Search in sources :

Example 6 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes.

@Test
public void createRefreshTokenWithoutRevokeParentAndWithNarrowerScopes() {
    // Create token, create refresh with narrower scopes and without
    // disabling parent token, parent should work, refresh should have
    // narrower scopes
    long time = System.currentTimeMillis();
    String parentScope = "/person/read-limited";
    String refreshScope = "/orcid-bio/read-limited";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = false;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, refreshScope);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertFalse(parentToken.getTokenDisabled());
    assertEquals(parentScope, parentToken.getScope());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertEquals(refreshScope, refreshToken.getScope());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Date(java.util.Date) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 7 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesImpl method createAccessToken.

@Override
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
    OrcidOauth2AuthInfo authInfo = new OrcidOauth2AuthInfo(authentication);
    String userOrcid = authInfo.getUserOrcid();
    DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
    int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request());
    if (validitySeconds > 0) {
        accessToken.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
    }
    accessToken.setScope(authentication.getOAuth2Request().getScope());
    if (customTokenEnhancer != null) {
        accessToken = new DefaultOAuth2AccessToken(customTokenEnhancer.enhance(accessToken, authentication));
    }
    if (this.isSupportRefreshToken(authentication.getOAuth2Request())) {
        OAuth2RefreshToken refreshToken = new DefaultOAuth2RefreshToken(UUID.randomUUID().toString());
        accessToken.setRefreshToken(refreshToken);
    }
    orcidTokenStore.storeAccessToken(accessToken, authentication);
    LOGGER.info("Creating new access token: clientId={}, scopes={}, userOrcid={}", new Object[] { authInfo.getClientId(), authInfo.getScopes(), userOrcid });
    return accessToken;
}
Also used : OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) OrcidOauth2AuthInfo(org.orcid.core.oauth.OrcidOauth2AuthInfo) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date)

Example 8 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class InternalClientCredentialEndPointDelegatorImpl method obtainOauth2Token.

@Override
@Transactional
public Response obtainOauth2Token(String authorization, MultivaluedMap<String, String> formParams) {
    String clientId = formParams.getFirst("client_id");
    String scopeList = formParams.getFirst("scope");
    String grantType = formParams.getFirst("grant_type");
    // Verify it is a client_credentials grant type request
    if (!OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS.equals(grantType)) {
        Object[] params = { grantType };
        throw new UnsupportedGrantTypeException(localeManager.resolveMessage("apiError.unsupported_client_type.exception", params));
    }
    Authentication client = getClientAuthentication();
    if (!client.isAuthenticated()) {
        LOGGER.info("Not authenticated for OAuth2: clientId={}, grantType={}, scope={}", new Object[] { clientId, grantType, scopeList });
        throw new InsufficientAuthenticationException(localeManager.resolveMessage("apiError.client_not_authenticated.exception"));
    }
    Set<String> scopes = new HashSet<String>();
    if (StringUtils.isNotEmpty(scopeList)) {
        scopes = OAuth2Utils.parseParameterList(scopeList);
    }
    // Verify it is requesting an internal scope
    HashSet<String> filteredScopes = new HashSet<String>();
    for (String scope : scopes) {
        ScopePathType scopeType = ScopePathType.fromValue(scope);
        if (scopeType.isInternalScope()) {
            filteredScopes.add(scope);
        }
    }
    if (filteredScopes.isEmpty()) {
        String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[] {});
        throw new OrcidInvalidScopeException(message);
    }
    OAuth2AccessToken token = generateToken(client, scopes, null, null, grantType, null, null, null, false, 0L);
    return getResponse(token);
}
Also used : ScopePathType(org.orcid.jaxb.model.message.ScopePathType) Authentication(org.springframework.security.core.Authentication) OrcidInvalidScopeException(org.orcid.core.exception.OrcidInvalidScopeException) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) UnsupportedGrantTypeException(org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException) HashSet(java.util.HashSet) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChainTests method testSunnyDayClientCredentialsWithTokenServicesSave.

@Test
public void testSunnyDayClientCredentialsWithTokenServicesSave() throws Exception {
    AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
    chain.setClientTokenServices(clientTokenServices);
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    resource = new ClientCredentialsResourceDetails();
    resource.setId("resource");
    OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
    assertNotNull(token);
    Mockito.verify(clientTokenServices).saveAccessToken(resource, null, token);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) ClientCredentialsResourceDetails(org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails) Test(org.junit.Test)

Example 10 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JdbcClientTokenServicesTests method testSaveAndRemoveToken.

@Test
public void testSaveAndRemoveToken() throws Exception {
    OAuth2AccessToken accessToken = new DefaultOAuth2AccessToken("FOO");
    Authentication authentication = new UsernamePasswordAuthenticationToken("marissa", "koala");
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    resource.setClientId("client");
    resource.setScope(Arrays.asList("foo", "bar"));
    tokenStore.saveAccessToken(resource, authentication, accessToken);
    tokenStore.removeAccessToken(resource, authentication);
    // System.err.println(new JdbcTemplate(db).queryForList("select * from oauth_client_token"));
    OAuth2AccessToken result = tokenStore.getAccessToken(resource, authentication);
    assertNull(result);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)216 Test (org.junit.Test)143 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)124 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)78 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)67 Test (org.junit.jupiter.api.Test)46 HashMap (java.util.HashMap)38 Date (java.util.Date)35 Authentication (org.springframework.security.core.Authentication)34 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)33 Instant (java.time.Instant)32 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)26 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)21 DBUnitTest (org.orcid.test.DBUnitTest)19 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)19 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19 OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)19 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)18 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18 Map (java.util.Map)17