Examples of org.springframework.security.oauth2.config.annotation.authentication.configurers.InMemoryClientDetailsServiceConfigurer

• org.springframework.security.oauth2.provider.OAuth2Request
  @author Rob Winch

  public String revoke(@RequestParam("token") String tokenValue, @RequestParam(value = "token_type_hint", required = false) String tokenType, Principal principal, Model model) {

    // This is the token as passed in from OAuth (in case we need it some day)
    //OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal);

    OAuth2Request authRequest = null;
    if (principal instanceof OAuth2Authentication) {
      // if the client is acting on its own behalf (the common case), pull out the client authorization request
      authRequest = ((OAuth2Authentication) principal).getOAuth2Request();
    }

    try {
      // check and handle access tokens first

      OAuth2AccessTokenEntity accessToken = tokenServices.readAccessToken(tokenValue);
      if (authRequest != null) {
        // client acting on its own, make sure it owns the token
        if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) {
          // trying to revoke a token we don't own, throw a 403
          model.addAttribute("code", HttpStatus.FORBIDDEN);
          return HttpCodeView.VIEWNAME;
        }
      }

      // if we got this far, we're allowed to do this
      tokenServices.revokeAccessToken(accessToken);
      model.addAttribute("code", HttpStatus.OK);
      return HttpCodeView.VIEWNAME;

    } catch (InvalidTokenException e) {

      // access token wasn't found, check the refresh token

      try {
        OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
        if (authRequest != null) {
          // client acting on its own, make sure it owns the token
          if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
            // trying to revoke a token we don't own, throw a 403
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return HttpCodeView.VIEWNAME;
          }
        }

                            currentId = reader.nextLong();
                        } else if (name.equals("ownerId")) {
                            //not needed
                            reader.skipValue();
                        } else if (name.equals("authentication")) {
                            OAuth2Request clientAuthorization = null;
                            Authentication userAuthentication = null;
                            reader.beginObject();
                            while (reader.hasNext()) {
                                switch (reader.peek()) {
                                    case END_OBJECT:

    Mockito.reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer);



    authentication = Mockito.mock(OAuth2Authentication.class);
    OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null);
    Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth);

    client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getClientId()).thenReturn(clientId);
    Mockito.when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(client);

                    reader.skipValue();
                    continue;
            }
        }
        reader.endObject();
        return new OAuth2Request(authorizationParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, null);
    }

   * Tests the creation of access tokens for clients that are allowed to have refresh tokens.
   */
  @Test
  public void createAccessToken_yesRefresh() {

    OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, Sets.newHashSet(SystemScopeService.OFFLINE_ACCESS), null, null, null, null);
    Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth);
    Mockito.when(client.isAllowRefresh()).thenReturn(true);

    OAuth2AccessTokenEntity token = service.createAccessToken(authentication);

    private OAuth2Request request(String clientId) {
        return request(clientId, null);
    }

    private OAuth2Request request(String clientId, Set<String> scopes) {
        return new OAuth2Request(null, clientId, null, true, scopes, null, null, null, null);
    }

      scopes.addAll(OAuth2Utils.parseParameterList(token.get("scope").getAsString()));
    }
    Map<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("scope", OAuth2Utils.formatParameterList(scopes));
    OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, null, true, scopes, null, null, null, null);
    return storedRequest;
  }

  @Override
  public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,  OAuth2Authentication authentication) {

    OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) accessToken;
    OAuth2Request originalAuthRequest = authentication.getOAuth2Request();

    String clientId = originalAuthRequest.getClientId();
    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    JWTClaimsSet claims = new JWTClaimsSet();

    claims.setAudience(Lists.newArrayList(clientId));

    claims.setIssuer(configBean.getIssuer());

    claims.setIssueTime(new Date());

    claims.setExpirationTime(token.getExpiration());

    claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it

    JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();

    SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);

    jwtService.signJwt(signed);

    token.setJwt(signed);

    /**
     * Authorization request scope MUST include "openid" in OIDC, but access token request
     * may or may not include the scope parameter. As long as the AuthorizationRequest
     * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise,
     * we consider it to be a vanilla OAuth2 request.
     *
     * Also, there must be a user authentication involved in the request for it to be considered
     * OIDC and not OAuth, so we check for that as well.
     */
    if (originalAuthRequest.getScope().contains("openid")
        && !authentication.isClientOnly()) {

      String username = authentication.getName();
      UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);

        assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
    }

    @Test
    public void testExportAuthenticationHolders() throws IOException {
        OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://foo.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1);

        AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity();
        holder1.setId(1L);
        holder1.setAuthentication(auth1);

        OAuth2Request req2 = new OAuth2Request(new HashMap<String, String>(), "client2", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://bar.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2);

    assertThat(checked.containsAll(allAuthHolders), is(true));
    }

    @Test
    public void testImportAuthenticationHolders() throws IOException {
        OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://foo.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1);

        AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity();
        holder1.setId(1L);
        holder1.setAuthentication(auth1);

        OAuth2Request req2 = new OAuth2Request(new HashMap<String, String>(), "client2", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://bar.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2);