Examples with OAuth2Authentication org.springframework.security.oauth2.provider.OAuth2Authentication used on opensource projects

Example 46 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesAuthoritiesChangeTests method testChangeAuthoritiesAuthenticationTokenFail.

// This test will fail
@Test
public void testChangeAuthoritiesAuthenticationTokenFail() throws Exception {
    TestChangeAuthentication testAuthentication = new TestChangeAuthentication("test2", false, new SimpleGrantedAuthority("USER"));
    OAuth2Authentication oauth2Authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), testAuthentication);
    OAuth2AccessToken createAccessToken = getTokenServices().createAccessToken(oauth2Authentication);
    // First time. The Authentication has 2 roles;
    assertEquals(testAuthentication.getAuthorities(), getTokenServices().loadAuthentication(createAccessToken.getValue()).getAuthorities());
    // Now I change the authorities from testAuthentication
    testAuthentication = new TestChangeAuthentication("test2", false, new SimpleGrantedAuthority("NONE"));
    // I recreate the request
    oauth2Authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), testAuthentication);
    // I create the authentication again
    createAccessToken = getTokenServices().createAccessToken(oauth2Authentication);
    assertEquals(testAuthentication.getAuthorities(), getTokenServices().loadAuthentication(createAccessToken.getValue()).getAuthorities());
}

Example 47 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testExpiredToken.

@Test
public void testExpiredToken() throws Exception {
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    // Make it expire (and rely on mutable state in volatile token store)
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    expected.expect(InvalidTokenException.class);
    expected.expectMessage("expired");
    getTokenServices().loadAuthentication(firstAccessToken.getValue());
}

Example 48 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testRefreshTokenWithUnauthenticatedUser.

@Test
public void testRefreshTokenWithUnauthenticatedUser() throws Exception {
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    getTokenServices().setAuthenticationManager(new AuthenticationManager() {

        @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new AccountExpiredException("Not valid");
        }
    });
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    assertNotNull(firstAccessToken.getRefreshToken());
    expected.expect(AccountExpiredException.class);
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    getTokenServices().refreshAccessToken(firstAccessToken.getRefreshToken().getValue(), tokenRequest);
}

Example 49 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class CustomTokenGranter method getOAuth2Authentication.

protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
    Map<String, String> params = tokenRequest.getRequestParameters();
    String username = params.containsKey("username") ? params.get("username") : "guest";
    List<GrantedAuthority> authorities = params.containsKey("authorities") ? AuthorityUtils.createAuthorityList(OAuth2Utils.parseParameterList(params.get("authorities")).toArray(new String[0])) : AuthorityUtils.NO_AUTHORITIES;
    Authentication user = new UsernamePasswordAuthenticationToken(username, "N/A", authorities);
    OAuth2Authentication authentication = new OAuth2Authentication(tokenRequest.createOAuth2Request(client), user);
    return authentication;
}

Example 50 with OAuth2Authentication

use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.

the class InMemoryTokenStoreTests method testTokenCountConsistency.

@Test
public void testTokenCountConsistency() throws Exception {
    for (int i = 0; i <= 10; i++) {
        OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id" + i, false), new TestAuthentication("test", false));
        DefaultOAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken" + i);
        expectedOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
        if (i > 1) {
            assertEquals(i, getTokenStore().getAccessTokenCount());
        }
        getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
    }
}