Example 11 with BearerTokenAuthentication
use of org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication in project spring-security by spring-projects.
the class TestBearerTokenAuthentications method bearer.
public static BearerTokenAuthentication bearer() {
Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("SCOPE_USER");
OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(Collections.singletonMap("sub", "user"), authorities);
OAuth2AccessToken token = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", Instant.now(), Instant.now().plusSeconds(86400), new HashSet<>(Arrays.asList("USER")));
return new BearerTokenAuthentication(principal, token, authorities);
}
Also used :
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
Example 12 with BearerTokenAuthentication
use of org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication in project spring-security by spring-projects.
the class BearerTokenAuthenticationTests method getNameWhenHasNoSubjectThenReturnsNull.
@Test
public void getNameWhenHasNoSubjectThenReturnsNull() {
OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
BearerTokenAuthentication authenticated = new BearerTokenAuthentication(principal, this.token, null);
assertThat(authenticated.getName()).isNull();
}
Also used :
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
Test(org.junit.jupiter.api.Test)
Example 13 with BearerTokenAuthentication
use of org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication in project spring-security by spring-projects.
the class BearerTokenAuthenticationTests method constructorWhenDefaultParametersThenSetsPrincipalToAttributesCopy.
// gh-6843
@Test
public void constructorWhenDefaultParametersThenSetsPrincipalToAttributesCopy() {
JSONObject attributes = new JSONObject();
attributes.put("active", true);
OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, null);
BearerTokenAuthentication token = new BearerTokenAuthentication(principal, this.token, null);
assertThat(token.getPrincipal()).isNotSameAs(attributes);
assertThat(token.getTokenAttributes()).isNotSameAs(attributes);
}
Also used :
JSONObject(net.minidev.json.JSONObject)
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
Test(org.junit.jupiter.api.Test)
Example 14 with BearerTokenAuthentication
use of org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication in project spring-security by spring-projects.
the class BearerTokenAuthenticationTests method toStringWhenAttributesContainsURLThenDoesNotFail.
// gh-6843
@Test
public void toStringWhenAttributesContainsURLThenDoesNotFail() throws Exception {
JSONObject attributes = new JSONObject(Collections.singletonMap("iss", new URL("https://idp.example.com")));
OAuth2AuthenticatedPrincipal principal = new DefaultOAuth2AuthenticatedPrincipal(attributes, null);
BearerTokenAuthentication token = new BearerTokenAuthentication(principal, this.token, null);
token.toString();
}
Also used :
JSONObject(net.minidev.json.JSONObject)
OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
DefaultOAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)
URL(java.net.URL)
Test(org.junit.jupiter.api.Test)
Example 15 with BearerTokenAuthentication
use of org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication in project spring-security by spring-projects.
the class JwtBearerTokenAuthenticationConverterTests method convertWhenJwtThenBearerTokenAuthentication.
@Test
public void convertWhenJwtThenBearerTokenAuthentication() {
// @formatter:off
Jwt jwt = Jwt.withTokenValue("token-value").claim("claim", "value").header("header", "value").build();
// @formatter:on
AbstractAuthenticationToken token = this.converter.convert(jwt);
assertThat(token).isInstanceOf(BearerTokenAuthentication.class);
BearerTokenAuthentication bearerToken = (BearerTokenAuthentication) token;
assertThat(bearerToken.getToken().getTokenValue()).isEqualTo("token-value");
assertThat(bearerToken.getTokenAttributes()).containsOnlyKeys("claim");
assertThat(bearerToken.getAuthorities()).isEmpty();
}
Also used :
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)14
OAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)10
DefaultOAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal)7
BearerTokenAuthentication (org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication)6
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)4
GrantedAuthority (org.springframework.security.core.GrantedAuthority)4
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)4
SecurityContext (org.springframework.security.core.context.SecurityContext)4
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)3
Jwt (org.springframework.security.oauth2.jwt.Jwt)3
List (java.util.List)2
JSONObject (net.minidev.json.JSONObject)2
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)2
MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)2
ReactiveAdapterRegistry (org.springframework.core.ReactiveAdapterRegistry)2
HttpHeaders (org.springframework.http.HttpHeaders)2
MediaType (org.springframework.http.MediaType)2
OAuth2TokenIntrospectionClaimNames (org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames)2
TestOAuth2AuthenticatedPrincipals (org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals)2
