Search in sources :

Example 6 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testEnvironmentalOverrides.

@Test
public void testEnvironmentalOverrides() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    EnvironmentTestUtils.addEnvironment(this.context, "security.oauth2.client.clientId:myclientid", "security.oauth2.client.clientSecret:mysecret", "security.oauth2.client.autoApproveScopes:read,write", "security.oauth2.client.accessTokenValiditySeconds:40", "security.oauth2.client.refreshTokenValiditySeconds:80");
    this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    ClientDetails config = this.context.getBean(ClientDetails.class);
    assertThat(config.getClientId()).isEqualTo("myclientid");
    assertThat(config.getClientSecret()).isEqualTo("mysecret");
    assertThat(config.isAutoApprove("read")).isTrue();
    assertThat(config.isAutoApprove("write")).isTrue();
    assertThat(config.isAutoApprove("foo")).isFalse();
    assertThat(config.getAccessTokenValiditySeconds()).isEqualTo(40);
    assertThat(config.getRefreshTokenValiditySeconds()).isEqualTo(80);
    verifyAuthentication(config);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) Test(org.junit.Test)

Example 7 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testClassicSecurityAnnotationOverride.

@Test
public void testClassicSecurityAnnotationOverride() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    this.context.getBean(OAuth2MethodSecurityConfiguration.class);
    ClientDetails config = this.context.getBean(ClientDetails.class);
    DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
    List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
    assertThat(sources.size()).isEqualTo(1);
    assertThat(sources.get(0).getClass().getName()).isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName());
    verifyAuthentication(config, HttpStatus.OK);
}
Also used : SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) Test(org.junit.Test)

Example 8 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class ClientDetailsServiceBeanDefinitionParserTests method testClientDetailsFromPropertyFile.

@Test
public void testClientDetailsFromPropertyFile() {
    // valid client details from property file
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId("my-client-id-property-file");
    assertNotNull(clientDetailsService);
    assertEquals("my-client-id-property-file", clientDetails.getClientId());
    assertEquals("my-client-secret-property-file", clientDetails.getClientSecret());
    Set<String> grantTypes = clientDetails.getAuthorizedGrantTypes();
    assertNotNull(grantTypes);
    assertEquals(2, grantTypes.size());
    assertTrue(grantTypes.contains("password"));
    assertTrue(grantTypes.contains("authorization_code"));
    Set<String> scopes = clientDetails.getScope();
    assertNotNull(scopes);
    assertEquals(2, scopes.size());
    assertTrue(scopes.contains("scope1"));
    assertTrue(scopes.contains("scope2"));
    Collection<GrantedAuthority> authorities = clientDetails.getAuthorities();
    assertNotNull(authorities);
    assertEquals(2, authorities.size());
    assertTrue(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_USER"));
    assertTrue(AuthorityUtils.authorityListToSet(authorities).contains("ROLE_ANONYMOUS"));
}
Also used : ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.Test)

Example 9 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testRemoveNonExistentClient.

@Test(expected = NoSuchClientException.class)
public void testRemoveNonExistentClient() {
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("nosuchClientIdWithNoDetails");
    service.removeClientDetails(clientDetails.getClientId());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) Test(org.junit.Test)

Example 10 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testLoadingClientIdWithMultipleDetails.

@Test
public void testLoadingClientIdWithMultipleDetails() {
    jdbcTemplate.update(INSERT_SQL, "clientIdWithMultipleDetails", "mySecret", "myResource1,myResource2", "myScope1,myScope2", "myAuthorizedGrantType1,myAuthorizedGrantType2", "myRedirectUri1,myRedirectUri2", "myAuthority1,myAuthority2", 100, 200, "read,write");
    ClientDetails clientDetails = service.loadClientByClientId("clientIdWithMultipleDetails");
    assertEquals("clientIdWithMultipleDetails", clientDetails.getClientId());
    assertTrue(clientDetails.isSecretRequired());
    assertEquals("mySecret", clientDetails.getClientSecret());
    assertTrue(clientDetails.isScoped());
    assertEquals(2, clientDetails.getResourceIds().size());
    Iterator<String> resourceIds = clientDetails.getResourceIds().iterator();
    assertEquals("myResource1", resourceIds.next());
    assertEquals("myResource2", resourceIds.next());
    assertEquals(2, clientDetails.getScope().size());
    Iterator<String> scope = clientDetails.getScope().iterator();
    assertEquals("myScope1", scope.next());
    assertEquals("myScope2", scope.next());
    assertEquals(2, clientDetails.getAuthorizedGrantTypes().size());
    Iterator<String> grantTypes = clientDetails.getAuthorizedGrantTypes().iterator();
    assertEquals("myAuthorizedGrantType1", grantTypes.next());
    assertEquals("myAuthorizedGrantType2", grantTypes.next());
    assertEquals(2, clientDetails.getRegisteredRedirectUri().size());
    Iterator<String> redirectUris = clientDetails.getRegisteredRedirectUri().iterator();
    assertEquals("myRedirectUri1", redirectUris.next());
    assertEquals("myRedirectUri2", redirectUris.next());
    assertEquals(2, clientDetails.getAuthorities().size());
    Iterator<GrantedAuthority> authorities = clientDetails.getAuthorities().iterator();
    assertEquals("myAuthority1", authorities.next().getAuthority());
    assertEquals("myAuthority2", authorities.next().getAuthority());
    assertEquals(new Integer(100), clientDetails.getAccessTokenValiditySeconds());
    assertEquals(new Integer(200), clientDetails.getRefreshTokenValiditySeconds());
    assertTrue(clientDetails.isAutoApprove("read"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.Test)

Aggregations

ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)44 Test (org.junit.Test)36 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)30 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27 Authentication (org.springframework.security.core.Authentication)21 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)20 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)19 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)19 Date (java.util.Date)13 HashMap (java.util.HashMap)12 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)8 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)7 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)7 DBUnitTest (org.orcid.test.DBUnitTest)6 AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)6 OAuth2Exception (org.springframework.security.oauth2.common.exceptions.OAuth2Exception)6 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6 OrcidOauth2ClientAuthentication (org.orcid.core.oauth.OrcidOauth2ClientAuthentication)5 InvalidClientException (org.springframework.security.oauth2.common.exceptions.InvalidClientException)5