use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.
the class SecurityMockServerConfigurersOAuth2LoginTests method oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence.
@Test
public void oauth2LoginWhenOAuth2UserSpecifiedThenLastCalledTakesPrecedence() throws Exception {
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("SCOPE_read"), Collections.singletonMap("sub", "subject"), "sub");
this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().attributes((a) -> a.put("subject", "foo")).oauth2User(oauth2User)).get().uri("/token").exchange().expectStatus().isOk();
OAuth2AuthenticationToken token = this.controller.token;
assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "subject");
this.client.mutateWith(SecurityMockServerConfigurers.mockOAuth2Login().oauth2User(oauth2User).attributes((a) -> a.put("sub", "bar"))).get().uri("/token").exchange().expectStatus().isOk();
token = this.controller.token;
assertThat(token.getPrincipal().getAttributes()).containsEntry("sub", "bar");
}
use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests method oauth2LoginWhenNameSpecifiedThenUserHasName.
@Test
public void oauth2LoginWhenNameSpecifiedThenUserHasName() throws Exception {
OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.commaSeparatedStringToAuthorityList("SCOPE_read"), Collections.singletonMap("custom-attribute", "test-subject"), "custom-attribute");
this.mvc.perform(get("/attributes/custom-attribute").with(oauth2Login().oauth2User(oauth2User))).andExpect(content().string("test-subject"));
this.mvc.perform(get("/name").with(oauth2Login().oauth2User(oauth2User))).andExpect(content().string("test-subject"));
this.mvc.perform(get("/client-name").with(oauth2Login().oauth2User(oauth2User))).andExpect(content().string("test-subject"));
}
use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenCustomObjectsInLambdaThenUsed.
@Test
public void oauth2LoginWhenCustomObjectsInLambdaThenUsed() {
this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerInLambdaConfig.class).autowire();
String redirectLocation = "/custom-redirect-location";
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
OAuth2LoginMockAuthenticationManagerInLambdaConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerInLambdaConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerWebExchangeMatcher matcher = config.matcher;
ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
ServerAuthenticationSuccessHandler successHandler = config.successHandler;
OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
OAuth2User user = TestOAuth2Users.create();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
given(resolver.resolve(any())).willReturn(Mono.empty());
given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
Authentication authentication = invocation.getArgument(1);
return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
});
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", redirectLocation);
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(matcher).matches(any());
verify(resolver).resolve(any());
verify(successHandler).onAuthenticationSuccess(any(), any());
}
use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenCustomObjectsThenUsed.
@Test
public void oauth2LoginWhenCustomObjectsThenUsed() {
this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
String redirectLocation = "/custom-redirect-location";
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerWebExchangeMatcher matcher = config.matcher;
ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
ServerAuthenticationSuccessHandler successHandler = config.successHandler;
OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
OAuth2User user = TestOAuth2Users.create();
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.noScopes();
OAuth2LoginAuthenticationToken result = new OAuth2LoginAuthenticationToken(github, exchange, user, user.getAuthorities(), accessToken);
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.just(result));
given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
given(resolver.resolve(any())).willReturn(Mono.empty());
given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
Authentication authentication = invocation.getArgument(1);
return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
});
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", redirectLocation);
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(matcher).matches(any());
verify(resolver).resolve(any());
verify(successHandler).onAuthenticationSuccess(any(), any());
}
use of org.springframework.security.oauth2.core.user.OAuth2User in project spring-security by spring-projects.
the class OAuth2AuthenticationTokenMixinTests method serializeWhenMixinRegisteredThenSerializes.
@Test
public void serializeWhenMixinRegisteredThenSerializes() throws Exception {
// OidcUser
OAuth2AuthenticationToken authentication = TestOAuth2AuthenticationTokens.oidcAuthenticated();
String expectedJson = asJson(authentication);
String json = this.mapper.writeValueAsString(authentication);
JSONAssert.assertEquals(expectedJson, json, true);
// OAuth2User
authentication = TestOAuth2AuthenticationTokens.authenticated();
expectedJson = asJson(authentication);
json = this.mapper.writeValueAsString(authentication);
JSONAssert.assertEquals(expectedJson, json, true);
}
Aggregations