Search in sources :

Example 6 with BaseClientDetails

use of org.springframework.security.oauth2.provider.client.BaseClientDetails in project spring-security-oauth by spring-projects.

the class OAuth2WebSecurityExpressionHandlerTests method testOauthClient.

@Test
public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole('ROLE_CLIENT')");
    assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 7 with BaseClientDetails

use of org.springframework.security.oauth2.provider.client.BaseClientDetails in project spring-security-oauth by spring-projects.

the class OAuth2WebSecurityExpressionHandlerTests method testInsufficientScope.

@Test(expected = AccessDeniedException.class)
public void testInsufficientScope() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_USER"));
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    OAuth2SecurityExpressionMethods root = new OAuth2SecurityExpressionMethods(oAuth2Authentication);
    boolean hasAnyScope = root.hasAnyScope("foo");
    root.throwOnError(hasAnyScope);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Example 8 with BaseClientDetails

use of org.springframework.security.oauth2.provider.client.BaseClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testRemoveNonExistentClient.

@Test(expected = NoSuchClientException.class)
public void testRemoveNonExistentClient() {
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("nosuchClientIdWithNoDetails");
    service.removeClientDetails(clientDetails.getClientId());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) Test(org.junit.Test)

Example 9 with BaseClientDetails

use of org.springframework.security.oauth2.provider.client.BaseClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testUpdateClientSecret.

@Test
public void testUpdateClientSecret() {
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("newClientIdWithNoDetails");
    service.setPasswordEncoder(new PasswordEncoder() {

        public boolean matches(CharSequence rawPassword, String encodedPassword) {
            return true;
        }

        public String encode(CharSequence rawPassword) {
            return "BAR";
        }
    });
    service.addClientDetails(clientDetails);
    service.updateClientSecret(clientDetails.getClientId(), "foo");
    Map<String, Object> map = jdbcTemplate.queryForMap(SELECT_SQL, "newClientIdWithNoDetails");
    assertEquals("newClientIdWithNoDetails", map.get("client_id"));
    assertTrue(map.containsKey("client_secret"));
    assertEquals("BAR", map.get("client_secret"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) Test(org.junit.Test)

Example 10 with BaseClientDetails

use of org.springframework.security.oauth2.provider.client.BaseClientDetails in project spring-security-oauth by spring-projects.

the class BaseClientDetailsTests method testBaseClientDetailsDefaultConstructor.

/**
	 * test default constructor
	 */
@Test
public void testBaseClientDetailsDefaultConstructor() {
    BaseClientDetails details = new BaseClientDetails();
    assertEquals("[]", details.getResourceIds().toString());
    assertEquals("[]", details.getScope().toString());
    assertEquals("[]", details.getAuthorizedGrantTypes().toString());
    assertEquals("[]", details.getAuthorities().toString());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) Test(org.junit.Test)

Aggregations

BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)42 Test (org.junit.Test)36 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)12 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)12 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)8 Authentication (org.springframework.security.core.Authentication)7 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 OAuth2Exception (org.springframework.security.oauth2.common.exceptions.OAuth2Exception)6 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)6 Before (org.junit.Before)5 Expression (org.springframework.expression.Expression)5 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)5 ObjectMapper (org.codehaus.jackson.map.ObjectMapper)4 EvaluationContext (org.springframework.expression.EvaluationContext)4 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)4 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)4 MethodInvocation (org.aopalliance.intercept.MethodInvocation)3 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)3 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)3 Date (java.util.Date)2