Search in sources :

Example 26 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testAuthorizationCodeError.

@Test
public void testAuthorizationCodeError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices() {

        @Override
        public String createAuthorizationCode(OAuth2Authentication authentication) {
            throw new InvalidScopeException("FOO");
        }
    });
    ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("?error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) InvalidScopeException(org.springframework.security.oauth2.common.exceptions.InvalidScopeException) Test(org.junit.Test)

Example 27 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitError.

@Test
public void testImplicitError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            return null;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("#error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) Test(org.junit.Test)

Example 28 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testRedirectUriOptionalForAuthorization.

@Test
public void testRedirectUriOptionalForAuthorization() throws Exception {
    ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", null, null, "read", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
    // RedirectUri parameter should be null (SECOAUTH-333), however the resolvedRedirectUri not
    AuthorizationRequest authorizationRequest = (AuthorizationRequest) result.getModelMap().get("authorizationRequest");
    assertNull(authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI));
    assertEquals("http://anywhere.com", authorizationRequest.getRedirectUri());
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) Test(org.junit.Test)

Example 29 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.

@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }
    });
    client.setScope(Collections.singleton("read"));
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Also used : LinkedHashSet(java.util.LinkedHashSet) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 30 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesWithOr.

@Test
public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_CLIENT"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass", AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('write') or #oauth2.isUser()");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Aggregations

OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)101 Test (org.junit.jupiter.api.Test)87 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)69 Test (org.junit.Test)58 Authentication (org.springframework.security.core.Authentication)58 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)52 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)51 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)48 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)42 HashMap (java.util.HashMap)36 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)21 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)19 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)19 ModelAndView (org.springframework.web.servlet.ModelAndView)18 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)16 HashSet (java.util.HashSet)15 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)15 RedirectView (org.springframework.web.servlet.view.RedirectView)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13 LinkedHashMap (java.util.LinkedHashMap)12