Search in sources :

Example 1 with TokenStore

use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.

the class RefreshTokenSupportTests method verifyAccessTokens.

protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) {
    // make sure the new access token can be used.
    verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK);
    // the old access token is still valid because there is no state on the server.
    verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.OK);
    JwtTokenStore store = (JwtTokenStore) ReflectionTestUtils.getField(services, "tokenStore");
    OAuth2AccessToken token = store.readAccessToken(oldAccessToken.getValue());
    OAuth2AccessToken refresh = ReflectionTestUtils.invokeMethod(store, "convertAccessToken", oldAccessToken.getRefreshToken().getValue());
    assertEquals(refresh.getExpiration().getTime(), token.getExpiration().getTime() + 100000);
}
Also used : JwtTokenStore(org.springframework.security.oauth2.provider.token.store.JwtTokenStore) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)

Example 2 with TokenStore

use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.

the class ResourceServerConfiguration method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
    ResourceServerTokenServices services = resolveTokenServices();
    if (services != null) {
        resources.tokenServices(services);
    } else {
        if (tokenStore != null) {
            resources.tokenStore(tokenStore);
        } else if (endpoints != null) {
            resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
        }
    }
    if (eventPublisher != null) {
        resources.eventPublisher(eventPublisher);
    }
    for (ResourceServerConfigurer configurer : configurers) {
        configurer.configure(resources);
    }
    // @formatter:off
    http.authenticationProvider(new AnonymousAuthenticationProvider("default")).exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
    // @formatter:on
    http.apply(resources);
    if (endpoints != null) {
        // Assume we are in an Authorization Server
        http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
    }
    for (ResourceServerConfigurer configurer : configurers) {
        // Delegates can add authorizeRequests() here
        configurer.configure(http);
    }
    if (configurers.isEmpty()) {
        // Add anyRequest() last as a fall back. Spring Security would
        // replace an existing anyRequest() matcher with this one, so to
        // avoid that we only add it if the user hasn't configured anything.
        http.authorizeRequests().anyRequest().authenticated();
    }
}
Also used : ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer) ResourceServerTokenServices(org.springframework.security.oauth2.provider.token.ResourceServerTokenServices) AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)

Example 3 with TokenStore

use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.

the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.

// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
    InMemoryTokenStore tokenStore = new InMemoryTokenStore();
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setReuseRefreshToken(false);
    tokenServices.setTokenStore(tokenStore);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
    accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
    OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
    OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
    assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
Also used : InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) Test(org.junit.Test)

Example 4 with TokenStore

use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.

the class ProviderBeanDefinitionParser method parseInternal.

@Override
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
    String tokenServicesRef = element.getAttribute("token-services-ref");
    String serializerRef = element.getAttribute("serialization-service-ref");
    if (!StringUtils.hasText(tokenServicesRef)) {
        tokenServicesRef = "oauth2TokenServices";
        BeanDefinitionBuilder tokenServices = BeanDefinitionBuilder.rootBeanDefinition(DefaultTokenServices.class);
        AbstractBeanDefinition tokenStore = BeanDefinitionBuilder.rootBeanDefinition(InMemoryTokenStore.class).getBeanDefinition();
        tokenServices.addPropertyValue("tokenStore", tokenStore);
        parserContext.getRegistry().registerBeanDefinition(tokenServicesRef, tokenServices.getBeanDefinition());
    }
    return parseEndpointAndReturnFilter(element, parserContext, tokenServicesRef, serializerRef);
}
Also used : InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) AbstractBeanDefinition(org.springframework.beans.factory.support.AbstractBeanDefinition)

Example 5 with TokenStore

use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.

the class AbstractIntegrationTests method clear.

private void clear(TokenStore tokenStore) throws Exception {
    if (tokenStore instanceof Advised) {
        Advised advised = (Advised) tokenStore;
        TokenStore target = (TokenStore) advised.getTargetSource().getTarget();
        clear(target);
        return;
    }
    if (tokenStore instanceof InMemoryTokenStore) {
        ((InMemoryTokenStore) tokenStore).clear();
    }
    if (tokenStore instanceof JdbcTokenStore) {
        JdbcTemplate template = new JdbcTemplate(dataSource);
        template.execute("delete from oauth_access_token");
        template.execute("delete from oauth_refresh_token");
        template.execute("delete from oauth_client_token");
        template.execute("delete from oauth_code");
    }
}
Also used : InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore) JdbcTokenStore(org.springframework.security.oauth2.provider.token.store.JdbcTokenStore) Advised(org.springframework.aop.framework.Advised) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) TokenStore(org.springframework.security.oauth2.provider.token.TokenStore) InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore) JdbcTokenStore(org.springframework.security.oauth2.provider.token.store.JdbcTokenStore)

Aggregations

OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)3 InMemoryTokenStore (org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)3 Test (org.junit.Test)2 Advised (org.springframework.aop.framework.Advised)2 JdbcTemplate (org.springframework.jdbc.core.JdbcTemplate)2 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2 DefaultTokenServices (org.springframework.security.oauth2.provider.token.DefaultTokenServices)2 JwtTokenStore (org.springframework.security.oauth2.provider.token.store.JwtTokenStore)2 AbstractBeanDefinition (org.springframework.beans.factory.support.AbstractBeanDefinition)1 BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)1 Bean (org.springframework.context.annotation.Bean)1 AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)1 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)1 ResourceServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)1 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)1 ApprovalStore (org.springframework.security.oauth2.provider.approval.ApprovalStore)1 ApprovalStoreUserApprovalHandler (org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler)1 InMemoryApprovalStore (org.springframework.security.oauth2.provider.approval.InMemoryApprovalStore)1 JdbcApprovalStore (org.springframework.security.oauth2.provider.approval.JdbcApprovalStore)1 TokenApprovalStore (org.springframework.security.oauth2.provider.approval.TokenApprovalStore)1