use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.
the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenActiveTokenThenOk.
@Test
public void authenticateWhenActiveTokenThenOk() throws Exception {
OAuth2AuthenticatedPrincipal authority = TestOAuth2AuthenticatedPrincipals.active((attributes) -> attributes.put("extension_field", "twenty-seven"));
ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
given(introspector.introspect(any())).willReturn(Mono.just(authority));
OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
// @formatter:off
assertThat(attributes).isNotNull().containsEntry(OAuth2TokenIntrospectionClaimNames.ACTIVE, true).containsEntry(OAuth2TokenIntrospectionClaimNames.AUD, Arrays.asList("https://protected.example.net/resource")).containsEntry(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, "l238j323ds-23ij4").containsEntry(OAuth2TokenIntrospectionClaimNames.EXP, Instant.ofEpochSecond(1419356238)).containsEntry(OAuth2TokenIntrospectionClaimNames.ISS, new URL("https://server.example.com/")).containsEntry(OAuth2TokenIntrospectionClaimNames.NBF, Instant.ofEpochSecond(29348723984L)).containsEntry(OAuth2TokenIntrospectionClaimNames.SCOPE, Arrays.asList("read", "write", "dolphin")).containsEntry(OAuth2TokenIntrospectionClaimNames.SUB, "Z5O3upPC88QrAjx00dis").containsEntry(OAuth2TokenIntrospectionClaimNames.USERNAME, "jdoe").containsEntry("extension_field", "twenty-seven");
assertThat(result.getAuthorities()).extracting("authority").containsExactly("SCOPE_read", "SCOPE_write", "SCOPE_dolphin");
// @formatter:on
}
use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.
the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenMissingScopeAttributeThenNoAuthorities.
@Test
public void authenticateWhenMissingScopeAttributeThenNoAuthorities() {
OAuth2AuthenticatedPrincipal authority = new OAuth2IntrospectionAuthenticatedPrincipal(Collections.singletonMap("claim", "value"), null);
ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
given(introspector.introspect(any())).willReturn(Mono.just(authority));
OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
Authentication result = provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
assertThat(result.getPrincipal()).isInstanceOf(OAuth2IntrospectionAuthenticatedPrincipal.class);
Map<String, Object> attributes = ((OAuth2AuthenticatedPrincipal) result.getPrincipal()).getAttributes();
assertThat(attributes).isNotNull().doesNotContainKey(OAuth2TokenIntrospectionClaimNames.SCOPE);
assertThat(result.getAuthorities()).isEmpty();
}
use of org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager in project spring-security by spring-projects.
the class OpaqueTokenReactiveAuthenticationManagerTests method authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken.
@Test
public void authenticateWhenIntrospectionEndpointThrowsExceptionThenInvalidToken() {
ReactiveOpaqueTokenIntrospector introspector = mock(ReactiveOpaqueTokenIntrospector.class);
given(introspector.introspect(any())).willReturn(Mono.error(new OAuth2IntrospectionException("with \"invalid\" chars")));
OpaqueTokenReactiveAuthenticationManager provider = new OpaqueTokenReactiveAuthenticationManager(introspector);
assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(() -> provider.authenticate(new BearerTokenAuthenticationToken("token")).block());
}
Aggregations