Search in sources :

Example 1 with OpaqueTokenReactiveAuthenticationManager

use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.

the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenActiveTokenThenOk.

@Test
public void authenticateWhenActiveTokenThenOk() throws Exception {
    OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals.active((attributes) -> attributes.put("extension_field", "twenty-seven"));
    ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
    given(introspector.introspect(any())).willReturn(Mono.just(authority));
    OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
    Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
    assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
    Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
    // @formatter:off
    assertThat(attributes).isNotNull().containsEntry(OAuth2TokenIntrospectionClaimNames.ACTIVE, true).containsEntry(OAuth2TokenIntrospectionClaimNames.AUD, Arrays.asList("https://protected.example.net/resource")).containsEntry(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4").containsEntry(OAuth2TokenIntrospectionClaimNames.EXP, Instant.ofEpochSecond(1419356238)).containsEntry(OAuth2TokenIntrospectionClaimNames.ISS, new URL("https://server.example.com/")).containsEntry(OAuth2TokenIntrospectionClaimNames.NBF, Instant.ofEpochSecond(29348723984L)).containsEntry(OAuth2TokenIntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin")).containsEntry(OAuth2TokenIntrospectionClaimNames.SUB, "Z5O3upPC88QrAjx00dis").containsEntry(OAuth2TokenIntrospectionClaimNames.USERNAME, "jdoe").containsEntry("extension_field", "twenty-seven");
    assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin");
// @formatter:on
}
Also used : OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) Authentication(org.springframework.security.core.Authentication) ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 2 with OpaqueTokenReactiveAuthenticationManager

use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.

the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenMissingScopeAttributeThenNoAuthorities.

@Test
public void authenticateWhenMissingScopeAttributeThenNoAuthorities() {
    OAuth2AuthenticatedPrincipal authority = new OAuth2IntrospectionAuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
    ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
    given(introspector.introspect(any())).willReturn(Mono.just(authority));
    OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
    Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
    assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
    Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
    assertThat(attributes).isNotNull().doesNotContainKey(OAuth2TokenIntrospectionClaimNames.SCOPE);
    assertThat(result.getAuthorities()).isEmpty();
}
Also used : OAuth2IntrospectionAuthenticatedPrincipal(org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal) OAuth2AuthenticatedPrincipal(org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal) Authentication(org.springframework.security.core.Authentication) ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 3 with OpaqueTokenReactiveAuthenticationManager

use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.

the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken.

@Test
public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
    ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
    given(introspector.introspect(any())).willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
    OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
    assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block());
}
Also used : OAuth2IntrospectionException(org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException) ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)3 BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)3 ReactiveOpaqueTokenIntrospector (org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector)3 Authentication (org.springframework.security.core.Authentication)2 OAuth2AuthenticatedPrincipal (org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal)2 URL (java.net.URL)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 OAuth2IntrospectionAuthenticatedPrincipal (org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal)1 OAuth2IntrospectionException (org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException)1