Search in sources :

Example 1 with ResourceOwnerPasswordTokenGranter

use of org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testBadCredentials.

@Test(expected = InvalidGrantException.class)
public void testBadCredentials() {
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new BadCredentialsException("test");
        }
    }, providerTokenServices, clientDetailsService, requestFactory);
    granter.grant("password", tokenRequest);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Test(org.junit.Test)

Example 2 with ResourceOwnerPasswordTokenGranter

use of org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfigurer method getDefaultTokenGranters.

private List<TokenGranter> getDefaultTokenGranters() {
    ClientDetailsService clientDetails = clientDetailsService();
    AuthorizationServerTokenServices tokenServices = tokenServices();
    AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
    OAuth2RequestFactory requestFactory = requestFactory();
    List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
    tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails, requestFactory));
    tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
    ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory);
    tokenGranters.add(implicit);
    tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
    if (authenticationManager != null) {
        tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory));
    }
    return tokenGranters;
}
Also used : AuthorizationCodeServices(org.springframework.security.oauth2.provider.code.AuthorizationCodeServices) InMemoryAuthorizationCodeServices(org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices) ImplicitTokenGranter(org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter) DefaultOAuth2RequestFactory(org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory) OAuth2RequestFactory(org.springframework.security.oauth2.provider.OAuth2RequestFactory) CompositeTokenGranter(org.springframework.security.oauth2.provider.CompositeTokenGranter) ImplicitTokenGranter(org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter) RefreshTokenGranter(org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter) AuthorizationCodeTokenGranter(org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter) ClientCredentialsTokenGranter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) ResourceOwnerPasswordTokenGranter(org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter) AuthorizationServerTokenServices(org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices) AuthorizationCodeTokenGranter(org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter) ResourceOwnerPasswordTokenGranter(org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter) ArrayList(java.util.ArrayList) ClientCredentialsTokenGranter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) RefreshTokenGranter(org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter)

Example 3 with ResourceOwnerPasswordTokenGranter

use of org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testAccountLocked.

@Test(expected = InvalidGrantException.class)
public void testAccountLocked() {
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new LockedException("test");
        }
    }, providerTokenServices, clientDetailsService, requestFactory);
    granter.grant("password", tokenRequest);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) LockedException(org.springframework.security.authentication.LockedException) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) Test(org.junit.Test)

Example 4 with ResourceOwnerPasswordTokenGranter

use of org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testExtraParameters.

@Test
public void testExtraParameters() {
    authenticationManager = new AuthenticationManager() {

        @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (authentication instanceof UsernamePasswordAuthenticationToken) {
                UsernamePasswordAuthenticationToken user = (UsernamePasswordAuthenticationToken) authentication;
                user = new UsernamePasswordAuthenticationToken(user.getPrincipal(), "N/A", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
                @SuppressWarnings("unchecked") Map<String, String> details = (Map<String, String>) authentication.getDetails();
                assertNull(details.get("password"));
                return user;
            }
            return authentication;
        }
    };
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(authenticationManager, providerTokenServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("password", tokenRequest);
    OAuth2Authentication authentication = providerTokenServices.loadAuthentication(token.getValue());
    assertTrue(authentication.isAuthenticated());
    assertNull(authentication.getUserAuthentication().getDetails());
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Example 5 with ResourceOwnerPasswordTokenGranter

use of org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranterTests method testSunnyDay.

@Test
public void testSunnyDay() {
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(authenticationManager, providerTokenServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("password", tokenRequest);
    OAuth2Authentication authentication = providerTokenServices.loadAuthentication(token.getValue());
    assertTrue(authentication.isAuthenticated());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)5 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)3 Authentication (org.springframework.security.core.Authentication)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)3 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 LockedException (org.springframework.security.authentication.LockedException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)1 CompositeTokenGranter (org.springframework.security.oauth2.provider.CompositeTokenGranter)1 OAuth2RequestFactory (org.springframework.security.oauth2.provider.OAuth2RequestFactory)1 TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)1 ClientCredentialsTokenGranter (org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter)1 InMemoryClientDetailsService (org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService)1 AuthorizationCodeServices (org.springframework.security.oauth2.provider.code.AuthorizationCodeServices)1 AuthorizationCodeTokenGranter (org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter)1