Search in sources :

Example 1 with UserApprovalHandler

use of org.springframework.security.oauth2.provider.approval.UserApprovalHandler in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testApprovalStoreAddsScopes.

@Test
public void testApprovalStoreAddsScopes() throws Exception {
    ApprovalStoreUserApprovalHandler userApprovalHandler = new ApprovalStoreUserApprovalHandler();
    userApprovalHandler.setApprovalStore(new InMemoryApprovalStore());
    endpoint.setUserApprovalHandler(userApprovalHandler);
    ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", null, null, "read", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
    assertEquals("forward:/oauth/confirm_access", result.getViewName());
    assertTrue(result.getModel().containsKey("scopes"));
}
Also used : InMemoryApprovalStore(org.springframework.security.oauth2.provider.approval.InMemoryApprovalStore) ModelAndView(org.springframework.web.servlet.ModelAndView) ApprovalStoreUserApprovalHandler(org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler) Test(org.junit.Test)

Example 2 with UserApprovalHandler

use of org.springframework.security.oauth2.provider.approval.UserApprovalHandler in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfiguration method authorizationEndpoint.

@Bean
public AuthorizationEndpoint authorizationEndpoint() throws Exception {
    AuthorizationEndpoint authorizationEndpoint = new AuthorizationEndpoint();
    FrameworkEndpointHandlerMapping mapping = getEndpointsConfigurer().getFrameworkEndpointHandlerMapping();
    authorizationEndpoint.setUserApprovalPage(extractPath(mapping, "/oauth/confirm_access"));
    authorizationEndpoint.setProviderExceptionHandler(exceptionTranslator());
    authorizationEndpoint.setErrorPage(extractPath(mapping, "/oauth/error"));
    authorizationEndpoint.setTokenGranter(tokenGranter());
    authorizationEndpoint.setClientDetailsService(clientDetailsService);
    authorizationEndpoint.setAuthorizationCodeServices(authorizationCodeServices());
    authorizationEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
    authorizationEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
    authorizationEndpoint.setUserApprovalHandler(userApprovalHandler());
    return authorizationEndpoint;
}
Also used : FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping) AuthorizationEndpoint(org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint) AbstractFactoryBean(org.springframework.beans.factory.config.AbstractFactoryBean) FactoryBean(org.springframework.beans.factory.FactoryBean) Bean(org.springframework.context.annotation.Bean)

Example 3 with UserApprovalHandler

use of org.springframework.security.oauth2.provider.approval.UserApprovalHandler in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfigurer method userApprovalHandler.

private UserApprovalHandler userApprovalHandler() {
    if (userApprovalHandler == null) {
        if (approvalStore() != null) {
            ApprovalStoreUserApprovalHandler handler = new ApprovalStoreUserApprovalHandler();
            handler.setApprovalStore(approvalStore());
            handler.setRequestFactory(requestFactory());
            handler.setClientDetailsService(clientDetailsService);
            this.userApprovalHandler = handler;
        } else if (tokenStore() != null) {
            TokenStoreUserApprovalHandler userApprovalHandler = new TokenStoreUserApprovalHandler();
            userApprovalHandler.setTokenStore(tokenStore());
            userApprovalHandler.setClientDetailsService(clientDetailsService());
            userApprovalHandler.setRequestFactory(requestFactory());
            this.userApprovalHandler = userApprovalHandler;
        } else {
            throw new IllegalStateException("Either a TokenStore or an ApprovalStore must be provided");
        }
    }
    return this.userApprovalHandler;
}
Also used : TokenStoreUserApprovalHandler(org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler) ApprovalStoreUserApprovalHandler(org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler)

Example 4 with UserApprovalHandler

use of org.springframework.security.oauth2.provider.approval.UserApprovalHandler in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testDefaultConfiguration.

@Test
public void testDefaultConfiguration() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    this.context.getBean(AUTHORIZATION_SERVER_CONFIG);
    this.context.getBean(RESOURCE_SERVER_CONFIG);
    this.context.getBean(OAuth2MethodSecurityConfiguration.class);
    ClientDetails config = this.context.getBean(BaseClientDetails.class);
    AuthorizationEndpoint endpoint = this.context.getBean(AuthorizationEndpoint.class);
    UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils.getField(endpoint, "userApprovalHandler");
    ClientDetailsService clientDetailsService = this.context.getBean(ClientDetailsService.class);
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(config.getClientId());
    assertThat(AopUtils.isJdkDynamicProxy(clientDetailsService)).isTrue();
    assertThat(AopUtils.getTargetClass(clientDetailsService).getName()).isEqualTo(InMemoryClientDetailsService.class.getName());
    assertThat(handler).isInstanceOf(ApprovalStoreUserApprovalHandler.class);
    assertThat(clientDetails).isEqualTo(config);
    verifyAuthentication(config);
    assertThat(this.context.getBeanNamesForType(OAuth2RestOperations.class)).isEmpty();
}
Also used : InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) ApprovalStoreUserApprovalHandler(org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler) UserApprovalHandler(org.springframework.security.oauth2.provider.approval.UserApprovalHandler) AuthorizationEndpoint(org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) Test(org.junit.Test)

Aggregations

ApprovalStoreUserApprovalHandler (org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler)3 Test (org.junit.Test)2 AuthorizationEndpoint (org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint)2 FactoryBean (org.springframework.beans.factory.FactoryBean)1 AbstractFactoryBean (org.springframework.beans.factory.config.AbstractFactoryBean)1 AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)1 Bean (org.springframework.context.annotation.Bean)1 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)1 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)1 InMemoryApprovalStore (org.springframework.security.oauth2.provider.approval.InMemoryApprovalStore)1 TokenStoreUserApprovalHandler (org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler)1 UserApprovalHandler (org.springframework.security.oauth2.provider.approval.UserApprovalHandler)1 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)1 InMemoryClientDetailsService (org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService)1 FrameworkEndpointHandlerMapping (org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)1 ModelAndView (org.springframework.web.servlet.ModelAndView)1