Search in sources :

Example 81 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationRedirectMismatch.

@Test
public void testAuthorizationRedirectMismatch() {
    Map<String, String> initialParameters = new HashMap<String, String>();
    initialParameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe");
    //AuthorizationRequest initialRequest = createFromParameters(initialParameters);
    // we fake a valid resolvedRedirectUri because without the client would never come this far
    //initialRequest.setRedirectUri(initialParameters.get(REDIRECT_URI));
    parameters.clear();
    parameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe");
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, null, null, "https://redirectMe", null, null);
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    Map<String, String> authorizationParameters = new HashMap<String, String>();
    authorizationParameters.put("code", code);
    //AuthorizationRequest oAuth2Request = createFromParameters(initialParameters);
    //oAuth2Request.setRequestParameters(authorizationParameters);
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    tokenRequest.setRequestParameters(authorizationParameters);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    try {
        granter.getOAuth2Authentication(client, tokenRequest);
        fail("RedirectMismatchException because of null redirect_uri in authorizationRequest");
    } catch (RedirectMismatchException e) {
    }
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) RedirectMismatchException(org.springframework.security.oauth2.common.exceptions.RedirectMismatchException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 82 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitPreApproved.

@Test
public void testImplicitPreApproved() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setAdditionalInformation(Collections.singletonMap("foo", (Object) "bar"));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
    assertTrue("Wrong token: " + result, url.contains("access_token="));
    assertTrue("Wrong token: " + result, url.contains("foo=bar"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 83 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitPreApprovedButInvalid.

@Test(expected = InvalidScopeException.class)
public void testImplicitPreApprovedButInvalid() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            throw new IllegalStateException("Shouldn't be called");
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }
    });
    client.setScope(Collections.singleton("smallscope"));
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "bigscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) Test(org.junit.Test)

Example 84 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitAppendsScope.

@Test
public void testImplicitAppendsScope() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setScope(Collections.singleton("read"));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong scope: " + result, url.contains("&scope=read"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 85 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitUnapproved.

@Test
public void testImplicitUnapproved() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            return null;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    assertEquals("forward:/oauth/confirm_access", result.getViewName());
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) Test(org.junit.Test)

Aggregations

AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)66 Test (org.junit.Test)57 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)45 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)42 Authentication (org.springframework.security.core.Authentication)33 HashMap (java.util.HashMap)18 ModelAndView (org.springframework.web.servlet.ModelAndView)16 HashSet (java.util.HashSet)15 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)15 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)14 RedirectView (org.springframework.web.servlet.view.RedirectView)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)12 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)12 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)12 Date (java.util.Date)11 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)10 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)8 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)8 DefaultUserApprovalHandler (org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)8