use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplate method propagateClockSkewToAccessTokenProvider.
/**
* Propagates the maximum acceptable clock skew, which is used when checking the
* {@link OAuth2AccessToken access token} expiry into the given {@link AccessTokenProvider} if it is an instance of
* {@link AccessTokenProviderChain}.
* <p>
* <b>Note:</b> The clock skew value is injected via reflection as version 2.5.0 was the final minor release before EOL of
* this project and the public API must not be changed in patch releases.
*
* @param clockSkew the maximum acceptable clock skew
* @param accessTokenProvider the access token provider
*/
private static void propagateClockSkewToAccessTokenProvider(int clockSkew, AccessTokenProvider accessTokenProvider) {
if (!(accessTokenProvider instanceof AccessTokenProviderChain)) {
return;
}
Field field = ReflectionUtils.findField(accessTokenProvider.getClass(), "clockSkew");
if (field == null) {
return;
}
field.setAccessible(true);
ReflectionUtils.setField(field, accessTokenProvider, clockSkew);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChain method obtainAccessToken.
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
OAuth2AccessToken accessToken = null;
OAuth2AccessToken existingToken = null;
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof AnonymousAuthenticationToken) {
if (!resource.isClientOnly()) {
throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
}
}
if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {
existingToken = request.getExistingToken();
if (existingToken == null && clientTokenServices != null) {
existingToken = clientTokenServices.getAccessToken(resource, auth);
}
if (existingToken != null) {
if (hasTokenExpired(existingToken)) {
if (clientTokenServices != null) {
clientTokenServices.removeAccessToken(resource, auth);
}
OAuth2RefreshToken refreshToken = existingToken.getRefreshToken();
if (refreshToken != null && !resource.isClientOnly()) {
accessToken = refreshAccessToken(resource, refreshToken, request);
}
} else {
accessToken = existingToken;
}
}
}
if (accessToken == null) {
// looks like we need to try to obtain a new token.
accessToken = obtainNewAccessTokenInternal(resource, request);
if (accessToken == null) {
throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
}
}
if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
clientTokenServices.saveAccessToken(resource, auth, accessToken);
}
return accessToken;
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenStoreBaseTests method testFindAccessTokensByClientId.
@Test
public void testFindAccessTokensByClientId() {
String clientId = "id" + UUID.randomUUID();
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(clientId, false), new TestAuthentication("test2", false));
OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
Collection<OAuth2AccessToken> actualOAuth2AccessTokens = getTokenStore().findTokensByClientId(clientId);
assertEquals(1, actualOAuth2AccessTokens.size());
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class TokenStoreBaseTests method testGetAccessTokenForDeletedUser.
@Test
public void testGetAccessTokenForDeletedUser() throws Exception {
// Test approved request
OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", true);
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test", true));
OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
assertEquals(expectedOAuth2AccessToken, getTokenStore().getAccessToken(expectedAuthentication));
assertEquals(expectedAuthentication, getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()));
// Test unapproved request
storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false);
OAuth2Authentication anotherAuthentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test", true));
assertEquals(expectedOAuth2AccessToken, getTokenStore().getAccessToken(anotherAuthentication));
// The generated key for the authentication is the same as before, but the two auths are not equal. This could
// happen if there are 2 users in a system with the same username, or (more likely), if a user account was
// deleted and re-created.
assertEquals(anotherAuthentication.getUserAuthentication(), getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getUserAuthentication());
// The authorizationRequest does not match because it is unapproved, but the token was granted to an approved request
assertFalse(storedOAuth2Request.equals(getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getOAuth2Request()));
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class RedisTokenStoreCustomTokenTests method testCustomToken.
@Test
public void testCustomToken() {
OAuth2Request request = RequestTokenFactory.createOAuth2Request(CLIENT_ID, false);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
String token = "access-token-" + UUID.randomUUID();
OAuth2AccessToken oauth2AccessToken = new CustomOAuth2AccessToken(token);
OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientId(request.getClientId());
assertNotNull(tokens);
assertFalse(tokens.isEmpty());
for (OAuth2AccessToken oAuth2AccessToken : tokens) {
if (token.equals(oAuth2AccessToken.getValue())) {
return;
}
}
fail("No token found!");
}
Aggregations