Examples with ClientDetailsService org.springframework.security.oauth2.provider.ClientDetailsService used on opensource projects

Example 6 with ClientDetailsService

use of org.springframework.security.oauth2.provider.ClientDetailsService in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationRequestPreserved.

@Test
public void testAuthorizationRequestPreserved() {
    parameters.clear();
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    parameters.put(OAuth2Utils.SCOPE, "read");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("read"), Collections.singleton("resource"), null, null, null);
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    parameters.put("code", code);
    // Ensure even if token request asks for more scope they are not granted
    parameters.put(OAuth2Utils.SCOPE, "read write");
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
    OAuth2Request finalRequest = providerTokenServices.loadAuthentication(token.getValue()).getOAuth2Request();
    assertEquals("[read]", finalRequest.getScope().toString());
    assertEquals("[resource]", finalRequest.getResourceIds().toString());
    assertTrue(finalRequest.isApproved());
}

Example 7 with ClientDetailsService

use of org.springframework.security.oauth2.provider.ClientDetailsService in project spring-security-oauth by spring-projects.

the class ClientDetailsUserDetailsServiceTests method shouldConductOriginalException.

@SuppressWarnings("unchecked")
@Test(expected = ClientRegistrationException.class)
public void shouldConductOriginalException() throws Exception {
    Map<String, Object> map = new HashMap<String, Object>();
    map.put(UserAuthenticationConverter.USERNAME, "test_user");
    ClientDetailsService clientDetailsService = Mockito.mock(ClientDetailsService.class);
    Mockito.when(clientDetailsService.loadClientByClientId("test_user")).thenThrow(ClientRegistrationException.class);
    ClientDetailsUserDetailsService testee = new ClientDetailsUserDetailsService(clientDetailsService);
    testee.loadUserByUsername("test_user");
}

Example 8 with ClientDetailsService

use of org.springframework.security.oauth2.provider.ClientDetailsService in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testBadCredentials.

@Test(expected = InvalidGrantException.class)
public void testBadCredentials() {
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new BadCredentialsException("test");
        }
    }, providerTokenServices, clientDetailsService, requestFactory);
    granter.grant("password", tokenRequest);
}

Example 9 with ClientDetailsService

use of org.springframework.security.oauth2.provider.ClientDetailsService in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfiguration method tokenEndpoint.

@Bean
public TokenEndpoint tokenEndpoint() throws Exception {
    TokenEndpoint tokenEndpoint = new TokenEndpoint();
    tokenEndpoint.setClientDetailsService(clientDetailsService);
    tokenEndpoint.setProviderExceptionHandler(exceptionTranslator());
    tokenEndpoint.setTokenGranter(tokenGranter());
    tokenEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
    tokenEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
    tokenEndpoint.setAllowedRequestMethods(allowedTokenEndpointRequestMethods());
    return tokenEndpoint;
}

Example 10 with ClientDetailsService

use of org.springframework.security.oauth2.provider.ClientDetailsService in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfiguration method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
    FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping();
    http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping);
    configure(configurer);
    http.apply(configurer);
    String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token");
    String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key");
    String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token");
    if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) {
        UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class);
        endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService);
    }
    // @formatter:off
    http.authorizeRequests().antMatchers(tokenEndpointPath).fullyAuthenticated().antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()).antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()).and().requestMatchers().antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
    // @formatter:on
    http.setSharedObject(ClientDetailsService.class, clientDetailsService);
}