Examples with OAuth2ClientAuthenticationToken org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken used on opensource projects

Search in sources :

Example 36 with OAuth2ClientAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenEndpointFilterTests method doFilterWhenCustomAuthenticationConverterThenUsed.

@Test
public void doFilterWhenCustomAuthenticationConverterThenUsed() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new OAuth2AuthorizationCodeAuthenticationToken("code", clientPrincipal, null, null);
    AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
    when(authenticationConverter.convert(any())).thenReturn(authorizationCodeAuthentication);
    this.filter.setAuthenticationConverter(authenticationConverter);
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofHours(1)), new HashSet<>(Arrays.asList("scope1", "scope2")));
    OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
    when(this.authenticationManager.authenticate(any())).thenReturn(accessTokenAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createAuthorizationCodeTokenRequest(registeredClient);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verify(authenticationConverter).convert(any());
}
Also used : AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter) OAuth2AccessTokenAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 37 with OAuth2ClientAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilterTests method doFilterWhenCustomAuthenticationFailureHandlerThenUsed.

@Test
public void doFilterWhenCustomAuthenticationFailureHandlerThenUsed() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    AuthenticationFailureHandler authenticationFailureHandler = mock(AuthenticationFailureHandler.class);
    this.filter.setAuthenticationFailureHandler(authenticationFailureHandler);
    when(this.authenticationManager.authenticate(any())).thenThrow(OAuth2AuthenticationException.class);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createTokenRevocationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verify(authenticationFailureHandler).onAuthenticationFailure(any(), any(), any());
}
Also used : Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 38 with OAuth2ClientAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilterTests method doFilterWhenCustomAuthenticationSuccessHandlerThenUsed.

@Test
public void doFilterWhenCustomAuthenticationSuccessHandlerThenUsed() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofHours(1)), new HashSet<>(Arrays.asList("scope1", "scope2")));
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = new OAuth2TokenRevocationAuthenticationToken(accessToken, clientPrincipal);
    AuthenticationSuccessHandler authenticationSuccessHandler = mock(AuthenticationSuccessHandler.class);
    this.filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
    when(this.authenticationManager.authenticate(any())).thenReturn(tokenRevocationAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createTokenRevocationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), any());
}
Also used : AuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler) OAuth2TokenRevocationAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 39 with OAuth2ClientAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.

the class ClientSecretBasicAuthenticationConverterTests method convertWhenAuthorizationHeaderBasicWithValidCredentialsThenReturnClientAuthenticationToken.

@Test
public void convertWhenAuthorizationHeaderBasicWithValidCredentialsThenReturnClientAuthenticationToken() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth("clientId", "secret"));
    OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request);
    assertThat(authentication.getPrincipal()).isEqualTo("clientId");
    assertThat(authentication.getCredentials()).isEqualTo("secret");
    assertThat(authentication.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) Test(org.junit.Test)

Example 40 with OAuth2ClientAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken in project spring-authorization-server by spring-projects.

the class ClientSecretPostAuthenticationConverterTests method convertWhenPostWithValidCredentialsThenReturnClientAuthenticationToken.

@Test
public void convertWhenPostWithValidCredentialsThenReturnClientAuthenticationToken() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(OAuth2ParameterNames.CLIENT_ID, "client-1");
    request.addParameter(OAuth2ParameterNames.CLIENT_SECRET, "client-secret");
    OAuth2ClientAuthenticationToken authentication = (OAuth2ClientAuthenticationToken) this.converter.convert(request);
    assertThat(authentication.getPrincipal()).isEqualTo("client-1");
    assertThat(authentication.getCredentials()).isEqualTo("client-secret");
    assertThat(authentication.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) Test(org.junit.Test)

Aggregations

RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)104 Test (org.junit.Test)102 OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)69 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)51 Instant (java.time.Instant)38 Authentication (org.springframework.security.core.Authentication)38 ClientAuthenticationMethod (org.springframework.security.oauth2.core.ClientAuthenticationMethod)32 OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)32 Jwt (org.springframework.security.oauth2.jwt.Jwt)32 OAuth2ClientAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)32 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)31 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)31 TestRegisteredClients (org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients)31 HashMap (java.util.HashMap)30 AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)30 OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)30 ProviderSettings (org.springframework.security.oauth2.server.authorization.config.ProviderSettings)30 ChronoUnit (java.time.temporal.ChronoUnit)29 Before (org.junit.Before)29 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)29
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial