Search in sources :

Example 26 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class OAuth2RequestTests method testImplicitGrantType.

@Test
public void testImplicitGrantType() throws Exception {
    parameters.put("response_type", "token");
    OAuth2Request authorizationRequest = createFromParameters(parameters);
    assertEquals("implicit", authorizationRequest.getGrantType());
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) Test(org.junit.Test)

Example 27 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class RedisTokenStoreTests method storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemoved.

// gh-572
@Test
public void storeAccessTokenWithoutRefreshTokenRemoveAccessTokenVerifyTokenRemoved() {
    OAuth2Request request = RequestTokenFactory.createOAuth2Request("clientId", false);
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password");
    OAuth2AccessToken oauth2AccessToken = new DefaultOAuth2AccessToken("access-token-" + UUID.randomUUID());
    OAuth2Authentication oauth2Authentication = new OAuth2Authentication(request, authentication);
    tokenStore.storeAccessToken(oauth2AccessToken, oauth2Authentication);
    tokenStore.removeAccessToken(oauth2AccessToken);
    Collection<OAuth2AccessToken> oauth2AccessTokens = tokenStore.findTokensByClientId(request.getClientId());
    assertTrue(oauth2AccessTokens.isEmpty());
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 28 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testAccessGrantedIfScopesPresent.

@Test
public void testAccessGrantedIfScopesPresent() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("SCOPE_READ"))));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Example 29 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testAccessGrantedIfScopesPresentWithPrefix.

@Test
public void testAccessGrantedIfScopesPresentWithPrefix() throws Exception {
    voter.setScopePrefix("scope=");
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("scope=read"))));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Example 30 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testExceptionThrownIfWrongScopesPresent.

@Test(expected = AccessDeniedException.class)
public void testExceptionThrownIfWrongScopesPresent() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("SCOPE_WRITE"))));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Aggregations

OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)99 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)77 Authentication (org.springframework.security.core.Authentication)57 Test (org.junit.Test)56 HashMap (java.util.HashMap)21 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)15 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)15 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)14 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)13 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)12 Date (java.util.Date)11 HashSet (java.util.HashSet)11 Expression (org.springframework.expression.Expression)10 DBUnitTest (org.orcid.test.DBUnitTest)8 EvaluationContext (org.springframework.expression.EvaluationContext)8 MethodInvocation (org.aopalliance.intercept.MethodInvocation)7 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)7 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)7 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)7 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)7