Search in sources :

Example 86 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class OAuth2RequestTests method testOtherGrantType.

@Test
public void testOtherGrantType() throws Exception {
    parameters.put("grant_type", "password");
    OAuth2Request authorizationRequest = createFromParameters(parameters);
    assertEquals("password", authorizationRequest.getGrantType());
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) Test(org.junit.Test)

Example 87 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class OAuth2SecurityExpressionMethodsTests method testOauthClient.

@Test
public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertTrue(new OAuth2SecurityExpressionMethods(oAuth2Authentication).clientHasAnyRole("ROLE_CLIENT"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Example 88 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class OAuth2WebSecurityExpressionHandlerTests method testScopesWithOr.

@Test
public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_USER"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass", AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('write') or #oauth2.isUser()");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) FilterInvocation(org.springframework.security.web.FilterInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 89 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitWithQueryParam.

@Test
public void testImplicitWithQueryParam() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com?foo=bar", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong url: " + result, url.contains("foo=bar"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 90 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesInsufficient.

@Test(expected = AccessDeniedException.class)
public void testScopesInsufficient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_CLIENT"));
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass", AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('write')");
    expression.getValue(context);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Aggregations

AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)66 Test (org.junit.Test)57 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)45 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)42 Authentication (org.springframework.security.core.Authentication)33 HashMap (java.util.HashMap)18 ModelAndView (org.springframework.web.servlet.ModelAndView)16 HashSet (java.util.HashSet)15 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)15 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)14 RedirectView (org.springframework.web.servlet.view.RedirectView)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)12 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)12 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)12 Date (java.util.Date)11 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)10 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)8 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)8 DefaultUserApprovalHandler (org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)8