Examples with OAuth2AuthenticatedPrincipal org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal used on opensource projects

Search in sources :

Example 11 with OAuth2AuthenticatedPrincipal

use of org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal in project spring-security by spring-projects.

the class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests method opaqueTokenWhenPrincipalSpecifiedThenAuthenticationHasPrincipal.

@Test
public void opaqueTokenWhenPrincipalSpecifiedThenAuthenticationHasPrincipal() throws Exception {
    Collection authorities = Collections.singleton(new SimpleGrantedAuthority("SCOPE_read"));
    OAuth2AuthenticatedPrincipal principal = mock(OAuth2AuthenticatedPrincipal.class);
    given(principal.getName()).willReturn("ben");
    given(principal.getAuthorities()).willReturn(authorities);
    this.mvc.perform(get("/name").with(opaqueToken().principal(principal))).andExpect(content().string("ben"));
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) Collection(java.util.Collection) Test(org.junit.jupiter.api.Test)

Example 12 with OAuth2AuthenticatedPrincipal

use of org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal in project spring-security by spring-projects.

the class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests method opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence.

// gh-7800
@Test
public void opaqueTokenWhenPrincipalSpecifiedThenLastCalledTakesPrecedence() throws Exception {
    OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active((a) -> a.put("scope", "user"));
    this.mvc.perform(get("/opaque-token/sub").with(opaqueToken().attributes((a) -> a.put("sub", "foo")).principal(principal))).andExpect(status().isOk()).andExpect(content().string((String) principal.getAttribute("sub")));
    this.mvc.perform(get("/opaque-token/sub").with(opaqueToken().principal(principal).attributes((a) -> a.put("sub", "bar")))).andExpect(content().string("bar"));
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) PathVariable(org.springframework.web.bind.annotation.PathVariable) OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) Autowired(org.springframework.beans.factory.annotation.Autowired) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) TestOAuth2AuthenticatedPrincipals(org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals) SecurityMockMvcRequestPostProcessors.opaqueToken(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.opaqueToken) MockMvcResultMatchers.content(org.springframework.test.web.servlet.result.MockMvcResultMatchers.content) MockMvc(org.springframework.test.web.servlet.MockMvc) WebSecurityConfigurerAdapter(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) MockMvcResultMatchers.status(org.springframework.test.web.servlet.result.MockMvcResultMatchers.status) BDDMockito.given(org.mockito.BDDMockito.given) MockMvcBuilders(org.springframework.test.web.servlet.setup.MockMvcBuilders) GetMapping(org.springframework.web.bind.annotation.GetMapping) WebAppConfiguration(org.springframework.test.context.web.WebAppConfiguration) SpringExtension(org.springframework.test.context.junit.jupiter.SpringExtension) Collection(java.util.Collection) OpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector) WebApplicationContext(org.springframework.web.context.WebApplicationContext) EnableWebMvc(org.springframework.web.servlet.config.annotation.EnableWebMvc) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test) SecurityMockMvcConfigurers.springSecurity(org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity) List(java.util.List) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) ContextConfiguration(org.springframework.test.context.ContextConfiguration) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal) MockMvcRequestBuilders.get(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) Test(org.junit.jupiter.api.Test)

Example 13 with OAuth2AuthenticatedPrincipal

use of org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal in project spring-security by spring-projects.

the class JwtBearerTokenAuthenticationConverter method convert.

@Override
public AbstractAuthenticationToken convert(Jwt jwt) {
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt());
    Map<String, Object> attributes = jwt.getClaims();
    AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt);
    Collection<GrantedAuthority> authorities = token.getAuthorities();
    OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, authorities);
    return new BearerTokenAuthentication(principal, accessToken, authorities);
}
Also used : AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) GrantedAuthority(org.springframework.security.core.GrantedAuthority) DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)

Example 14 with OAuth2AuthenticatedPrincipal

use of org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal in project spring-security by spring-projects.

the class SpringOpaqueTokenIntrospectorTests method introspectWhenActiveTokenThenOk.

@Test
public void introspectWhenActiveTokenThenOk() throws Exception {
    try (MockWebServer server = new MockWebServer()) {
        server.setDispatcher(requiresAuth(CLIENT_ID, CLIENT_SECRET, ACTIVE_RESPONSE));
        String introspectUri = server.url("/introspect").toString();
        OpaqueTokenIntrospector introspectionClient = new SpringOpaqueTokenIntrospector(introspectUri, CLIENT_ID, CLIENT_SECRET);
        OAuth2AuthenticatedPrincipal authority = introspectionClient.introspect("token");
        // @formatter:off
        assertThat(authority.getAttributes()).isNotNull().containsEntry(OAuth2TokenIntrospectionClaimNames.ACTIVE, true).containsEntry(OAuth2TokenIntrospectionClaimNames.AUD, Arrays.asList("https://protected.example.net/resource")).containsEntry(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4").containsEntry(OAuth2TokenIntrospectionClaimNames.EXP, Instant.ofEpochSecond(1419356238)).containsEntry(OAuth2TokenIntrospectionClaimNames.ISS, "https://server.example.com/").containsEntry(OAuth2TokenIntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin")).containsEntry(OAuth2TokenIntrospectionClaimNames.SUB, "Z5O3upPC88QrAjx00dis").containsEntry(OAuth2TokenIntrospectionClaimNames.USERNAME, "jdoe").containsEntry("extension_field", "twenty-seven");
    // @formatter:on
    }
}
Also used : OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) MockWebServer(okhttp3.mockwebserver.MockWebServer) Test(org.junit.jupiter.api.Test)

Example 15 with OAuth2AuthenticatedPrincipal

use of org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal in project spring-security by spring-projects.

the class TestBearerTokenAuthentications method bearer.

public static BearerTokenAuthentication bearer() {
    Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_USER");
    OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(Collections.singletonMap("sub", "user"), authorities);
    OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER")));
    return new BearerTokenAuthentication(principal, token, authorities);
}
Also used : OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) GrantedAuthority(org.springframework.security.core.GrantedAuthority) DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)

Aggregations

OAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)29 Test (org.junit.jupiter.api.Test)26 DefaultOAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)7 HashMap (java.util.HashMap)5 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)5 JSONObject (net.minidev.json.JSONObject)4 MockWebServer (okhttp3.mockwebserver.MockWebServer)4 RequestEntity (org.springframework.http.RequestEntity)4 Authentication (org.springframework.security.core.Authentication)4 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4 RestOperations (org.springframework.web.client.RestOperations)4 URL (java.net.URL)3 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)3 OAuth2IntrospectionAuthenticatedPrincipal (org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal)3 OpaqueTokenIntrospector (org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector)3 Collection (java.util.Collection)2 List (java.util.List)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial