use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testApproveOrDenyWithOAuth2RequestWithoutRedirectUri.
/**
* Ensure that if the approval endpoint is called without a resolved redirect URI, the request fails.
* @throws Exception
*/
@Test(expected = InvalidRequestException.class)
public void testApproveOrDenyWithOAuth2RequestWithoutRedirectUri() throws Exception {
AuthorizationRequest request = getAuthorizationRequest("foo", null, null, null, Collections.singleton("code"));
request.setApproved(true);
Map<String, String> approvalParameters = new HashMap<String, String>();
approvalParameters.put("user_oauth_approval", "true");
model.put("authorizationRequest", request);
endpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal);
}
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AccessConfirmationController method getAccessConfirmation.
@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(Map<String, Object> model, Principal principal) throws Exception {
AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
model.put("auth_request", clientAuth);
model.put("client", client);
Map<String, String> scopes = new LinkedHashMap<String, String>();
for (String scope : clientAuth.getScope()) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
}
for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(), approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
}
}
model.put("scopes", scopes);
return new ModelAndView("access_confirmation", model);
}
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AuthorizationCodeProviderTests method approveAccessTokenGrant.
private void approveAccessTokenGrant(String currentUri, boolean approved) {
AccessTokenRequest request = context.getAccessTokenRequest();
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
request.setCookie(cookie);
if (currentUri != null) {
request.setCurrentUri(currentUri);
}
String location = null;
try {
// First try to obtain the access token...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// Expected and necessary, so that the correct state is set up in the request...
location = e.getRedirectUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
try {
// Now try again and the token provider will redirect for user approval...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserApprovalRequiredException e) {
// Expected and necessary, so that the user can approve the grant...
location = e.getApprovalUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
// The approval (will be processed on the next attempt to obtain an access token)...
request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStoreTests method removeRefreshToken.
@Test
public void removeRefreshToken() throws Exception {
tokenStore.setApprovalStore(approvalStore);
approvalStore.addApprovals(Collections.singleton(new Approval("test", "id", "read", new Date(), ApprovalStatus.APPROVED)));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
tokenStore.removeRefreshToken(new DefaultOAuth2RefreshToken(expectedOAuth2AccessToken.getValue()));
assertEquals(0, approvalStore.getApprovals("test", "id").size());
}
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStoreTests method removeAccessTokenFromRefreshToken.
@Test
public void removeAccessTokenFromRefreshToken() throws Exception {
tokenStore.setApprovalStore(approvalStore);
approvalStore.addApprovals(Collections.singleton(new Approval("test", "id", "read", new Date(), ApprovalStatus.APPROVED)));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
tokenStore.removeAccessTokenUsingRefreshToken(new DefaultOAuth2RefreshToken(expectedOAuth2AccessToken.getValue()));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
}
Aggregations