use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testSunnyDayWithExpiredToken.
@Test
public void testSunnyDayWithExpiredToken() throws Exception {
AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
accessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
AccessTokenRequest request = new DefaultAccessTokenRequest();
request.setExistingToken(accessToken);
SecurityContextHolder.getContext().setAuthentication(user);
OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
assertNotNull(token);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testRefreshAccessTokenTwicePreserveRefreshToken.
// gh-712
@Test
public void testRefreshAccessTokenTwicePreserveRefreshToken() throws Exception {
DefaultOAuth2AccessToken accessToken = getExpiredToken();
DefaultOAuth2AccessToken expectedRefreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
expectedRefreshedAccessToken.setExpiration(accessToken.getExpiration());
AccessTokenProviderChain chain = getTokenProvider(accessToken, expectedRefreshedAccessToken);
SecurityContextHolder.getContext().setAuthentication(user);
// Obtain a new Access Token
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
AccessTokenRequest request = new DefaultAccessTokenRequest();
OAuth2AccessToken tokenResult = chain.obtainAccessToken(resource, request);
assertEquals(accessToken, tokenResult);
// Obtain the 1st Refreshed Access Token
Calendar tokenExpiry = Calendar.getInstance();
tokenExpiry.setTime(tokenResult.getExpiration());
tokenExpiry.add(Calendar.MINUTE, -1);
// Expire
DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());
request = new DefaultAccessTokenRequest();
request.setExistingToken(tokenResult);
tokenResult = chain.obtainAccessToken(resource, request);
assertEquals(expectedRefreshedAccessToken, tokenResult);
// Obtain the 2nd Refreshed Access Token
tokenExpiry.setTime(tokenResult.getExpiration());
tokenExpiry.add(Calendar.MINUTE, -1);
// Expire
DefaultOAuth2AccessToken.class.cast(tokenResult).setExpiration(tokenExpiry.getTime());
request = new DefaultAccessTokenRequest();
request.setExistingToken(tokenResult);
tokenResult = chain.obtainAccessToken(resource, request);
assertEquals(expectedRefreshedAccessToken, tokenResult);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testRequiresAuthenticationButRedirected.
@Test(expected = UserRedirectRequiredException.class)
public void testRequiresAuthenticationButRedirected() throws Exception {
final AccessTokenRequest request = new DefaultAccessTokenRequest();
AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider() {
@Override
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest parameters) throws UserRedirectRequiredException, AccessDeniedException {
throw new UserRedirectRequiredException("redirect test", request.toSingleValueMap());
}
}));
OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
assertNotNull(token);
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testMissingSecurityContext.
@Test
public void testMissingSecurityContext() throws Exception {
AccessTokenProviderChain chain = new AccessTokenProviderChain(Arrays.asList(new StubAccessTokenProvider()));
AccessTokenRequest request = new DefaultAccessTokenRequest();
OAuth2AccessToken token = chain.obtainAccessToken(resource, request);
assertNotNull(token);
// If there is no authentication to store it with a token is still acquired if
// possible
}
use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChainTests method testRefreshAccessTokenReplacingNullValue.
@Test
public void testRefreshAccessTokenReplacingNullValue() throws Exception {
DefaultOAuth2AccessToken accessToken = getExpiredToken();
DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken("refreshed-access-token");
AccessTokenProviderChain chain = getTokenProvider(accessToken, refreshedAccessToken);
SecurityContextHolder.getContext().setAuthentication(user);
// Obtain a new Access Token
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
AccessTokenRequest request = new DefaultAccessTokenRequest();
OAuth2AccessToken newAccessToken = chain.refreshAccessToken(resource, accessToken.getRefreshToken(), request);
// gh-712
assertEquals(newAccessToken.getRefreshToken(), accessToken.getRefreshToken());
}
Aggregations