Search in sources :

Example 26 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JaxbOAuth2AccessTokenMessageConverterTests method readAccessToken.

@Test
public void readAccessToken() throws IOException {
    when(inputMessage.getBody()).thenReturn(createInputStream(OAUTH_ACCESSTOKEN));
    OAuth2AccessToken token = converter.read(OAuth2AccessToken.class, inputMessage);
    assertTokenEquals(accessToken, token);
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 27 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class JaxbOAuth2AccessTokenMessageConverterTests method assertTokenEquals.

private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) {
    assertEquals(expected.getTokenType(), actual.getTokenType());
    assertEquals(expected.getValue(), actual.getValue());
    OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken();
    if (expectedRefreshToken == null) {
        assertNull(actual.getRefreshToken());
    } else {
        assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue());
    }
    assertEquals(expected.getScope(), actual.getScope());
    Date expectedExpiration = expected.getExpiration();
    if (expectedExpiration == null) {
        assertNull(actual.getExpiration());
    } else {
        assertEquals(expectedExpiration.getTime(), actual.getExpiration().getTime());
    }
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) Date(java.util.Date)

Example 28 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitError.

@Test
public void testImplicitError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            return null;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("#error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) Test(org.junit.Test)

Example 29 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.

@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }
    });
    client.setScope(Collections.singleton("read"));
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Also used : LinkedHashSet(java.util.LinkedHashSet) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 30 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationCodeGrant.

@Test
public void testAuthorizationCodeGrant() {
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    parameters.clear();
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    parameters.put(OAuth2Utils.SCOPE, "scope");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", true, Collections.singleton("scope"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    parameters.putAll(storedOAuth2Request.getRequestParameters());
    parameters.put("code", code);
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
    assertTrue(providerTokenServices.loadAuthentication(token.getValue()).isAuthenticated());
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)216 Test (org.junit.Test)143 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)124 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)78 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)67 Test (org.junit.jupiter.api.Test)46 HashMap (java.util.HashMap)38 Date (java.util.Date)35 Authentication (org.springframework.security.core.Authentication)34 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)33 Instant (java.time.Instant)32 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)26 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)21 DBUnitTest (org.orcid.test.DBUnitTest)19 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)19 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)19 OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)19 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)18 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)18 Map (java.util.Map)17