Examples of org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails

• org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails
  @author Ryan Heaton @author Dave Syer

    }
    return null;
  }

  private OAuth2AccessToken createToken(String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();
    try {
      return provider.obtainAccessToken(resource, request);

      throw cfEx;
    }
  }

  private OAuth2AccessToken refreshToken(OAuth2AccessToken currentToken, String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();

    return provider.refreshAccessToken(resource, currentToken.getRefreshToken(), request);

    return null;
  }

  private OAuth2AccessToken createToken(String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();
    try {
      return provider.obtainAccessToken(resource, request);
    }

    }
  }

  private OAuth2AccessToken refreshToken(OAuth2AccessToken currentToken, String username, String password, String clientId, String clientSecret) {
    OAuth2ProtectedResourceDetails resource = getResourceDetails(username, password, clientId, clientSecret);
    AccessTokenRequest request = createAccessTokenRequest(username, password);

    ResourceOwnerPasswordAccessTokenProvider provider = createResourceOwnerPasswordAccessTokenProvider();

    return provider.refreshAccessToken(resource, currentToken.getRefreshToken(), request);
  }

  }

  private AccessTokenRequest createAccessTokenRequest(String username, String password) {
    Map<String, String> parameters = new LinkedHashMap<String, String>();
    parameters.put("credentials", String.format("{\"username\":\"%s\",\"password\":\"%s\"}", username, password));
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAll(parameters);

    return request;
  }

  }

  private AccessTokenRequest createAccessTokenRequest(String username, String password) {
    Map<String, String> parameters = new LinkedHashMap<String, String>();
    parameters.put("credentials", String.format("{\"username\":\"%s\",\"password\":\"%s\"}", username, password));
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAll(parameters);

    return request;
  }

    return new OAuth2RestTemplate(resource(), oauth2ClientContext);
  }

  @Bean
  protected OAuth2ProtectedResourceDetails resource() {
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    resource.setAccessTokenUri(tokenUrl);
    resource.setUserAuthorizationUri(authorizeUrl);
    resource.setClientId("my-trusted-client");
    return resource ;
  }

  }

  @Test
  @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false)
  public void testInsufficientScopeInResourceRequest() throws Exception {
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
    resource.setScope(Arrays.asList("trust"));
    approveAccessTokenGrant("http://anywhere?key=value", true);
    assertNotNull(context.getAccessToken());
    try {
      serverRunning.getForString("/sparklr2/photos?format=json");
      fail("Should have thrown exception");

  }

  private void approveAccessTokenGrant(String currentUri, boolean approved) {

    AccessTokenRequest request = context.getAccessTokenRequest();
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();

    request.setCookie(cookie);
    if (currentUri != null) {
      request.setCurrentUri(currentUri);
    }

    String location = null;

    try {
      // First try to obtain the access token...
      assertNotNull(context.getAccessToken());
      fail("Expected UserRedirectRequiredException");
    }
    catch (UserRedirectRequiredException e) {
      // Expected and necessary, so that the correct state is set up in the request...
      location = e.getRedirectUri();
    }

    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());

    try {
      // Now try again and the token provider will redirect for user approval...
      assertNotNull(context.getAccessToken());
      fail("Expected UserRedirectRequiredException");
    }
    catch (UserApprovalRequiredException e) {
      // Expected and necessary, so that the user can approve the grant...
      location = e.getApprovalUri();
    }

    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());

    // The approval (will be processed on the next attempt to obtain an access token)...
    request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);

public class AuthorizationCodeProviderTests extends AbstractAuthorizationCodeProviderTests {

  @Test
  @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false)
  public void testInsufficientScopeInResourceRequest() throws Exception {
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
    resource.setScope(Arrays.asList("trust"));
    approveAccessTokenGrant("http://anywhere?key=value", true);
    assertNotNull(context.getAccessToken());
    try {
      http.getForString("/admin/beans");
      fail("Should have thrown exception");