Examples with OAuth2TokenRevocationAuthenticationToken org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken used on opensource projects

Search in sources :

Example 1 with OAuth2TokenRevocationAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationAuthenticationProviderTests method authenticateWhenInvalidTokenThenNotRevoked.

@Test
public void authenticateWhenInvalidTokenThenNotRevoked() {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken("token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
    OAuth2TokenRevocationAuthenticationToken authenticationResult = (OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
    assertThat(authenticationResult.isAuthenticated()).isFalse();
    verify(this.authorizationService, never()).save(any());
}
Also used : RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 2 with OAuth2TokenRevocationAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilterTests method doFilterWhenCustomAuthenticationSuccessHandlerThenUsed.

@Test
public void doFilterWhenCustomAuthenticationSuccessHandlerThenUsed() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofHours(1)), new HashSet<>(Arrays.asList("scope1", "scope2")));
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = new OAuth2TokenRevocationAuthenticationToken(accessToken, clientPrincipal);
    AuthenticationSuccessHandler authenticationSuccessHandler = mock(AuthenticationSuccessHandler.class);
    this.filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
    when(this.authenticationManager.authenticate(any())).thenReturn(tokenRevocationAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createTokenRevocationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), any());
}
Also used : AuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler) OAuth2TokenRevocationAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 3 with OAuth2TokenRevocationAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationTests method requestWhenTokenRevocationEndpointCustomizedThenUsed.

@Test
public void requestWhenTokenRevocationEndpointCustomizedThenUsed() throws Exception {
    this.spring.register(AuthorizationServerConfigurationCustomTokenRevocationEndpoint.class).autowire();
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    this.registeredClientRepository.save(registeredClient);
    OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
    OAuth2AccessToken token = authorization.getAccessToken().getToken();
    OAuth2TokenType tokenType = OAuth2TokenType.ACCESS_TOKEN;
    this.authorizationService.save(authorization);
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = new OAuth2TokenRevocationAuthenticationToken(token, clientPrincipal);
    when(authenticationConverter.convert(any())).thenReturn(tokenRevocationAuthentication);
    when(authenticationProvider.supports(eq(OAuth2TokenRevocationAuthenticationToken.class))).thenReturn(true);
    when(authenticationProvider.authenticate(any())).thenReturn(tokenRevocationAuthentication);
    this.mvc.perform(post(DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI).params(getTokenRevocationRequestParameters(token, tokenType)).header(HttpHeaders.AUTHORIZATION, "Basic " + encodeBasicAuth(registeredClient.getClientId(), registeredClient.getClientSecret()))).andExpect(status().isOk());
    verify(authenticationConverter).convert(any());
    verify(authenticationProvider).authenticate(eq(tokenRevocationAuthentication));
    verify(authenticationSuccessHandler).onAuthenticationSuccess(any(), any(), eq(tokenRevocationAuthentication));
}
Also used : OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType) OAuth2TokenRevocationAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) Authentication(org.springframework.security.core.Authentication) OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 4 with OAuth2TokenRevocationAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilterTests method doFilterWhenTokenRevocationRequestValidThenSuccessResponse.

@Test
public void doFilterWhenTokenRevocationRequestValidThenSuccessResponse() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofHours(1)), new HashSet<>(Arrays.asList("scope1", "scope2")));
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = new OAuth2TokenRevocationAuthenticationToken(accessToken, clientPrincipal);
    when(this.authenticationManager.authenticate(any())).thenReturn(tokenRevocationAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createTokenRevocationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verifyNoInteractions(filterChain);
    verify(this.authenticationManager).authenticate(any());
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
Also used : OAuth2TokenRevocationAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Example 5 with OAuth2TokenRevocationAuthenticationToken

use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationEndpointFilterTests method doFilterWhenCustomAuthenticationConverterThenUsed.

@Test
public void doFilterWhenCustomAuthenticationConverterThenUsed() throws Exception {
    RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
    Authentication clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
    OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plus(Duration.ofHours(1)), new HashSet<>(Arrays.asList("scope1", "scope2")));
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = new OAuth2TokenRevocationAuthenticationToken(accessToken, clientPrincipal);
    AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
    when(authenticationConverter.convert(any())).thenReturn(tokenRevocationAuthentication);
    this.filter.setAuthenticationConverter(authenticationConverter);
    when(this.authenticationManager.authenticate(any())).thenReturn(tokenRevocationAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(clientPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest request = createTokenRevocationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    verify(authenticationConverter).convert(any());
}
Also used : AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter) OAuth2TokenRevocationAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2ClientAuthenticationToken(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient) Test(org.junit.Test)

Aggregations

RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)11 Test (org.junit.Test)10 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)6 OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)5 Authentication (org.springframework.security.core.Authentication)4 OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)4 OAuth2ClientAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)4 OAuth2TokenRevocationAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken)4 FilterChain (javax.servlet.FilterChain)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)2 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1 AbstractOAuth2Token (org.springframework.security.oauth2.core.AbstractOAuth2Token)1 OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)1 AuthenticationConverter (org.springframework.security.web.authentication.AuthenticationConverter)1 AuthenticationSuccessHandler (org.springframework.security.web.authentication.AuthenticationSuccessHandler)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial