Example 1 with TokenStore
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class RefreshTokenSupportTests method verifyAccessTokens.
protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) {
// make sure the new access token can be used.
verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK);
// the old access token is still valid because there is no state on the server.
verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.OK);
JwtTokenStore store = (JwtTokenStore) ReflectionTestUtils.getField(services, "tokenStore");
OAuth2AccessToken token = store.readAccessToken(oldAccessToken.getValue());
OAuth2AccessToken refresh = ReflectionTestUtils.invokeMethod(store, "convertAccessToken", oldAccessToken.getRefreshToken().getValue());
assertEquals(refresh.getExpiration().getTime(), token.getExpiration().getTime() + 100000);
}
Also used :
JwtTokenStore(org.springframework.security.oauth2.provider.token.store.JwtTokenStore)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Example 2 with TokenStore
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class ResourceServerConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
} else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
} else if (endpoints != null) {
resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
}
}
if (eventPublisher != null) {
resources.eventPublisher(eventPublisher);
}
for (ResourceServerConfigurer configurer : configurers) {
configurer.configure(resources);
}
// @formatter:off
http.authenticationProvider(new AnonymousAuthenticationProvider("default")).exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
// @formatter:on
http.apply(resources);
if (endpoints != null) {
// Assume we are in an Authorization Server
http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
}
for (ResourceServerConfigurer configurer : configurers) {
// Delegates can add authorizeRequests() here
configurer.configure(http);
}
if (configurers.isEmpty()) {
// Add anyRequest() last as a fall back. Spring Security would
// replace an existing anyRequest() matcher with this one, so to
// avoid that we only add it if the user hasn't configured anything.
http.authorizeRequests().anyRequest().authenticated();
}
}
Also used :
ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)
ResourceServerTokenServices(org.springframework.security.oauth2.provider.token.ResourceServerTokenServices)
AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)
Example 3 with TokenStore
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.
// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
InMemoryTokenStore tokenStore = new InMemoryTokenStore();
tokenServices.setSupportRefreshToken(true);
tokenServices.setReuseRefreshToken(false);
tokenServices.setTokenStore(tokenStore);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
Also used :
InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
Test(org.junit.Test)
Example 4 with TokenStore
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class ProviderBeanDefinitionParser method parseInternal.
@Override
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
String tokenServicesRef = element.getAttribute("token-services-ref");
String serializerRef = element.getAttribute("serialization-service-ref");
if (!StringUtils.hasText(tokenServicesRef)) {
tokenServicesRef = "oauth2TokenServices";
BeanDefinitionBuilder tokenServices = BeanDefinitionBuilder.rootBeanDefinition(DefaultTokenServices.class);
AbstractBeanDefinition tokenStore = BeanDefinitionBuilder.rootBeanDefinition(InMemoryTokenStore.class).getBeanDefinition();
tokenServices.addPropertyValue("tokenStore", tokenStore);
parserContext.getRegistry().registerBeanDefinition(tokenServicesRef, tokenServices.getBeanDefinition());
}
return parseEndpointAndReturnFilter(element, parserContext, tokenServicesRef, serializerRef);
}
Also used :
InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
AbstractBeanDefinition(org.springframework.beans.factory.support.AbstractBeanDefinition)
Example 5 with TokenStore
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class AbstractIntegrationTests method clear.
private void clear(TokenStore tokenStore) throws Exception {
if (tokenStore instanceof Advised) {
Advised advised = (Advised) tokenStore;
TokenStore target = (TokenStore) advised.getTargetSource().getTarget();
clear(target);
return;
}
if (tokenStore instanceof InMemoryTokenStore) {
((InMemoryTokenStore) tokenStore).clear();
}
if (tokenStore instanceof JdbcTokenStore) {
JdbcTemplate template = new JdbcTemplate(dataSource);
template.execute("delete from oauth_access_token");
template.execute("delete from oauth_refresh_token");
template.execute("delete from oauth_client_token");
template.execute("delete from oauth_code");
}
}
Also used :
InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)
JdbcTokenStore(org.springframework.security.oauth2.provider.token.store.JdbcTokenStore)
Advised(org.springframework.aop.framework.Advised)
JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate)
TokenStore(org.springframework.security.oauth2.provider.token.TokenStore)
InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)
JdbcTokenStore(org.springframework.security.oauth2.provider.token.store.JdbcTokenStore)
Aggregations
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)3
InMemoryTokenStore (org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore)3
Test (org.junit.Test)2
Advised (org.springframework.aop.framework.Advised)2
JdbcTemplate (org.springframework.jdbc.core.JdbcTemplate)2
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2
DefaultTokenServices (org.springframework.security.oauth2.provider.token.DefaultTokenServices)2
JwtTokenStore (org.springframework.security.oauth2.provider.token.store.JwtTokenStore)2
AbstractBeanDefinition (org.springframework.beans.factory.support.AbstractBeanDefinition)1
BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)1
Bean (org.springframework.context.annotation.Bean)1
AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)1
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)1
ResourceServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)1
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)1
ApprovalStore (org.springframework.security.oauth2.provider.approval.ApprovalStore)1
ApprovalStoreUserApprovalHandler (org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler)1
InMemoryApprovalStore (org.springframework.security.oauth2.provider.approval.InMemoryApprovalStore)1
JdbcApprovalStore (org.springframework.security.oauth2.provider.approval.JdbcApprovalStore)1
TokenApprovalStore (org.springframework.security.oauth2.provider.approval.TokenApprovalStore)1
