use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationCodeTokenGranterTests method testAuthorizationRedirectMismatch.
@Test
public void testAuthorizationRedirectMismatch() {
Map<String, String> initialParameters = new HashMap<String, String>();
initialParameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe");
//AuthorizationRequest initialRequest = createFromParameters(initialParameters);
// we fake a valid resolvedRedirectUri because without the client would never come this far
//initialRequest.setRedirectUri(initialParameters.get(REDIRECT_URI));
parameters.clear();
parameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe");
parameters.put(OAuth2Utils.CLIENT_ID, "foo");
OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, null, null, "https://redirectMe", null, null);
Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
Map<String, String> authorizationParameters = new HashMap<String, String>();
authorizationParameters.put("code", code);
//AuthorizationRequest oAuth2Request = createFromParameters(initialParameters);
//oAuth2Request.setRequestParameters(authorizationParameters);
TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
tokenRequest.setRequestParameters(authorizationParameters);
AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
try {
granter.getOAuth2Authentication(client, tokenRequest);
fail("RedirectMismatchException because of null redirect_uri in authorizationRequest");
} catch (RedirectMismatchException e) {
}
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitPreApproved.
@Test
public void testImplicitPreApproved() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
token.setAdditionalInformation(Collections.singletonMap("foo", (Object) "bar"));
return token;
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
});
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
assertTrue("Wrong token: " + result, url.contains("access_token="));
assertTrue("Wrong token: " + result, url.contains("foo=bar"));
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitPreApprovedButInvalid.
@Test(expected = InvalidScopeException.class)
public void testImplicitPreApprovedButInvalid() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
throw new IllegalStateException("Shouldn't be called");
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
});
client.setScope(Collections.singleton("smallscope"));
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "bigscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitAppendsScope.
@Test
public void testImplicitAppendsScope() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
token.setScope(Collections.singleton("read"));
return token;
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
});
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong scope: " + result, url.contains("&scope=read"));
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitUnapproved.
@Test
public void testImplicitUnapproved() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
return null;
}
});
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
assertEquals("forward:/oauth/confirm_access", result.getViewName());
}
Aggregations