);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AdminController method enhance.
private Collection<OAuth2AccessToken> enhance(Collection<OAuth2AccessToken> tokens) {
Collection<OAuth2AccessToken> result = new ArrayList<OAuth2AccessToken>();
for (OAuth2AccessToken prototype : tokens) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(prototype);
OAuth2Authentication authentication = tokenStore.readAuthentication(token);
if (authentication == null) {
continue;
}
String clientId = authentication.getOAuth2Request().getClientId();
if (clientId != null) {
Map<String, Object> map = new HashMap<String, Object>(token.getAdditionalInformation());
map.put("client_id", clientId);
token.setAdditionalInformation(map);
result.add(token);
}
}
return result;
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class DefaultOAuth2RequestAuthenticator method authenticate.
@Override
public void authenticate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext clientContext, ClientHttpRequest request) {
OAuth2AccessToken accessToken = clientContext.getAccessToken();
if (accessToken == null) {
throw new AccessTokenRequiredException(resource);
}
String tokenType = accessToken.getTokenType();
if (!StringUtils.hasText(tokenType)) {
// we'll assume basic bearer token type if none is specified.
tokenType = OAuth2AccessToken.BEARER_TYPE;
} else if (tokenType.equalsIgnoreCase(OAuth2AccessToken.BEARER_TYPE)) {
// gh-1346
// Ensure we use the correct syntax for the "Bearer" authentication scheme
tokenType = OAuth2AccessToken.BEARER_TYPE;
}
request.getHeaders().set("Authorization", String.format("%s %s", tokenType, accessToken.getValue()));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplate method acquireAccessToken.
protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oauth2Context) throws UserRedirectRequiredException {
AccessTokenRequest accessTokenRequest = oauth2Context.getAccessTokenRequest();
if (accessTokenRequest == null) {
throw new AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.", resource);
}
// Transfer the preserved state from the (longer lived) context to the current request.
String stateKey = accessTokenRequest.getStateKey();
if (stateKey != null) {
accessTokenRequest.setPreservedState(oauth2Context.removePreservedState(stateKey));
}
OAuth2AccessToken existingToken = oauth2Context.getAccessToken();
if (existingToken != null) {
accessTokenRequest.setExistingToken(existingToken);
}
OAuth2AccessToken accessToken = null;
accessToken = accessTokenProvider.obtainAccessToken(resource, accessTokenRequest);
if (accessToken == null || accessToken.getValue() == null) {
throw new IllegalStateException("Access token provider returned a null access token, which is illegal according to the contract.");
}
oauth2Context.setAccessToken(accessToken);
return accessToken;
}
Aggregations