Package org.springframework.security.oauth2.common

Examples of org.springframework.security.oauth2.common.OAuth2RefreshToken


  private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) {
    assertEquals(expected.getTokenType(), actual.getTokenType());
    assertEquals(expected.getValue(), actual.getValue());

    OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken();
    if (expectedRefreshToken == null) {
      assertNull(actual.getRefreshToken());
    }
    else {
      assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue());
    }
    assertEquals(expected.getScope(), actual.getScope());
    Date expectedExpiration = expected.getExpiration();
    if (expectedExpiration == null) {
      assertNull(actual.getExpiration());
View Full Code Here


    });
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(
        "id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(
        expectedAuthentication);
    OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
    // Make it expire (and rely on mutable state in volatile token store)
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    // create another access token
    OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication);
    assertFalse("The new access token should be different",
        firstAccessToken.getValue().equals(secondAccessToken.getValue()));
    assertEquals("The new access token should have the same refresh token",
        expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue());
    // refresh access token with refresh token

    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id",
        Collections.singleton("read"), null);
    getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals(1, getAccessTokenCount());
  }
View Full Code Here

  @Test
  public void testRefreshTokenMaintainsState() throws Exception {
    getTokenServices().setSupportRefreshToken(true);
    OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
    OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(
        expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertNotNull(refreshedAccessToken);
    assertEquals(1, getAccessTokenCount());
  }
View Full Code Here

  @Test
  public void testNotReuseRefreshTokenMaintainsState() throws Exception {
    getTokenServices().setSupportRefreshToken(true);
    getTokenServices().setReuseRefreshToken(false);
    OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
    OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(
        expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertNotNull(refreshedAccessToken);
    assertEquals(1, getRefreshTokenCount());
  }
View Full Code Here

    DefaultOAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken("testToken",
        new Date());
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
    getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);

    OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken("testToken");
    assertEquals(expectedExpiringRefreshToken, actualExpiringRefreshToken);
    assertEquals(expectedAuthentication, getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
    getTokenStore().removeRefreshToken(expectedExpiringRefreshToken);
    assertNull(getTokenStore().readRefreshToken("testToken"));
    assertNull(getTokenStore().readAuthentication(expectedExpiringRefreshToken.getValue()));
View Full Code Here

    assertFalse(storedOAuth2Request.equals(getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getOAuth2Request()));
  }

  @Test
  public void testRemoveRefreshToken() {
    OAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken("testToken",
        new Date());
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
    getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
    getTokenStore().removeRefreshToken(expectedExpiringRefreshToken);
   
View Full Code Here

        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }


        JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();

        if (client.getRequestObjectSigningAlg() == null ||
            !client.getRequestObjectSigningAlg().equals(alg)) {
          throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
        }

        if (alg.equals(JWSAlgorithm.RS256)
            || alg.equals(JWSAlgorithm.RS384)
            || alg.equals(JWSAlgorithm.RS512)) {

          // it's RSA, need to find the JWK URI and fetch the key

          if (client.getJwksUri() == null) {
            throw new InvalidClientException("Client must have a JWKS URI registered to use signed request objects.");
          }

          // check JWT signature
          JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());

          if (validator == null) {
            throw new InvalidClientException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
          }

          if (!validator.validateSignature(signedJwt)) {
            throw new InvalidClientException("Signature did not validate for presented JWT request object.");
          }
        } else if (alg.equals(JWSAlgorithm.HS256)
            || alg.equals(JWSAlgorithm.HS384)
            || alg.equals(JWSAlgorithm.HS512)) {

          // it's HMAC, we need to make a validator based on the client secret

          JwtSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);

          if (validator == null) {
            throw new InvalidClientException("Unable to create signature validator for client's secret: " + client.getClientSecret());
          }

          if (!validator.validateSignature(signedJwt)) {
            throw new InvalidClientException("Signature did not validate for presented JWT request object.");
          }


        }


      } else if (jwt instanceof PlainJWT) {
        PlainJWT plainJwt = (PlainJWT)jwt;

        // need to check clientId first so that we can load the client to check other fields
        if (request.getClientId() == null) {
          request.setClientId(plainJwt.getJWTClaimsSet().getStringClaim("client_id"));
        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }

        if (client.getRequestObjectSigningAlg() == null) {
          throw new InvalidClientException("Client is not registered for unsigned request objects (no request_object_signing_alg registered)");
        } else if (!client.getRequestObjectSigningAlg().equals(Algorithm.NONE)) {
          throw new InvalidClientException("Client is not registered for unsigned request objects (request_object_signing_alg is " + client.getRequestObjectSigningAlg() +")");
        }

        // if we got here, we're OK, keep processing

      } else if (jwt instanceof EncryptedJWT) {

        EncryptedJWT encryptedJWT = (EncryptedJWT)jwt;

        // decrypt the jwt if we can

        encryptionService.decryptJwt(encryptedJWT);

        // TODO: what if the content is a signed JWT? (#525)

        if (!encryptedJWT.getState().equals(State.DECRYPTED)) {
          throw new InvalidClientException("Unable to decrypt the request object");
        }

        // need to check clientId first so that we can load the client to check other fields
        if (request.getClientId() == null) {
          request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim("client_id"));
        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }


      }
View Full Code Here

    OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue);

    if (incomingToken.getScope().contains(SystemScopeService.ID_TOKEN_SCOPE)) {

      if (!client.getClientId().equals(tokenRequest.getClientId())) {
        throw new InvalidClientException("Not the right client for this token");
      }

      // it's an ID token, process it accordingly

      try {
View Full Code Here

        JWSAlgorithm alg = jws.getHeader().getAlgorithm();

        if (client.getTokenEndpointAuthSigningAlg() != null &&
            !client.getTokenEndpointAuthSigningAlg().equals(alg)) {
          throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
        }

        if (client.getTokenEndpointAuthMethod() == null ||
            client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE) ||
            client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
View Full Code Here

      OAuth2Request clientAuth = authentication.getOAuth2Request();

      ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());

      if (client == null) {
        throw new InvalidClientException("Client not found: " + clientAuth.getClientId());
      }

      OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();

      // attach the client
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.common.OAuth2RefreshToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.